X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_smime/lib/cmsencode.c

diff --git a/OSX/libsecurity_smime/lib/cmsencode.c b/OSX/libsecurity_smime/lib/cmsencode.c
index 2d0e51e6..04d20168 100644
--- a/OSX/libsecurity_smime/lib/cmsencode.c
+++ b/OSX/libsecurity_smime/lib/cmsencode.c
@@ -140,7 +140,6 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth)
     SecCmsEncoderRef p7ecx;
     SecCmsContentInfoRef rootcinfo, cinfo;
     Boolean after = !before;
-    PLArenaPool *poolp;
     SECOidTag childtype;
     CSSM_DATA_PTR item;
 
@@ -148,7 +147,6 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth)
     PORT_Assert(p7ecx != NULL);
 
     rootcinfo = &(p7ecx->cmsg->contentInfo);
-    poolp = p7ecx->cmsg->poolp;
 
 #ifdef CMSDEBUG
     fprintf(stderr, "%6.6s, dest = %p, depth = %d\n", before ? "before" : "after", dest, depth);
@@ -195,8 +193,10 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth)
 	    /* we're right before encoding the data (if we have some or not) */
 	    /* (for encrypted data, we're right before the contentEncAlg which may change */
 	    /*  in nss_cms_before_data because of IV calculation when setting up encryption) */
-	    if (nss_cms_before_data(p7ecx) != SECSuccess)
-		p7ecx->error = PORT_GetError();
+            if (nss_cms_before_data(p7ecx) != SECSuccess) {
+                p7ecx->error = PORT_GetError();
+                PORT_SetError(0); // Clean the thread error since we've returned the error
+            }
 	}
 	if (before && dest == &(cinfo->rawContent)) {
 	    if ( ((childtype == SEC_OID_PKCS7_DATA) || (childtype == SEC_OID_OTHER)) &&
@@ -208,8 +208,10 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth)
 		SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
 	}
 	if (after && dest == &(cinfo->rawContent)) {
-	    if (nss_cms_after_data(p7ecx) != SECSuccess)
-		p7ecx->error = PORT_GetError();
+            if (nss_cms_after_data(p7ecx) != SECSuccess) {
+                p7ecx->error = PORT_GetError();
+                PORT_SetError(0); // Clean the thread error since we've returned the error
+            }
 	    SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx);	/* no need to get notified anymore */
 	}
 	break;
@@ -225,12 +227,9 @@ nss_cms_before_data(SecCmsEncoderRef p7ecx)
     OSStatus rv;
     SECOidTag childtype;
     SecCmsContentInfoRef cinfo;
-    PLArenaPool *poolp;
     SecCmsEncoderRef childp7ecx;
     const SecAsn1Template *template;
 
-    poolp = p7ecx->cmsg->poolp;
-
     /* call _Encode_BeforeData handlers */
     switch (p7ecx->type) {
     case SEC_OID_PKCS7_SIGNED_DATA:
@@ -533,6 +532,9 @@ SecCmsEncoderCreate(SecCmsMessageRef cmsg,
     OSStatus result;
     SecCmsContentInfoRef cinfo;
 
+    /* Clear the thread error to clean up dirty threads */
+    PORT_SetError(0);
+
     SecCmsMessageSetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg,
 					detached_digestalgs, detached_digests);
 
@@ -569,8 +571,11 @@ SecCmsEncoderCreate(SecCmsMessageRef cmsg,
 	result = paramErr;
 	break;
     }
-    if (result)
+
+    if (result) {
+        PORT_Free(p7ecx);
         goto loser;
+    }
 
     /* Initialize the BER encoder.
      * Note that this will not encode anything until the first call to SEC_ASN1EncoderUpdate */
@@ -578,7 +583,8 @@ SecCmsEncoderCreate(SecCmsMessageRef cmsg,
                                       nss_cms_encoder_out, &(p7ecx->output));
     if (p7ecx->ecx == NULL) {
         result = PORT_GetError();
-	PORT_Free (p7ecx);
+	PORT_Free(p7ecx);
+        PORT_SetError(0); // Clean the thread error since we've returned the error
         goto loser;
     }
     p7ecx->ecxupdated = PR_FALSE;
@@ -599,7 +605,8 @@ SecCmsEncoderCreate(SecCmsMessageRef cmsg,
      * a child encoder). */
     if (SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0) != SECSuccess) {
         result = PORT_GetError();
-	PORT_Free (p7ecx);
+	PORT_Free(p7ecx);
+        PORT_SetError(0); // Clean the thread error since we've returned the error
         goto loser;
     }
 
@@ -625,6 +632,10 @@ SecCmsEncoderUpdate(SecCmsEncoderRef p7ecx, const void *data, CFIndex len)
     SecCmsContentInfoRef cinfo;
     SECOidTag childtype;
 
+    if (!p7ecx) {
+        return errSecParam;
+    }
+
     if (p7ecx->error)
 	return p7ecx->error;
 
@@ -645,8 +656,10 @@ SecCmsEncoderUpdate(SecCmsEncoderRef p7ecx, const void *data, CFIndex len)
 
 	/*  hand it the data so it can encode it (let DER trickle up the chain) */
 	result = nss_cms_encoder_work_data(p7ecx, NULL, (const unsigned char *)data, len, PR_FALSE, PR_TRUE);
-        if (result)
+        if (result) {
             result = PORT_GetError();
+            PORT_SetError(0); // Clean the thread error since we've returned the error
+        }
     }
     return result;
 }
@@ -752,6 +765,7 @@ SecCmsEncoderFinish(SecCmsEncoderRef p7ecx)
 loser:
     SEC_ASN1EncoderFinish(p7ecx->ecx);
     PORT_Free (p7ecx);
+    PORT_SetError(0); // Clean the thread error since we've returned the error
     return result;
 }