[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h
poppler/SignatureHandler.cc | 20 ++--
poppler/SignatureHandler.h |1 -
2 files changed, 14 insertions(+), 7 deletions(-)
New commits:
commit fb49889fea6e6003d8b8e2d65de0ce58d6229d54
Author: Sune Vuorela
Date: Mon Mar 13 13:56:59 2023 +0100
Simplify temp_certs memory handling
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 138f394a..d0f6e0fd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -786,7 +786,7 @@ void SignatureHandler::setNSSPasswordCallback(const
std::functiontempCerts;
+}
NSS_CMSMessage_Destroy(CMSMessage);
+free(toFree);
}
if (signing_cert) {
CERT_DestroyCertificate(signing_cert);
}
-
-free(temp_certs);
}
NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem *cms_item)
@@ -888,8 +898,6 @@ NSSCMSSignedData
*SignatureHandler::CMS_SignedDataCreate(NSSCMSMessage *cms_msg)
for (i = 0; signedData->rawCerts[i]; ++i) {
signedData->tempCerts[i] =
CERT_NewTempCertificate(CERT_GetDefaultCertDB(), signedData->rawCerts[i],
nullptr, 0, 0);
}
-
-temp_certs = signedData->tempCerts;
return signedData;
} else {
return nullptr;
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 5f7a6b20..b45a27e7 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -96,7 +96,6 @@ private:
NSSCMSSignedData *CMSSignedData;
NSSCMSSignerInfo *CMSSignerInfo;
CERTCertificate *signing_cert;
-CERTCertificate **temp_certs;
static std::string sNssDir;
};
[poppler] poppler/SignatureHandler.cc
poppler/SignatureHandler.cc | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
New commits:
commit fcb7b90ddbd6135e3fbf1032de07bc5b0e351df2
Author: Sune Vuorela
Date: Mon Mar 13 14:28:08 2023 +0100
nss created message was leaked on most errors
Use a unique_ptr to ensure it is being destructed properly
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 9979119a..138f394a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -1052,31 +1052,35 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
/// Code from LibreOffice under MPLv2
/
-NSSCMSMessage *cms_msg = NSS_CMSMessage_Create(nullptr);
+struct NSSCMSMessageDestroyer
+{
+void operator()(NSSCMSMessage *message) {
NSS_CMSMessage_Destroy(message); }
+};
+std::unique_ptr cms_msg {
NSS_CMSMessage_Create(nullptr) };
if (!cms_msg) {
return nullptr;
}
-NSSCMSSignedData *cms_sd = NSS_CMSSignedData_Create(cms_msg);
+NSSCMSSignedData *cms_sd = NSS_CMSSignedData_Create(cms_msg.get());
if (!cms_sd) {
return nullptr;
}
-NSSCMSContentInfo *cms_cinfo = NSS_CMSMessage_GetContentInfo(cms_msg);
+NSSCMSContentInfo *cms_cinfo =
NSS_CMSMessage_GetContentInfo(cms_msg.get());
-if (NSS_CMSContentInfo_SetContent_SignedData(cms_msg, cms_cinfo, cms_sd)
!= SECSuccess) {
+if (NSS_CMSContentInfo_SetContent_SignedData(cms_msg.get(), cms_cinfo,
cms_sd) != SECSuccess) {
return nullptr;
}
cms_cinfo = NSS_CMSSignedData_GetContentInfo(cms_sd);
// Attach NULL data as detached data
-if (NSS_CMSContentInfo_SetContent_Data(cms_msg, cms_cinfo, nullptr,
PR_TRUE) != SECSuccess) {
+if (NSS_CMSContentInfo_SetContent_Data(cms_msg.get(), cms_cinfo, nullptr,
PR_TRUE) != SECSuccess) {
return nullptr;
}
// hardcode SHA256 these days...
-NSSCMSSignerInfo *cms_signer = NSS_CMSSignerInfo_Create(cms_msg,
signing_cert, SEC_OID_SHA256);
+NSSCMSSignerInfo *cms_signer = NSS_CMSSignerInfo_Create(cms_msg.get(),
signing_cert, SEC_OID_SHA256);
if (!cms_signer) {
return nullptr;
}
@@ -1180,7 +1184,7 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
cms_output.data = nullptr;
cms_output.len = 0;
-NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr,
nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr);
+NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg.get(),
nullptr, nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr);
if (!cms_ecx) {
return nullptr;
}
@@ -1192,7 +1196,6 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
GooString *signature = new GooString(reinterpret_cast(cms_output.data), cms_output.len);
SECITEM_FreeItem(pEncodedCertificate, PR_TRUE);
-NSS_CMSMessage_Destroy(cms_msg);
return std::unique_ptr(signature);
}
[poppler] utils/pdftocairo.cc
utils/pdftocairo.cc |1 + 1 file changed, 1 insertion(+) New commits: commit 01ff2af0ee61c45bf4728a1d6ff4327aa2889d21 Author: Albert Astals Cid Date: Mon Mar 13 15:49:09 2023 +0100 Update (C) diff --git a/utils/pdftocairo.cc b/utils/pdftocairo.cc index 7d9a1954..faa5a02d 100644 --- a/utils/pdftocairo.cc +++ b/utils/pdftocairo.cc @@ -40,6 +40,7 @@ // Copyright (C) 2021 Peter Williams // Copyright (C) 2021 Christian Persch // Copyright (C) 2022 James Cloos +// Copyright (C) 2023 Anton Thomasson // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git
[poppler] poppler/CertificateInfo.cc poppler/CertificateInfo.h
poppler/CertificateInfo.cc |1 + poppler/CertificateInfo.h |1 + 2 files changed, 2 insertions(+) New commits: commit 2cd82736e2db45e9a06baba1478439637172a76e Author: Albert Astals Cid Date: Mon Mar 13 15:45:41 2023 +0100 Update (C) diff --git a/poppler/CertificateInfo.cc b/poppler/CertificateInfo.cc index 982ee898..b6a8437a 100644 --- a/poppler/CertificateInfo.cc +++ b/poppler/CertificateInfo.cc @@ -8,6 +8,7 @@ // Copyright 2018, 2019, 2022 Albert Astals Cid // Copyright 2018 Oliver Sander // Copyright 2020 Thorsten Behrens +// Copyright 2023 g10 Code GmbH, Author: Sune Stolborg Vuorela // // diff --git a/poppler/CertificateInfo.h b/poppler/CertificateInfo.h index 7b324f0b..600ecb52 100644 --- a/poppler/CertificateInfo.h +++ b/poppler/CertificateInfo.h @@ -8,6 +8,7 @@ // Copyright 2018, 2019 Albert Astals Cid // Copyright 2018 Oliver Sander // Copyright 2020 Thorsten Behrens +// Copyright 2023 g10 Code GmbH, Author: Sune Stolborg Vuorela // //
[poppler] poppler/SignatureHandler.cc
poppler/SignatureHandler.cc | 20 +++-
1 file changed, 11 insertions(+), 9 deletions(-)
New commits:
commit bd533d75bb171dada6fa9e9fdc5bdc3e42824b97
Author: Sune Vuorela
Date: Mon Mar 13 14:21:23 2023 +0100
Put the arenapool in a unique_ptr
Also allocate it a bit earlier to use it for a few other entries that
might otherwise else be leaked in certain error conditions
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index b56b23b5..9979119a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -212,7 +212,7 @@ static void shutdownNss()
// SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are
// not exported from libsmime, so copy them here. Sigh.
-static SECStatus my_SEC_StringToOID(SECItem *to, const char *from, PRUint32
len)
+static SECStatus my_SEC_StringToOID(PLArenaPool *arena, SECItem *to, const
char *from, PRUint32 len)
{
PRUint32 decimal_numbers = 0;
PRUint32 result_bytes = 0;
@@ -305,7 +305,7 @@ static SECStatus my_SEC_StringToOID(SECItem *to, const char
*from, PRUint32 len)
SECItem result_item = { siBuffer, nullptr, 0 };
result_item.data = result;
result_item.len = result_bytes;
-rv = SECITEM_CopyItem(nullptr, to, _item);
+rv = SECITEM_CopyItem(arena, to, _item);
}
return rv;
}
@@ -1097,13 +1097,19 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
return nullptr;
}
+struct PLArenaFreeFalse
+{
+void operator()(PLArenaPool *arena) { PORT_FreeArena(arena, PR_FALSE);
}
+};
+std::unique_ptr arena {
PORT_NewArena(1) };
+
// Add the signing certificate as a signed attribute.
ESSCertIDv2 *aCertIDs[2];
ESSCertIDv2 aCertID;
// Write ESSCertIDv2.hashAlgorithm.
aCertID.hashAlgorithm.algorithm.data = nullptr;
aCertID.hashAlgorithm.parameters.data = nullptr;
-SECOID_SetAlgorithmID(nullptr, , SEC_OID_SHA256,
nullptr);
+SECOID_SetAlgorithmID(arena.get(), , SEC_OID_SHA256,
nullptr);
// Write ESSCertIDv2.certHash.
SECItem aCertHashItem;
@@ -1154,7 +1160,7 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
* { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
* smime(16) id-aa(2) 47 }
*/
-if (my_SEC_StringToOID(, "1.2.840.113549.1.9.16.2.47", 0) !=
SECSuccess) {
+if (my_SEC_StringToOID(arena.get(), ,
"1.2.840.113549.1.9.16.2.47", 0) != SECSuccess) {
return nullptr;
}
@@ -1173,16 +1179,13 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
SECItem cms_output;
cms_output.data = nullptr;
cms_output.len = 0;
-PLArenaPool *arena = PORT_NewArena(1);
-NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr,
nullptr, _output, arena, passwordCallback, const_cast(password),
nullptr, nullptr, nullptr, nullptr);
+NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr,
nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr);
if (!cms_ecx) {
-PORT_FreeArena(arena, PR_FALSE);
return nullptr;
}
if (NSS_CMSEncoder_Finish(cms_ecx) != SECSuccess) {
-PORT_FreeArena(arena, PR_FALSE);
return nullptr;
}
@@ -1190,7 +1193,6 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
SECITEM_FreeItem(pEncodedCertificate, PR_TRUE);
NSS_CMSMessage_Destroy(cms_msg);
-PORT_FreeArena(arena, PR_FALSE);
return std::unique_ptr(signature);
}
[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h
poppler/SignatureHandler.cc | 19 ++-
poppler/SignatureHandler.h |6 +-
2 files changed, 11 insertions(+), 14 deletions(-)
New commits:
commit 7b50d9f0374aa5d0ea653a0d024b315e16625839
Author: Sune Vuorela
Date: Mon Mar 13 14:02:27 2023 +0100
Put HASHContext in a unique_ptr rather than manually manage it with freeing
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index b6587c27..b56b23b5 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -795,7 +795,7 @@ SignatureHandler::SignatureHandler(unsigned char *p7, int
p7_length) : hash_cont
CMSSignedData = CMS_SignedDataCreate(CMSMessage);
if (CMSSignedData) {
CMSSignerInfo = CMS_SignerInfoCreate(CMSSignedData);
-hash_context = initHashContext();
+hash_context.reset(initHashContext());
}
}
@@ -805,7 +805,7 @@ SignatureHandler::SignatureHandler(const char
*certNickname, HashAlgorithm diges
setNSSDir({});
CMSMessage = NSS_CMSMessage_Create(nullptr);
signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
certNickname);
-hash_context =
HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag)));
+
hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag;
}
HASHContext *SignatureHandler::initHashContext()
@@ -822,16 +822,13 @@ HASHContext *SignatureHandler::initHashContext()
void SignatureHandler::updateHash(unsigned char *data_block, int data_len)
{
if (hash_context) {
-HASH_Update(hash_context, data_block, data_len);
+HASH_Update(hash_context.get(), data_block, data_len);
}
}
void SignatureHandler::restartHash()
{
-if (hash_context) {
-HASH_Destroy(hash_context);
-}
-hash_context =
HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digest_alg_tag)));
+
hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digest_alg_tag;
}
SignatureHandler::~SignatureHandler()
@@ -841,10 +838,6 @@ SignatureHandler::~SignatureHandler()
NSS_CMSMessage_Destroy(CMSMessage);
}
-if (hash_context) {
-HASH_Destroy(hash_context);
-}
-
if (signing_cert) {
CERT_DestroyCertificate(signing_cert);
}
@@ -953,7 +946,7 @@ SignatureValidationStatus
SignatureHandler::validateSignature()
digest_buffer = (unsigned char *)PORT_Alloc(hash_length);
unsigned int result_len = 0;
-HASH_End(hash_context, digest_buffer, _len, hash_length);
+HASH_End(hash_context.get(), digest_buffer, _len, hash_length);
SECItem digest;
digest.data = digest_buffer;
@@ -1050,7 +1043,7 @@ std::unique_ptr
SignatureHandler::signDetached(const char *password)
}
unsigned char *digest_buffer = reinterpret_cast(PORT_Alloc(hash_length));
unsigned int result_len = 0;
-HASH_End(hash_context, digest_buffer, _len, hash_length);
+HASH_End(hash_context.get(), digest_buffer, _len, hash_length);
SECItem digest;
digest.data = digest_buffer;
digest.len = result_len;
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 43b591dd..5f7a6b20 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -87,7 +87,11 @@ private:
unsigned int hash_length;
HashAlgorithm digest_alg_tag;
SECItem CMSitem;
-HASHContext *hash_context;
+struct HashDestroyer
+{
+void operator()(HASHContext *hash) { HASH_Destroy(hash); }
+};
+std::unique_ptr hash_context;
NSSCMSMessage *CMSMessage;
NSSCMSSignedData *CMSSignedData;
NSSCMSSignerInfo *CMSSignerInfo;
