X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..914fc88e61be54aed6b18205ff2775b48793a3b6:/OSX/libsecurity_smime/lib/cmssigdata.c?ds=sidebyside diff --git a/OSX/libsecurity_smime/lib/cmssigdata.c b/OSX/libsecurity_smime/lib/cmssigdata.c index 6e85d7b5..474d7633 100644 --- a/OSX/libsecurity_smime/lib/cmssigdata.c +++ b/OSX/libsecurity_smime/lib/cmssigdata.c @@ -440,9 +440,9 @@ SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd) /* did we have digest calculation going on? */ if (cinfo->digcx) { rv = SecCmsDigestContextFinishMultiple(cinfo->digcx, (SecArenaPoolRef)poolp, &(sigd->digests)); + cinfo->digcx = NULL; if (rv != SECSuccess) goto loser; /* error has been set by SecCmsDigestContextFinishMultiple */ - cinfo->digcx = NULL; } signerinfos = sigd->signerInfos; @@ -617,8 +617,10 @@ SecCmsSignedDataDecodeAfterData(SecCmsSignedDataRef sigd) { /* did we have digest calculation going on? */ if (sigd->contentInfo.digcx) { - if (SecCmsDigestContextFinishMultiple(sigd->contentInfo.digcx, (SecArenaPoolRef)sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess) + if (SecCmsDigestContextFinishMultiple(sigd->contentInfo.digcx, (SecArenaPoolRef)sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess) { + sigd->contentInfo.digcx = NULL; return SECFailure; /* error has been set by SecCmsDigestContextFinishMultiple */ + } sigd->contentInfo.digcx = NULL; } return SECSuccess; @@ -634,6 +636,10 @@ SecCmsSignedDataDecodeAfterEnd(SecCmsSignedDataRef sigd) SecCmsSignerInfoRef *signerinfos; int i; + if (!sigd) { + return SECFailure; + } + signerinfos = sigd->signerInfos; /* set cmsg and sigd backpointers for all the signerinfos */ @@ -772,16 +778,7 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, contentType = SecCmsContentInfoGetContentTypeOID(cinfo); /* verify signature */ -#if SECTRUST_OSX -#warning STU: - // timestamp policy is currently unsupported; use codesign policy only - #if !NDEBUG - syslog(LOG_ERR, "SecCmsSignedDataVerifySignerInfo: using codesign policy without timestamp verification"); - #endif - CFTypeRef timeStampPolicies=SecPolicyCreateWithProperties(kSecPolicyAppleCodeSigning, NULL); -#else CFTypeRef timeStampPolicies=SecPolicyCreateAppleTimeStampingAndRevocationPolicies(policies); -#endif status = SecCmsSignerInfoVerifyWithPolicy(signerinfo, timeStampPolicies, digest, contentType); CFReleaseSafe(timeStampPolicies); @@ -790,10 +787,6 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, status2 = SecCmsSignerInfoVerifyCertificate(signerinfo, keychainOrArray, policies, trustRef); dprintf("SecCmsSignedDataVerifySignerInfo: status %d status2 %d\n", (int) status, (int)status2); - if(status || status2) { - syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: status %d status2 %d.", (int) status, (int)status2); - syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: verify status %d", signerinfo->verificationStatus); - } /* The error from SecCmsSignerInfoVerify() supercedes error from SecCmsSignerInfoVerifyCertificate(). */ if (status) return status; @@ -965,11 +958,11 @@ SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedDataRef sigd, SECOidTag algtag) { int idx; - if(sigd->digests == NULL) { - return NULL; - } + if(sigd == NULL || sigd->digests == NULL) { + return NULL; + } idx = SecCmsAlgArrayGetIndexByAlgTag(sigd->digestAlgorithms, algtag); - return sigd->digests[idx]; + return (idx >= 0) ? sigd->digests[idx] : NULL; } /* @@ -985,7 +978,8 @@ SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd, { int cnt, i, idx; - if (sigd->digestAlgorithms == NULL) { + /* Check input structure and items in structure */ + if (sigd == NULL || sigd->digestAlgorithms == NULL || sigd->cmsg == NULL || sigd->cmsg->poolp == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; }