[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h
poppler/SignatureHandler.cc | 20 ++-- poppler/SignatureHandler.h |1 - 2 files changed, 14 insertions(+), 7 deletions(-) New commits: commit fb49889fea6e6003d8b8e2d65de0ce58d6229d54 Author: Sune Vuorela Date: Mon Mar 13 13:56:59 2023 +0100 Simplify temp_certs memory handling diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index 138f394a..d0f6e0fd 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -786,7 +786,7 @@ void SignatureHandler::setNSSPasswordCallback(const std::functiontempCerts; +} NSS_CMSMessage_Destroy(CMSMessage); +free(toFree); } if (signing_cert) { CERT_DestroyCertificate(signing_cert); } - -free(temp_certs); } NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem *cms_item) @@ -888,8 +898,6 @@ NSSCMSSignedData *SignatureHandler::CMS_SignedDataCreate(NSSCMSMessage *cms_msg) for (i = 0; signedData->rawCerts[i]; ++i) { signedData->tempCerts[i] = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), signedData->rawCerts[i], nullptr, 0, 0); } - -temp_certs = signedData->tempCerts; return signedData; } else { return nullptr; diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h index 5f7a6b20..b45a27e7 100644 --- a/poppler/SignatureHandler.h +++ b/poppler/SignatureHandler.h @@ -96,7 +96,6 @@ private: NSSCMSSignedData *CMSSignedData; NSSCMSSignerInfo *CMSSignerInfo; CERTCertificate *signing_cert; -CERTCertificate **temp_certs; static std::string sNssDir; };
[poppler] poppler/SignatureHandler.cc
poppler/SignatureHandler.cc | 19 +++ 1 file changed, 11 insertions(+), 8 deletions(-) New commits: commit fcb7b90ddbd6135e3fbf1032de07bc5b0e351df2 Author: Sune Vuorela Date: Mon Mar 13 14:28:08 2023 +0100 nss created message was leaked on most errors Use a unique_ptr to ensure it is being destructed properly diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index 9979119a..138f394a 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -1052,31 +1052,35 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) /// Code from LibreOffice under MPLv2 / -NSSCMSMessage *cms_msg = NSS_CMSMessage_Create(nullptr); +struct NSSCMSMessageDestroyer +{ +void operator()(NSSCMSMessage *message) { NSS_CMSMessage_Destroy(message); } +}; +std::unique_ptr cms_msg { NSS_CMSMessage_Create(nullptr) }; if (!cms_msg) { return nullptr; } -NSSCMSSignedData *cms_sd = NSS_CMSSignedData_Create(cms_msg); +NSSCMSSignedData *cms_sd = NSS_CMSSignedData_Create(cms_msg.get()); if (!cms_sd) { return nullptr; } -NSSCMSContentInfo *cms_cinfo = NSS_CMSMessage_GetContentInfo(cms_msg); +NSSCMSContentInfo *cms_cinfo = NSS_CMSMessage_GetContentInfo(cms_msg.get()); -if (NSS_CMSContentInfo_SetContent_SignedData(cms_msg, cms_cinfo, cms_sd) != SECSuccess) { +if (NSS_CMSContentInfo_SetContent_SignedData(cms_msg.get(), cms_cinfo, cms_sd) != SECSuccess) { return nullptr; } cms_cinfo = NSS_CMSSignedData_GetContentInfo(cms_sd); // Attach NULL data as detached data -if (NSS_CMSContentInfo_SetContent_Data(cms_msg, cms_cinfo, nullptr, PR_TRUE) != SECSuccess) { +if (NSS_CMSContentInfo_SetContent_Data(cms_msg.get(), cms_cinfo, nullptr, PR_TRUE) != SECSuccess) { return nullptr; } // hardcode SHA256 these days... -NSSCMSSignerInfo *cms_signer = NSS_CMSSignerInfo_Create(cms_msg, signing_cert, SEC_OID_SHA256); +NSSCMSSignerInfo *cms_signer = NSS_CMSSignerInfo_Create(cms_msg.get(), signing_cert, SEC_OID_SHA256); if (!cms_signer) { return nullptr; } @@ -1180,7 +1184,7 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) cms_output.data = nullptr; cms_output.len = 0; -NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr); +NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg.get(), nullptr, nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr); if (!cms_ecx) { return nullptr; } @@ -1192,7 +1196,6 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) GooString *signature = new GooString(reinterpret_cast(cms_output.data), cms_output.len); SECITEM_FreeItem(pEncodedCertificate, PR_TRUE); -NSS_CMSMessage_Destroy(cms_msg); return std::unique_ptr(signature); }
[poppler] utils/pdftocairo.cc
utils/pdftocairo.cc |1 + 1 file changed, 1 insertion(+) New commits: commit 01ff2af0ee61c45bf4728a1d6ff4327aa2889d21 Author: Albert Astals Cid Date: Mon Mar 13 15:49:09 2023 +0100 Update (C) diff --git a/utils/pdftocairo.cc b/utils/pdftocairo.cc index 7d9a1954..faa5a02d 100644 --- a/utils/pdftocairo.cc +++ b/utils/pdftocairo.cc @@ -40,6 +40,7 @@ // Copyright (C) 2021 Peter Williams // Copyright (C) 2021 Christian Persch // Copyright (C) 2022 James Cloos +// Copyright (C) 2023 Anton Thomasson // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git
[poppler] poppler/CertificateInfo.cc poppler/CertificateInfo.h
poppler/CertificateInfo.cc |1 + poppler/CertificateInfo.h |1 + 2 files changed, 2 insertions(+) New commits: commit 2cd82736e2db45e9a06baba1478439637172a76e Author: Albert Astals Cid Date: Mon Mar 13 15:45:41 2023 +0100 Update (C) diff --git a/poppler/CertificateInfo.cc b/poppler/CertificateInfo.cc index 982ee898..b6a8437a 100644 --- a/poppler/CertificateInfo.cc +++ b/poppler/CertificateInfo.cc @@ -8,6 +8,7 @@ // Copyright 2018, 2019, 2022 Albert Astals Cid // Copyright 2018 Oliver Sander // Copyright 2020 Thorsten Behrens +// Copyright 2023 g10 Code GmbH, Author: Sune Stolborg Vuorela // // diff --git a/poppler/CertificateInfo.h b/poppler/CertificateInfo.h index 7b324f0b..600ecb52 100644 --- a/poppler/CertificateInfo.h +++ b/poppler/CertificateInfo.h @@ -8,6 +8,7 @@ // Copyright 2018, 2019 Albert Astals Cid // Copyright 2018 Oliver Sander // Copyright 2020 Thorsten Behrens +// Copyright 2023 g10 Code GmbH, Author: Sune Stolborg Vuorela // //
[poppler] poppler/SignatureHandler.cc
poppler/SignatureHandler.cc | 20 +++- 1 file changed, 11 insertions(+), 9 deletions(-) New commits: commit bd533d75bb171dada6fa9e9fdc5bdc3e42824b97 Author: Sune Vuorela Date: Mon Mar 13 14:21:23 2023 +0100 Put the arenapool in a unique_ptr Also allocate it a bit earlier to use it for a few other entries that might otherwise else be leaked in certain error conditions diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index b56b23b5..9979119a 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -212,7 +212,7 @@ static void shutdownNss() // SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are // not exported from libsmime, so copy them here. Sigh. -static SECStatus my_SEC_StringToOID(SECItem *to, const char *from, PRUint32 len) +static SECStatus my_SEC_StringToOID(PLArenaPool *arena, SECItem *to, const char *from, PRUint32 len) { PRUint32 decimal_numbers = 0; PRUint32 result_bytes = 0; @@ -305,7 +305,7 @@ static SECStatus my_SEC_StringToOID(SECItem *to, const char *from, PRUint32 len) SECItem result_item = { siBuffer, nullptr, 0 }; result_item.data = result; result_item.len = result_bytes; -rv = SECITEM_CopyItem(nullptr, to, _item); +rv = SECITEM_CopyItem(arena, to, _item); } return rv; } @@ -1097,13 +1097,19 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) return nullptr; } +struct PLArenaFreeFalse +{ +void operator()(PLArenaPool *arena) { PORT_FreeArena(arena, PR_FALSE); } +}; +std::unique_ptr arena { PORT_NewArena(1) }; + // Add the signing certificate as a signed attribute. ESSCertIDv2 *aCertIDs[2]; ESSCertIDv2 aCertID; // Write ESSCertIDv2.hashAlgorithm. aCertID.hashAlgorithm.algorithm.data = nullptr; aCertID.hashAlgorithm.parameters.data = nullptr; -SECOID_SetAlgorithmID(nullptr, , SEC_OID_SHA256, nullptr); +SECOID_SetAlgorithmID(arena.get(), , SEC_OID_SHA256, nullptr); // Write ESSCertIDv2.certHash. SECItem aCertHashItem; @@ -1154,7 +1160,7 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) * { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) * smime(16) id-aa(2) 47 } */ -if (my_SEC_StringToOID(, "1.2.840.113549.1.9.16.2.47", 0) != SECSuccess) { +if (my_SEC_StringToOID(arena.get(), , "1.2.840.113549.1.9.16.2.47", 0) != SECSuccess) { return nullptr; } @@ -1173,16 +1179,13 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) SECItem cms_output; cms_output.data = nullptr; cms_output.len = 0; -PLArenaPool *arena = PORT_NewArena(1); -NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, nullptr, _output, arena, passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr); +NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr); if (!cms_ecx) { -PORT_FreeArena(arena, PR_FALSE); return nullptr; } if (NSS_CMSEncoder_Finish(cms_ecx) != SECSuccess) { -PORT_FreeArena(arena, PR_FALSE); return nullptr; } @@ -1190,7 +1193,6 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) SECITEM_FreeItem(pEncodedCertificate, PR_TRUE); NSS_CMSMessage_Destroy(cms_msg); -PORT_FreeArena(arena, PR_FALSE); return std::unique_ptr(signature); }
[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h
poppler/SignatureHandler.cc | 19 ++- poppler/SignatureHandler.h |6 +- 2 files changed, 11 insertions(+), 14 deletions(-) New commits: commit 7b50d9f0374aa5d0ea653a0d024b315e16625839 Author: Sune Vuorela Date: Mon Mar 13 14:02:27 2023 +0100 Put HASHContext in a unique_ptr rather than manually manage it with freeing diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index b6587c27..b56b23b5 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -795,7 +795,7 @@ SignatureHandler::SignatureHandler(unsigned char *p7, int p7_length) : hash_cont CMSSignedData = CMS_SignedDataCreate(CMSMessage); if (CMSSignedData) { CMSSignerInfo = CMS_SignerInfoCreate(CMSSignedData); -hash_context = initHashContext(); +hash_context.reset(initHashContext()); } } @@ -805,7 +805,7 @@ SignatureHandler::SignatureHandler(const char *certNickname, HashAlgorithm diges setNSSDir({}); CMSMessage = NSS_CMSMessage_Create(nullptr); signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname); -hash_context = HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag))); + hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag; } HASHContext *SignatureHandler::initHashContext() @@ -822,16 +822,13 @@ HASHContext *SignatureHandler::initHashContext() void SignatureHandler::updateHash(unsigned char *data_block, int data_len) { if (hash_context) { -HASH_Update(hash_context, data_block, data_len); +HASH_Update(hash_context.get(), data_block, data_len); } } void SignatureHandler::restartHash() { -if (hash_context) { -HASH_Destroy(hash_context); -} -hash_context = HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digest_alg_tag))); + hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digest_alg_tag; } SignatureHandler::~SignatureHandler() @@ -841,10 +838,6 @@ SignatureHandler::~SignatureHandler() NSS_CMSMessage_Destroy(CMSMessage); } -if (hash_context) { -HASH_Destroy(hash_context); -} - if (signing_cert) { CERT_DestroyCertificate(signing_cert); } @@ -953,7 +946,7 @@ SignatureValidationStatus SignatureHandler::validateSignature() digest_buffer = (unsigned char *)PORT_Alloc(hash_length); unsigned int result_len = 0; -HASH_End(hash_context, digest_buffer, _len, hash_length); +HASH_End(hash_context.get(), digest_buffer, _len, hash_length); SECItem digest; digest.data = digest_buffer; @@ -1050,7 +1043,7 @@ std::unique_ptr SignatureHandler::signDetached(const char *password) } unsigned char *digest_buffer = reinterpret_cast(PORT_Alloc(hash_length)); unsigned int result_len = 0; -HASH_End(hash_context, digest_buffer, _len, hash_length); +HASH_End(hash_context.get(), digest_buffer, _len, hash_length); SECItem digest; digest.data = digest_buffer; digest.len = result_len; diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h index 43b591dd..5f7a6b20 100644 --- a/poppler/SignatureHandler.h +++ b/poppler/SignatureHandler.h @@ -87,7 +87,11 @@ private: unsigned int hash_length; HashAlgorithm digest_alg_tag; SECItem CMSitem; -HASHContext *hash_context; +struct HashDestroyer +{ +void operator()(HASHContext *hash) { HASH_Destroy(hash); } +}; +std::unique_ptr hash_context; NSSCMSMessage *CMSMessage; NSSCMSSignedData *CMSSignedData; NSSCMSSignerInfo *CMSSignerInfo;