X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_smime/lib/cmscipher.c?ds=sidebyside

diff --git a/OSX/libsecurity_smime/lib/cmscipher.c b/OSX/libsecurity_smime/lib/cmscipher.c
index 02ec0873..d511920a 100644
--- a/OSX/libsecurity_smime/lib/cmscipher.c
+++ b/OSX/libsecurity_smime/lib/cmscipher.c
@@ -102,9 +102,11 @@ DER_GetInteger(SECItem *it)
     unsigned char *cp = it->Data;
     unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1);
     unsigned long ofloinit;
+    bool isNegative = false;
 
-    if (*cp & 0x80)
-        ival = -1L;
+    if (*cp & 0x80) {
+        isNegative = true;
+    }
     ofloinit = ival & overflow;
 
     while (len) {
@@ -119,6 +121,10 @@ DER_GetInteger(SECItem *it)
         ival |= *cp++;
         --len;
     }
+
+    if (isNegative) {
+        ival *= -1L;
+    }
     return ival;
 }
 
@@ -283,6 +289,7 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith
 	    newParams = SEC_ASN1EncodeItem (poolp, &algid->parameters, &rc2,
 				sec_rc2cbc_parameter_template);
 	    PORT_Free(rc2.rc2ParameterVersion.Data);
+            rc2.rc2ParameterVersion.Data = NULL;
 	    if (newParams == NULL)
 		goto loser;
 	    break;
@@ -322,10 +329,12 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith
 		goto loser;
 	    if (initVector.Length != iv.Length) {
 		PORT_Free(iv.Data);
+                iv.Data = NULL;
 		goto loser;
 	    }
 	    memcpy(initVector.Data, iv.Data, initVector.Length);
 	    PORT_Free(iv.Data);
+            iv.Data = NULL;
 	    break;
 	}
 	case SEC_OID_RC2_CBC:
@@ -340,14 +349,18 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith
 
 	    if (initVector.Length != rc2.iv.Length) {
 		PORT_Free(rc2.iv.Data);
+                rc2.iv.Data = NULL;
 		PORT_Free(rc2.rc2ParameterVersion.Data);
+                rc2.rc2ParameterVersion.Data = NULL;
 		goto loser;
 	    }
 	    memcpy(initVector.Data, rc2.iv.Data, initVector.Length);
 	    PORT_Free(rc2.iv.Data);
+            rc2.iv.Data = NULL;
 
 	    ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
 	    PORT_Free(rc2.rc2ParameterVersion.Data);
+            rc2.rc2ParameterVersion.Data = NULL;
 	    if (ulEffectiveBits != cssmKey->KeyHeader.LogicalKeySizeInBits)
 		goto loser;
 	    break;