Security-57740.31.2.tar.gz

[apple/security.git] / libsecurity_smime / lib / cmsutil.c

diff --git a/libsecurity_smime/lib/cmsutil.c b/libsecurity_smime/lib/cmsutil.c
index 31117217d6b04acbe2d099471e25d4b0ece60ff9..9ed5d17332c27001d640945c8cc51b6e285450c2 100644 (file)
--- a/libsecurity_smime/lib/cmsutil.c
+++ b/libsecurity_smime/lib/cmsutil.c
@@ -91,6 +91,10 @@ SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **obj
      * Allocate arrays to hold the individual encodings which we will use
      * for comparisons and the reordered attributes as they are sorted.
      */
+    // Security check to prevent under-allocation
+    if (num_objs<0 || num_objs>=(int)((INT_MAX/sizeof(SecAsn1Item *))-1)) {
+        goto loser;
+    }
     enc_objs = (SecAsn1Item **)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(SecAsn1Item *));
     if (enc_objs == NULL)
        goto loser;
@@ -314,6 +318,23 @@ SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg)
          default:
            return SEC_OID_UNKNOWN;
        }
+      case SEC_OID_EC_PUBLIC_KEY:
+        switch(hashalg) {
+          /*
+           * Note this is only used when signing and verifying signed attributes,
+           * In which case we really do want the combined ECDSA_WithSHA1 alg...
+           */
+          case SEC_OID_SHA1:
+            return SEC_OID_ECDSA_WithSHA1;
+          case SEC_OID_SHA256:
+            return SEC_OID_ECDSA_WITH_SHA256;
+          case SEC_OID_SHA384:
+            return SEC_OID_ECDSA_WITH_SHA384;
+          case SEC_OID_SHA512:
+            return SEC_OID_ECDSA_WITH_SHA512;
+          default:
+            return SEC_OID_UNKNOWN;
+        }
       default:
        break;
     }