[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   15 ---
 poppler/SignatureHandler.h  |7 ++-
 2 files changed, 18 insertions(+), 4 deletions(-)

New commits:
commit 33672ca1b6670f7378e24f6d475438f7f5d86b05
Author: Sune Vuorela 
Date:   Mon May 22 19:53:08 2023 +

Fix crash with weird hashing used for signatures

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index a306c358..b8f08acd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -768,11 +768,11 @@ 
SignatureVerificationHandler::SignatureVerificationHandler(std::vectoralgorithm;
 auto hashAlgorithm = SECOID_FindOIDTag();
 HASH_HashType hashType = HASH_GetHashTypeByOidTag(hashAlgorithm);
-hashContext = 
std::make_unique(ConvertHashTypeFromNss(hashType));
+hashContext = HashContext::create(ConvertHashTypeFromNss(hashType));
 }
 }
 
-SignatureSignHandler::SignatureSignHandler(const std::string , 
HashAlgorithm digestAlgTag) : 
hashContext(std::make_unique(digestAlgTag)), signing_cert(nullptr)
+SignatureSignHandler::SignatureSignHandler(const std::string , 
HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), 
signing_cert(nullptr)
 {
 SignatureHandler::setNSSDir({});
 signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), 
certNickname.c_str());
@@ -1232,7 +1232,16 @@ std::vector HashContext::endHash()
 return digestBuffer;
 }
 
-HashContext::HashContext(HashAlgorithm algorithm) : hash_context { 
HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, 
digest_alg_tag(algorithm) { }
+HashContext::HashContext(HashAlgorithm algorithm, private_tag) : hash_context 
{ HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) 
}, digest_alg_tag(algorithm) { }
+
+std::unique_ptr HashContext::create(HashAlgorithm algorithm)
+{
+auto ctx = std::make_unique(algorithm, private_tag {});
+if (ctx->hash_context) {
+return ctx;
+}
+return {};
+}
 
 HashAlgorithm HashContext::getHashAlgorithm() const
 {
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 8a978f09..d166305b 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -47,12 +47,17 @@
 
 class HashContext
 {
+class private_tag
+{
+};
+
 public:
-explicit HashContext(HashAlgorithm algorithm);
+HashContext(HashAlgorithm algorithm, private_tag);
 void updateHash(unsigned char *data_block, int data_len);
 std::vector endHash();
 HashAlgorithm getHashAlgorithm() const;
 ~HashContext() = default;
+static std::unique_ptr create(HashAlgorithm algorithm);
 
 private:
 struct HashDestroyer

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

New commits:
commit 098d2d497b3d8cbc4fdf9eb68385bfbe2ee3e711
Author: Sune Vuorela 
Date:   Mon Mar 27 17:52:28 2023 +0200

Fix crash in bad signature verification

If the signature existing but too wrong for us to understand, we might
not get the hashContext object created, so guard against that.

This is fallout from 08c0766e9d.

Note the SignHandler does not need the same guards; the hashContext is
always present.

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 64ac6594..99163000 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -780,12 +780,18 @@ SignatureSignHandler::SignatureSignHandler(const 
std::string , Hash
 
 HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const
 {
-return hashContext->getHashAlgorithm();
+if (hashContext) {
+return hashContext->getHashAlgorithm();
+} else {
+return HashAlgorithm::Unknown;
+}
 }
 
 void SignatureVerificationHandler::updateHash(unsigned char *data_block, int 
data_len)
 {
-hashContext->updateHash(data_block, data_len);
+if (hashContext) {
+hashContext->updateHash(data_block, data_len);
+}
 }
 
 void SignatureSignHandler::updateHash(unsigned char *data_block, int data_len)

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   94 +++-
 poppler/SignatureHandler.h  |   27 
 2 files changed, 60 insertions(+), 61 deletions(-)

New commits:
commit f8d8753fecdb8b4e572d3aec6c654c5efb498b44
Author: Sune Vuorela 
Date:   Thu Mar 16 09:45:02 2023 +0100

Split HashContext to separate class

Then we only need one place to do the endHash and memory handling.

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 7ba09136..17d7cb17 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -457,28 +457,6 @@ static SECOidTag ConvertHashAlgorithmToNss(HashAlgorithm 
digestAlgId)
 return SEC_OID_UNKNOWN;
 }
 
-static HashAlgorithm ConvertHashAlgorithmFromNss(SECOidTag digestAlgId)
-{
-switch (digestAlgId) {
-case SEC_OID_MD2:
-return HashAlgorithm::Md2;
-case SEC_OID_MD5:
-return HashAlgorithm::Md5;
-case SEC_OID_SHA1:
-return HashAlgorithm::Sha1;
-case SEC_OID_SHA256:
-return HashAlgorithm::Sha256;
-case SEC_OID_SHA384:
-return HashAlgorithm::Sha384;
-case SEC_OID_SHA512:
-return HashAlgorithm::Sha512;
-case SEC_OID_SHA224:
-return HashAlgorithm::Sha224;
-default:
-return HashAlgorithm::Unknown;
-}
-}
-
 static HashAlgorithm ConvertHashTypeFromNss(HASH_HashType type)
 {
 switch (type) {
@@ -503,7 +481,7 @@ static HashAlgorithm ConvertHashTypeFromNss(HASH_HashType 
type)
 return HashAlgorithm::Unknown;
 }
 
-unsigned int SignatureHandler::digestLength(HashAlgorithm digestAlgId)
+static unsigned int digestLength(HashAlgorithm digestAlgId)
 {
 switch (digestAlgId) {
 case HashAlgorithm::Sha1:
@@ -577,8 +555,8 @@ std::string SignatureHandler::getSignerSubjectDN() const
 
 HashAlgorithm SignatureHandler::getHashAlgorithm() const
 {
-if (hash_context && hash_context->hashobj) {
-return ConvertHashTypeFromNss(hash_context->hashobj->type);
+if (hashContext) {
+return hashContext->getHashAlgorithm();
 }
 return HashAlgorithm::Unknown;
 }
@@ -799,7 +777,7 @@ void SignatureHandler::setNSSPasswordCallback(const 
std::function &) : 
p7(std::move(p7data)), hash_context(nullptr), CMSMessage(nullptr), 
CMSSignedData(nullptr), CMSSignerInfo(nullptr), signing_cert(nullptr)
+SignatureHandler::SignatureHandler(std::vector &) : 
p7(std::move(p7data)), hashContext(nullptr), CMSMessage(nullptr), 
CMSSignedData(nullptr), CMSSignerInfo(nullptr), signing_cert(nullptr)
 {
 setNSSDir({});
 CMSitem.data = p7.data();
@@ -808,34 +786,26 @@ SignatureHandler::SignatureHandler(std::vector &) : p7(std
 CMSSignedData = CMS_SignedDataCreate(CMSMessage);
 if (CMSSignedData) {
 CMSSignerInfo = CMS_SignerInfoCreate(CMSSignedData);
-hash_context.reset(initHashContext());
+
+SECItem usedAlgorithm = 
NSS_CMSSignedData_GetDigestAlgs(CMSSignedData)[0]->algorithm;
+auto hashAlgorithm = SECOID_FindOIDTag();
+HASH_HashType hashType = HASH_GetHashTypeByOidTag(hashAlgorithm);
+hashContext = 
std::make_unique(ConvertHashTypeFromNss(hashType));
 }
 }
 
 SignatureHandler::SignatureHandler(const std::string , 
HashAlgorithm digestAlgTag)
-: hash_length(digestLength(digestAlgTag)), digest_alg_tag(digestAlgTag), 
CMSitem(), hash_context(nullptr), CMSMessage(nullptr), CMSSignedData(nullptr), 
CMSSignerInfo(nullptr), signing_cert(nullptr)
+: CMSitem(), hashContext(std::make_unique(digestAlgTag)), 
CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr), 
signing_cert(nullptr)
 {
 setNSSDir({});
 CMSMessage = NSS_CMSMessage_Create(nullptr);
 signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), 
certNickname.c_str());
-
hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag;
-}
-
-HASHContext *SignatureHandler::initHashContext()
-{
-
-SECItem usedAlgorithm = 
NSS_CMSSignedData_GetDigestAlgs(CMSSignedData)[0]->algorithm;
-const auto hashAlgorithm = SECOID_FindOIDTag();
-hash_length = digestLength(ConvertHashAlgorithmFromNss(hashAlgorithm));
-HASH_HashType hashType;
-hashType = HASH_GetHashTypeByOidTag(hashAlgorithm);
-return HASH_Create(hashType);
 }
 
 void SignatureHandler::updateHash(unsigned char *data_block, int data_len)
 {
-if (hash_context) {
-HASH_Update(hash_context.get(), data_block, data_len);
+if (hashContext) {
+hashContext->updateHash(data_block, data_len);
 }
 }
 
@@ -952,18 +922,15 @@ SignatureValidationStatus 
SignatureHandler::validateSignature()
 return SIGNATURE_GENERIC_ERROR;
 }
 
-if (!hash_context) {
+if (!hashContext) {
 return SIGNATURE_GENERIC_ERROR;
 }
 
-auto digest_buffer = std::vector(hash_length);
-unsigned int result_len = 0;
-
-HASH_End(hash_context.get(), digest_buffer.data(), _len, 
digest_buffer.size());
+std::vector 

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |8 
 poppler/SignatureHandler.h  |8 
 2 files changed, 8 insertions(+), 8 deletions(-)

New commits:
commit b39c8cd2bc7757b3c1c4756de345702f852a4706
Author: Sune Vuorela 
Date:   Fri Mar 17 14:24:51 2023 +0100

Add const to a few signature methods

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 94240ef3..e28853e5 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -520,7 +520,7 @@ unsigned int SignatureHandler::digestLength(HashAlgorithm 
digestAlgId)
 }
 }
 
-std::string SignatureHandler::getSignerName()
+std::string SignatureHandler::getSignerName() const
 {
 if (!NSS_IsInitialized()) {
 return {};
@@ -553,7 +553,7 @@ std::string SignatureHandler::getSignerName()
 return name;
 }
 
-std::string SignatureHandler::getSignerSubjectDN()
+std::string SignatureHandler::getSignerSubjectDN() const
 {
 if (!signing_cert && !CMSSignerInfo) {
 return {};
@@ -575,7 +575,7 @@ std::string SignatureHandler::getSignerSubjectDN()
 return activeCert->subjectName;
 }
 
-HashAlgorithm SignatureHandler::getHashAlgorithm()
+HashAlgorithm SignatureHandler::getHashAlgorithm() const
 {
 if (hash_context && hash_context->hashobj) {
 return ConvertHashTypeFromNss(hash_context->hashobj->type);
@@ -583,7 +583,7 @@ HashAlgorithm SignatureHandler::getHashAlgorithm()
 return HashAlgorithm::Unknown;
 }
 
-time_t SignatureHandler::getSigningTime()
+time_t SignatureHandler::getSigningTime() const
 {
 PRTime sTime; // time in microseconds since the epoch
 
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 218000c4..9cf701f2 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -49,10 +49,10 @@ public:
 SignatureHandler(unsigned char *p7, int p7_length);
 SignatureHandler(const char *certNickname, HashAlgorithm digestAlgTag);
 ~SignatureHandler();
-time_t getSigningTime();
-std::string getSignerName();
-std::string getSignerSubjectDN();
-HashAlgorithm getHashAlgorithm();
+time_t getSigningTime() const;
+std::string getSignerName() const;
+std::string getSignerSubjectDN() const;
+HashAlgorithm getHashAlgorithm() const;
 void updateHash(unsigned char *data_block, int data_len);
 void restartHash();
 SignatureValidationStatus validateSignature();

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   30 +++---
 poppler/SignatureHandler.h  |2 +-
 2 files changed, 20 insertions(+), 12 deletions(-)

New commits:
commit ede53de1654afe86e25fa22c7e9d50003a217d5a
Author: Sune Vuorela 
Date:   Mon Mar 13 14:48:21 2023 +0100

Valgrind cleanup of signing

signing_cert is owned by us while verifying, but the data we were
writing to it while signing was not (directly) owned by us, so don't
free it. Or well. Don't write it to a class member.

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 51c532c6..94240ef3 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -522,8 +522,6 @@ unsigned int SignatureHandler::digestLength(HashAlgorithm 
digestAlgId)
 
 std::string SignatureHandler::getSignerName()
 {
-char *commonName;
-
 if (!NSS_IsInitialized()) {
 return {};
 }
@@ -531,16 +529,21 @@ std::string SignatureHandler::getSignerName()
 if (!signing_cert && !CMSSignerInfo) {
 return {};
 }
+CERTCertificate *activeCert = nullptr;
 
 if (!signing_cert) {
-signing_cert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, 
CERT_GetDefaultCertDB());
+// we are signing, and thus getting the name of the SignerInfo, not of 
the signing cert. Data owned by CMSSignerInfo
+activeCert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, 
CERT_GetDefaultCertDB());
+} else {
+// We are verifying. data owned by us.
+activeCert = signing_cert;
 }
 
-if (!signing_cert) {
+if (!activeCert) {
 return {};
 }
 
-commonName = CERT_GetCommonName(_cert->subject);
+char *commonName = CERT_GetCommonName(>subject);
 if (!commonName) {
 return {};
 }
@@ -550,21 +553,26 @@ std::string SignatureHandler::getSignerName()
 return name;
 }
 
-const char *SignatureHandler::getSignerSubjectDN()
+std::string SignatureHandler::getSignerSubjectDN()
 {
 if (!signing_cert && !CMSSignerInfo) {
-return nullptr;
+return {};
 }
+CERTCertificate *activeCert = nullptr;
 
 if (!signing_cert) {
-signing_cert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, 
CERT_GetDefaultCertDB());
+// we are signing, and thus getting the name of the SignerInfo, not of 
the signing cert. Data owned by CMSSignerInfo
+activeCert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, 
CERT_GetDefaultCertDB());
+} else {
+// We are verifying. data owned by us.
+activeCert = signing_cert;
 }
 
-if (!signing_cert) {
-return nullptr;
+if (!activeCert) {
+return {};
 }
 
-return signing_cert->subjectName;
+return activeCert->subjectName;
 }
 
 HashAlgorithm SignatureHandler::getHashAlgorithm()
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index fdc0ebd4..218000c4 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -51,7 +51,7 @@ public:
 ~SignatureHandler();
 time_t getSigningTime();
 std::string getSignerName();
-const char *getSignerSubjectDN();
+std::string getSignerSubjectDN();
 HashAlgorithm getHashAlgorithm();
 void updateHash(unsigned char *data_block, int data_len);
 void restartHash();

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   10 +++---
 poppler/SignatureHandler.h  |3 ---
 2 files changed, 7 insertions(+), 6 deletions(-)

New commits:
commit fc802d21df3c70f721c0353ab8862a4632c8018e
Author: Sune Vuorela 
Date:   Thu Mar 16 09:54:54 2023 +0100

Make standalone methods standalone

In previous commits, these functions has been made fully standalone, so
now make it obvious.

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 231a8c01..51c532c6 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -197,6 +197,10 @@ const SEC_ASN1Template TimeStampReq_Template[] = { { 
SEC_ASN1_SEQUENCE, 0, nullp
{ 0, 0, nullptr, 0 } };
 */
 
+static NSSCMSMessage *CMS_MessageCreate(SECItem *cms_item);
+static NSSCMSSignedData *CMS_SignedDataCreate(NSSCMSMessage *cms_msg);
+static NSSCMSSignerInfo *CMS_SignerInfoCreate(NSSCMSSignedData *cms_sig_data);
+
 // a dummy, actually
 static char *passwordCallback(PK11SlotInfo * /*slot*/, PRBool /*retry*/, void 
*arg)
 {
@@ -856,7 +860,7 @@ SignatureHandler::~SignatureHandler()
 }
 }
 
-NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem *cms_item)
+static NSSCMSMessage *CMS_MessageCreate(SECItem *cms_item)
 {
 if (cms_item->data) {
 return NSS_CMSMessage_CreateFromDER(cms_item, nullptr, nullptr /* 
Content callback */
@@ -869,7 +873,7 @@ NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem 
*cms_item)
 }
 }
 
-NSSCMSSignedData *SignatureHandler::CMS_SignedDataCreate(NSSCMSMessage 
*cms_msg)
+static NSSCMSSignedData *CMS_SignedDataCreate(NSSCMSMessage *cms_msg)
 {
 if (!NSS_CMSMessage_IsSigned(cms_msg)) {
 error(errInternal, 0, "Input couldn't be parsed as a CMS signature");
@@ -905,7 +909,7 @@ NSSCMSSignedData 
*SignatureHandler::CMS_SignedDataCreate(NSSCMSMessage *cms_msg)
 }
 }
 
-NSSCMSSignerInfo *SignatureHandler::CMS_SignerInfoCreate(NSSCMSSignedData 
*cms_sig_data)
+NSSCMSSignerInfo *CMS_SignerInfoCreate(NSSCMSSignedData *cms_sig_data)
 {
 NSSCMSSignerInfo *signerInfo = 
NSS_CMSSignedData_GetSignerInfo(cms_sig_data, 0);
 if (!signerInfo) {
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index b45a27e7..fdc0ebd4 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -78,9 +78,6 @@ private:
 SignatureHandler =(const SignatureHandler &);
 
 unsigned int digestLength(HashAlgorithm digestAlgId);
-NSSCMSMessage *CMS_MessageCreate(SECItem *cms_item);
-NSSCMSSignedData *CMS_SignedDataCreate(NSSCMSMessage *cms_msg);
-NSSCMSSignerInfo *CMS_SignerInfoCreate(NSSCMSSignedData *cms_sig_data);
 HASHContext *initHashContext();
 static void outputCallback(void *arg, const char *buf, unsigned long len);
 

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

New commits:
commit e18bdd936d9da551506715f8f7e36c13599c9728
Author: Albert Astals Cid 
Date:   Thu Mar 16 00:53:10 2023 +0100

SignatureHandler::validateSignature: Use the actual hash length

It's going to be the same size, but this is more proper

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 059d8efb..231a8c01 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -6,7 +6,7 @@
 //
 // Copyright 2015, 2016 André Guerreiro 
 // Copyright 2015 André Esser 
-// Copyright 2015, 2016, 2018, 2019, 2021, 2022 Albert Astals Cid 

+// Copyright 2015, 2016, 2018, 2019, 2021-2023 Albert Astals Cid 

 // Copyright 2015 Markus Kilås 
 // Copyright 2017 Sebastian Rasmussen 
 // Copyright 2017 Hans-Ulrich Jüttner 
@@ -957,7 +957,7 @@ SignatureValidationStatus 
SignatureHandler::validateSignature()
 
 SECItem digest;
 digest.data = digest_buffer.data();
-digest.len = digest_buffer.size();
+digest.len = result_len;
 
 if ((NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, 
CERT_GetDefaultCertDB())) == nullptr) {
 CMSSignerInfo->verificationStatus = NSSCMSVS_SigningCertNotFound;

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   20 ++--
 poppler/SignatureHandler.h  |1 -
 2 files changed, 14 insertions(+), 7 deletions(-)

New commits:
commit fb49889fea6e6003d8b8e2d65de0ce58d6229d54
Author: Sune Vuorela 
Date:   Mon Mar 13 13:56:59 2023 +0100

Simplify temp_certs memory handling

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 138f394a..d0f6e0fd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -786,7 +786,7 @@ void SignatureHandler::setNSSPasswordCallback(const 
std::functiontempCerts;
+}
 NSS_CMSMessage_Destroy(CMSMessage);
+free(toFree);
 }
 
 if (signing_cert) {
 CERT_DestroyCertificate(signing_cert);
 }
-
-free(temp_certs);
 }
 
 NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem *cms_item)
@@ -888,8 +898,6 @@ NSSCMSSignedData 
*SignatureHandler::CMS_SignedDataCreate(NSSCMSMessage *cms_msg)
 for (i = 0; signedData->rawCerts[i]; ++i) {
 signedData->tempCerts[i] = 
CERT_NewTempCertificate(CERT_GetDefaultCertDB(), signedData->rawCerts[i], 
nullptr, 0, 0);
 }
-
-temp_certs = signedData->tempCerts;
 return signedData;
 } else {
 return nullptr;
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 5f7a6b20..b45a27e7 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -96,7 +96,6 @@ private:
 NSSCMSSignedData *CMSSignedData;
 NSSCMSSignerInfo *CMSSignerInfo;
 CERTCertificate *signing_cert;
-CERTCertificate **temp_certs;
 
 static std::string sNssDir;
 };

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   19 +++
 1 file changed, 11 insertions(+), 8 deletions(-)

New commits:
commit fcb7b90ddbd6135e3fbf1032de07bc5b0e351df2
Author: Sune Vuorela 
Date:   Mon Mar 13 14:28:08 2023 +0100

nss created message was leaked on most errors

Use a unique_ptr to ensure it is being destructed properly

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 9979119a..138f394a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -1052,31 +1052,35 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 /// Code from LibreOffice under MPLv2
 /
 
-NSSCMSMessage *cms_msg = NSS_CMSMessage_Create(nullptr);
+struct NSSCMSMessageDestroyer
+{
+void operator()(NSSCMSMessage *message) { 
NSS_CMSMessage_Destroy(message); }
+};
+std::unique_ptr cms_msg { 
NSS_CMSMessage_Create(nullptr) };
 if (!cms_msg) {
 return nullptr;
 }
 
-NSSCMSSignedData *cms_sd = NSS_CMSSignedData_Create(cms_msg);
+NSSCMSSignedData *cms_sd = NSS_CMSSignedData_Create(cms_msg.get());
 if (!cms_sd) {
 return nullptr;
 }
 
-NSSCMSContentInfo *cms_cinfo = NSS_CMSMessage_GetContentInfo(cms_msg);
+NSSCMSContentInfo *cms_cinfo = 
NSS_CMSMessage_GetContentInfo(cms_msg.get());
 
-if (NSS_CMSContentInfo_SetContent_SignedData(cms_msg, cms_cinfo, cms_sd) 
!= SECSuccess) {
+if (NSS_CMSContentInfo_SetContent_SignedData(cms_msg.get(), cms_cinfo, 
cms_sd) != SECSuccess) {
 return nullptr;
 }
 
 cms_cinfo = NSS_CMSSignedData_GetContentInfo(cms_sd);
 
 // Attach NULL data as detached data
-if (NSS_CMSContentInfo_SetContent_Data(cms_msg, cms_cinfo, nullptr, 
PR_TRUE) != SECSuccess) {
+if (NSS_CMSContentInfo_SetContent_Data(cms_msg.get(), cms_cinfo, nullptr, 
PR_TRUE) != SECSuccess) {
 return nullptr;
 }
 
 // hardcode SHA256 these days...
-NSSCMSSignerInfo *cms_signer = NSS_CMSSignerInfo_Create(cms_msg, 
signing_cert, SEC_OID_SHA256);
+NSSCMSSignerInfo *cms_signer = NSS_CMSSignerInfo_Create(cms_msg.get(), 
signing_cert, SEC_OID_SHA256);
 if (!cms_signer) {
 return nullptr;
 }
@@ -1180,7 +1184,7 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 cms_output.data = nullptr;
 cms_output.len = 0;
 
-NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, 
nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr);
+NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg.get(), 
nullptr, nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr);
 if (!cms_ecx) {
 return nullptr;
 }
@@ -1192,7 +1196,6 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 GooString *signature = new GooString(reinterpret_cast(cms_output.data), cms_output.len);
 
 SECITEM_FreeItem(pEncodedCertificate, PR_TRUE);
-NSS_CMSMessage_Destroy(cms_msg);
 
 return std::unique_ptr(signature);
 }

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

New commits:
commit bd533d75bb171dada6fa9e9fdc5bdc3e42824b97
Author: Sune Vuorela 
Date:   Mon Mar 13 14:21:23 2023 +0100

Put the arenapool in a unique_ptr

Also allocate it a bit earlier to use it for a few other entries that
might otherwise else be leaked in certain error conditions

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index b56b23b5..9979119a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -212,7 +212,7 @@ static void shutdownNss()
 // SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are
 // not exported from libsmime, so copy them here. Sigh.
 
-static SECStatus my_SEC_StringToOID(SECItem *to, const char *from, PRUint32 
len)
+static SECStatus my_SEC_StringToOID(PLArenaPool *arena, SECItem *to, const 
char *from, PRUint32 len)
 {
 PRUint32 decimal_numbers = 0;
 PRUint32 result_bytes = 0;
@@ -305,7 +305,7 @@ static SECStatus my_SEC_StringToOID(SECItem *to, const char 
*from, PRUint32 len)
 SECItem result_item = { siBuffer, nullptr, 0 };
 result_item.data = result;
 result_item.len = result_bytes;
-rv = SECITEM_CopyItem(nullptr, to, _item);
+rv = SECITEM_CopyItem(arena, to, _item);
 }
 return rv;
 }
@@ -1097,13 +1097,19 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 return nullptr;
 }
 
+struct PLArenaFreeFalse
+{
+void operator()(PLArenaPool *arena) { PORT_FreeArena(arena, PR_FALSE); 
}
+};
+std::unique_ptr arena { 
PORT_NewArena(1) };
+
 // Add the signing certificate as a signed attribute.
 ESSCertIDv2 *aCertIDs[2];
 ESSCertIDv2 aCertID;
 // Write ESSCertIDv2.hashAlgorithm.
 aCertID.hashAlgorithm.algorithm.data = nullptr;
 aCertID.hashAlgorithm.parameters.data = nullptr;
-SECOID_SetAlgorithmID(nullptr, , SEC_OID_SHA256, 
nullptr);
+SECOID_SetAlgorithmID(arena.get(), , SEC_OID_SHA256, 
nullptr);
 
 // Write ESSCertIDv2.certHash.
 SECItem aCertHashItem;
@@ -1154,7 +1160,7 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
  * { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
  *   smime(16) id-aa(2) 47 }
  */
-if (my_SEC_StringToOID(, "1.2.840.113549.1.9.16.2.47", 0) != 
SECSuccess) {
+if (my_SEC_StringToOID(arena.get(), , 
"1.2.840.113549.1.9.16.2.47", 0) != SECSuccess) {
 return nullptr;
 }
 
@@ -1173,16 +1179,13 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 SECItem cms_output;
 cms_output.data = nullptr;
 cms_output.len = 0;
-PLArenaPool *arena = PORT_NewArena(1);
 
-NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, 
nullptr, _output, arena, passwordCallback, const_cast(password), 
nullptr, nullptr, nullptr, nullptr);
+NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, 
nullptr, _output, arena.get(), passwordCallback, const_cast(password), nullptr, nullptr, nullptr, nullptr);
 if (!cms_ecx) {
-PORT_FreeArena(arena, PR_FALSE);
 return nullptr;
 }
 
 if (NSS_CMSEncoder_Finish(cms_ecx) != SECSuccess) {
-PORT_FreeArena(arena, PR_FALSE);
 return nullptr;
 }
 
@@ -1190,7 +1193,6 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 
 SECITEM_FreeItem(pEncodedCertificate, PR_TRUE);
 NSS_CMSMessage_Destroy(cms_msg);
-PORT_FreeArena(arena, PR_FALSE);
 
 return std::unique_ptr(signature);
 }

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   19 ++-
 poppler/SignatureHandler.h  |6 +-
 2 files changed, 11 insertions(+), 14 deletions(-)

New commits:
commit 7b50d9f0374aa5d0ea653a0d024b315e16625839
Author: Sune Vuorela 
Date:   Mon Mar 13 14:02:27 2023 +0100

Put HASHContext in a unique_ptr rather than manually manage it with freeing

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index b6587c27..b56b23b5 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -795,7 +795,7 @@ SignatureHandler::SignatureHandler(unsigned char *p7, int 
p7_length) : hash_cont
 CMSSignedData = CMS_SignedDataCreate(CMSMessage);
 if (CMSSignedData) {
 CMSSignerInfo = CMS_SignerInfoCreate(CMSSignedData);
-hash_context = initHashContext();
+hash_context.reset(initHashContext());
 }
 }
 
@@ -805,7 +805,7 @@ SignatureHandler::SignatureHandler(const char 
*certNickname, HashAlgorithm diges
 setNSSDir({});
 CMSMessage = NSS_CMSMessage_Create(nullptr);
 signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), 
certNickname);
-hash_context = 
HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag)));
+
hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digestAlgTag;
 }
 
 HASHContext *SignatureHandler::initHashContext()
@@ -822,16 +822,13 @@ HASHContext *SignatureHandler::initHashContext()
 void SignatureHandler::updateHash(unsigned char *data_block, int data_len)
 {
 if (hash_context) {
-HASH_Update(hash_context, data_block, data_len);
+HASH_Update(hash_context.get(), data_block, data_len);
 }
 }
 
 void SignatureHandler::restartHash()
 {
-if (hash_context) {
-HASH_Destroy(hash_context);
-}
-hash_context = 
HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digest_alg_tag)));
+
hash_context.reset(HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(digest_alg_tag;
 }
 
 SignatureHandler::~SignatureHandler()
@@ -841,10 +838,6 @@ SignatureHandler::~SignatureHandler()
 NSS_CMSMessage_Destroy(CMSMessage);
 }
 
-if (hash_context) {
-HASH_Destroy(hash_context);
-}
-
 if (signing_cert) {
 CERT_DestroyCertificate(signing_cert);
 }
@@ -953,7 +946,7 @@ SignatureValidationStatus 
SignatureHandler::validateSignature()
 digest_buffer = (unsigned char *)PORT_Alloc(hash_length);
 unsigned int result_len = 0;
 
-HASH_End(hash_context, digest_buffer, _len, hash_length);
+HASH_End(hash_context.get(), digest_buffer, _len, hash_length);
 
 SECItem digest;
 digest.data = digest_buffer;
@@ -1050,7 +1043,7 @@ std::unique_ptr 
SignatureHandler::signDetached(const char *password)
 }
 unsigned char *digest_buffer = reinterpret_cast(PORT_Alloc(hash_length));
 unsigned int result_len = 0;
-HASH_End(hash_context, digest_buffer, _len, hash_length);
+HASH_End(hash_context.get(), digest_buffer, _len, hash_length);
 SECItem digest;
 digest.data = digest_buffer;
 digest.len = result_len;
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 43b591dd..5f7a6b20 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -87,7 +87,11 @@ private:
 unsigned int hash_length;
 HashAlgorithm digest_alg_tag;
 SECItem CMSitem;
-HASHContext *hash_context;
+struct HashDestroyer
+{
+void operator()(HASHContext *hash) { HASH_Destroy(hash); }
+};
+std::unique_ptr hash_context;
 NSSCMSMessage *CMSMessage;
 NSSCMSSignedData *CMSSignedData;
 NSSCMSSignerInfo *CMSSignerInfo;

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |4 
 1 file changed, 4 insertions(+)

New commits:
commit 63bfacc89576345722cf3cefb962861aa7d159b8
Author: Tobias Deiminger 
Date:   Wed Jan 4 21:26:12 2023 +0100

Fix "NSS could not shutdown"

SignatureHandler never freed it's signing certificate. This left
an internal NSS reference that prevented cleanup of the NSS cache,
causing "NSS could not shutdown".

NSS maintains an internal in-memory cache, where content is reference
counted. PK11_MakeCertFromHandle increases the issuerAndSn count.
CERT_DestroyCertificate decreases it. NSS tries to destruct the cache in
NSS_Shutdown, which we've scheduled with atexit. There it detects a
remaining reference.

Fixes #1326.

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 3cf40973..89bcc5dd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -858,6 +858,10 @@ SignatureHandler::~SignatureHandler()
 HASH_Destroy(hash_context);
 }
 
+if (signing_cert) {
+CERT_DestroyCertificate(signing_cert);
+}
+
 free(temp_certs);
 }
 

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |1 +
 1 file changed, 1 insertion(+)

New commits:
commit 924ef4264cdb0eca97185d7fc1791bcf32279933
Author: Albert Astals Cid 
Date:   Mon Jan 9 22:52:01 2023 +0100

Update (C)

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index f9dd6c2f..3cf40973 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -17,6 +17,7 @@
 // Copyright 2021 Theofilos Intzoglou 
 // Copyright 2021 Marek Kasik 
 // Copyright 2022 Erich E. Hoover 
+// Copyright 2023 Tobias Deiminger 
 //
 //
 

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

New commits:
commit 4f8c8297d7190480500cdafe52c8777202229b30
Author: Tobias Deiminger 
Date:   Mon Jan 9 21:00:06 2023 +0100

Fix segfault on wrong nssdir

If SignatureHandler was used with a custom DB directory, but that
directory didn't exist or contained no valid DB, NSS crashed on
subsequent calls.

We can prevent crashes by calling NSS_NoDB_Init (as it's already done in
the default-DB case).

Fixes #1331.

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index e0579cae..f9dd6c2f 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -769,15 +769,15 @@ void SignatureHandler::setNSSDir(const GooString )
 homeNssDb.append("/.pki/nssdb");
 initSuccess = (NSS_Init(homeNssDb.c_str()) == SECSuccess);
 sNssDir = homeNssDb.toStr();
-if (!initSuccess) {
-NSS_NoDB_Init(nullptr);
-}
 }
 }
 
 if (initSuccess) {
 // Make sure NSS root certificates module is loaded
 SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0);
+} else {
+fprintf(stderr, "NSS_Init failed: %s\n", 
PR_ErrorToString(PORT_GetError(), PR_LANGUAGE_I_DEFAULT));
+NSS_NoDB_Init(nullptr);
 }
 }
 

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |3 +++
 1 file changed, 3 insertions(+)

New commits:
commit 184efabbaed7250903169627fbbaeb505ee2f51a
Author: Albert Astals Cid 
Date:   Mon Jun 6 11:23:51 2022 +0200

Signatures: Don't crash if the signature doesn't have a common name

Fixes KDE bug #454782

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 6538239a..3d5494c2 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -538,6 +538,9 @@ std::string SignatureHandler::getSignerName()
 }
 
 commonName = CERT_GetCommonName(_cert->subject);
+if (!commonName) {
+return {};
+}
 std::string name(commonName);
 PORT_Free(commonName);
 

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

New commits:
commit b02ecd63f279691913aa58ecf3524db95dc565aa
Author: Albert Astals Cid 
Date:   Fri Feb 4 00:24:47 2022 +0100

Windows: Better way to access Mozilla appdata

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 3032623a..9ad264a8 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -669,11 +669,11 @@ std::unique_ptr 
SignatureHandler::getCertificateInfo() cons
 static std::optional getDefaultFirefoxCertDB()
 {
 #ifdef _WIN32
-const char *env = getenv("USERPROFILE");
+const char *env = getenv("APPDATA");
 if (!env) {
 return {};
 }
-const std::string firefoxPath = std::string(env) + 
"/AppData/Roaming/Mozilla/Firefox/Profiles/";
+const std::string firefoxPath = std::string(env) + 
"/Mozilla/Firefox/Profiles/";
 #else
 const char *env = getenv("HOME");
 if (!env) {

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

New commits:
commit 373bad5cd0a8996beed271228e9131833a7ba8ce
Author: Albert Astals Cid 
Date:   Wed Feb 2 20:22:21 2022 +0100

Be more resiliant against env variables not being set

getenv can return null so don't crash (constructing a std::string from
null is not good) if that happens

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 22a620c6..3032623a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -669,9 +669,17 @@ std::unique_ptr 
SignatureHandler::getCertificateInfo() cons
 static std::optional getDefaultFirefoxCertDB()
 {
 #ifdef _WIN32
-const std::string firefoxPath = std::string(getenv("USERPROFILE")) + 
"/AppData/Roaming/Mozilla/Firefox/Profiles/";
+const char *env = getenv("USERPROFILE");
+if (!env) {
+return {};
+}
+const std::string firefoxPath = std::string(env) + 
"/AppData/Roaming/Mozilla/Firefox/Profiles/";
 #else
-const std::string firefoxPath = std::string(getenv("HOME")) + 
"/.mozilla/firefox/";
+const char *env = getenv("HOME");
+if (!env) {
+return {};
+}
+const std::string firefoxPath = std::string(env) + "/.mozilla/firefox/";
 #endif
 
 GDir firefoxDir(firefoxPath.c_str());

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 652ff5ea5ec6df2c4343ff730dee5e7893138104
Author: Albert Astals Cid 
Date:   Wed Feb 2 20:20:22 2022 +0100

Fix getting the home dir in Windows

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 43fc974e..22a620c6 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -669,7 +669,7 @@ std::unique_ptr 
SignatureHandler::getCertificateInfo() cons
 static std::optional getDefaultFirefoxCertDB()
 {
 #ifdef _WIN32
-const std::string firefoxPath = std::string(getenv("HOME")) + 
"/AppData/Roaming/Mozilla/Firefox/Profiles/";
+const std::string firefoxPath = std::string(getenv("USERPROFILE")) + 
"/AppData/Roaming/Mozilla/Firefox/Profiles/";
 #else
 const std::string firefoxPath = std::string(getenv("HOME")) + 
"/.mozilla/firefox/";
 #endif

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

New commits:
commit 602f39aa5c00f2dd2a61f1b4a781720ae3bc6070
Author: Albert Astals Cid 
Date:   Tue Feb 1 23:19:00 2022 +0100

Windows: Fix path where to look for firefox NSS DB

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 23c057f9..43fc974e 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -666,9 +666,13 @@ std::unique_ptr 
SignatureHandler::getCertificateInfo() cons
 }
 }
 
-static std::optional getDefaultFirefoxCertDB_Linux()
+static std::optional getDefaultFirefoxCertDB()
 {
+#ifdef _WIN32
+const std::string firefoxPath = std::string(getenv("HOME")) + 
"/AppData/Roaming/Mozilla/Firefox/Profiles/";
+#else
 const std::string firefoxPath = std::string(getenv("HOME")) + 
"/.mozilla/firefox/";
+#endif
 
 GDir firefoxDir(firefoxPath.c_str());
 std::unique_ptr entry;
@@ -706,7 +710,7 @@ void SignatureHandler::setNSSDir(const GooString )
 initSuccess = (NSS_Init(nssDir.c_str()) == SECSuccess);
 sNssDir = nssDir.toStr();
 } else {
-const std::optional certDBPath = 
getDefaultFirefoxCertDB_Linux();
+const std::optional certDBPath = 
getDefaultFirefoxCertDB();
 if (!certDBPath) {
 initSuccess = (NSS_Init("sql:/etc/pki/nssdb") == SECSuccess);
 sNssDir = "sql:/etc/pki/nssdb";

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

New commits:
commit 799848525e9f07b8ff7de1fb6d41cb082de364e6
Author: Albert Astals Cid 
Date:   Tue Jan 18 15:41:56 2022 +0100

SignatureHandler: Fix crashes on Windows

We should not use SEC_ASN1_XTRN since on Windows that means
SEC_ASN1_DYNAMIC which means the third parameter is a function.

IssuerSerialTemplate is not a function

SECOID_AlgorithmIDTemplate was a function, but that was also a mistake
since it's defined as a template in secoid.h

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 36b970a1..23c057f9 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -31,6 +31,7 @@
 
 /* NSS headers */
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -193,12 +194,10 @@ const SEC_ASN1Template IssuerSerialTemplate[] = {
  * }
  */
 
-SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
-
 const SEC_ASN1Template ESSCertIDv2Template[] = { { SEC_ASN1_SEQUENCE, 0, 
nullptr, sizeof(ESSCertIDv2) },
- { SEC_ASN1_INLINE | 
SEC_ASN1_XTRN, offsetof(ESSCertIDv2, hashAlgorithm), 
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), 0 },
+ { SEC_ASN1_INLINE, 
offsetof(ESSCertIDv2, hashAlgorithm), SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), 
0 },
  { SEC_ASN1_OCTET_STRING, 
offsetof(ESSCertIDv2, certHash), nullptr, 0 },
- { SEC_ASN1_INLINE | 
SEC_ASN1_XTRN, offsetof(ESSCertIDv2, issuerSerial), IssuerSerialTemplate, 0 },
+ { SEC_ASN1_INLINE, 
offsetof(ESSCertIDv2, issuerSerial), IssuerSerialTemplate, 0 },
  { 0, 0, nullptr, 0 } };
 
 /**

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

New commits:
commit 4d921bd83945b803f1ea3724d1d841e2138e2a05
Author: Albert Astals Cid 
Date:   Thu Jan 13 17:34:05 2022 +0100

SignatureHandler: Access CERT_NameTemplate in a Windows/Android compatible 
way

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 41e89970..7cbbeb48 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -6,7 +6,7 @@
 //
 // Copyright 2015, 2016 André Guerreiro 
 // Copyright 2015 André Esser 
-// Copyright 2015, 2016, 2018, 2019, 2021 Albert Astals Cid 
+// Copyright 2015, 2016, 2018, 2019, 2021, 2022 Albert Astals Cid 

 // Copyright 2015 Markus Kilås 
 // Copyright 2017 Sebastian Rasmussen 
 // Copyright 2017 Hans-Ulrich Jüttner 
@@ -164,7 +164,7 @@ struct SigningCertificateV2
  *  registeredID[8] OBJECT IDENTIFIER
  * }
  */
-const SEC_ASN1Template GeneralNameTemplate[] = { { SEC_ASN1_SEQUENCE, 0, 
nullptr, sizeof(GeneralName) }, { SEC_ASN1_INLINE, offsetof(GeneralName, name), 
CERT_NameTemplate, 0 }, { 0, 0, nullptr, 0 } };
+const SEC_ASN1Template GeneralNameTemplate[] = { { SEC_ASN1_SEQUENCE, 0, 
nullptr, sizeof(GeneralName) }, { SEC_ASN1_INLINE, offsetof(GeneralName, name), 
SEC_ASN1_GET(CERT_NameTemplate), 0 }, { 0, 0, nullptr, 0 } };
 
 /**
  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |2 ++
 1 file changed, 2 insertions(+)

New commits:
commit 03c0bb79945822cbe1e342a28aec8949eed843dd
Author: Albert Astals Cid 
Date:   Fri May 10 23:45:12 2019 +0200

Fix small memory leak in SignatureHandler::getCertificateInfo

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 0afc1593..123dee7d 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -190,6 +190,8 @@ std::unique_ptr 
SignatureHandler::getCertificateInfo() cons
   certInfo->setCertificateDER(SECItemToGooString(cert->derCert));
   certInfo->setIsSelfSigned(CERT_CompareName(>subject, >issuer) == 
SECEqual);
 
+  SECKEY_DestroyPublicKey(pk);
+
   return certInfo;
 }
 
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

New commits:
commit eaeac5c7dba6f53acef3f0be6b226facecfc5f28
Author: Albert Astals Cid 
Date:   Fri May 10 23:28:02 2019 +0200

Fix crash on signature handling

Since we only call NSS_Init once, we should only call NSS_Shutdown once.

Do it via atexit

Fixes issue #766

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index c8258403..0afc1593 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -26,6 +26,13 @@
 #include 
 #include 
 
+static void shutdownNss()
+{
+  if (NSS_Shutdown() != SECSuccess) {
+fprintf(stderr, "NSS_Shutdown failed: %s\n", 
PR_ErrorToString(PORT_GetError(), PR_LANGUAGE_I_DEFAULT));
+  }
+}
+
 unsigned int SignatureHandler::digestLength(SECOidTag digestAlgId)
 {
   switch(digestAlgId){
@@ -232,6 +239,8 @@ void SignatureHandler::setNSSDir(const GooString )
 
   setNssDirCalled = true;
 
+  atexit(shutdownNss);
+
   bool initSuccess = false;
   if (nssDir.getLength() > 0) {
 initSuccess = (NSS_Init(nssDir.c_str()) == SECSuccess);
@@ -305,9 +314,6 @@ SignatureHandler::~SignatureHandler()
 HASH_Destroy(hash_context);
 
   free(temp_certs);
-
-  if (NSS_Shutdown()!=SECSuccess)
-fprintf(stderr, "Detail: %s\n", PR_ErrorToString(PORT_GetError(), 
PR_LANGUAGE_I_DEFAULT));
 }
 
 NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem * cms_item)
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |7 +++
 1 file changed, 7 insertions(+)

New commits:
commit 33befc25c42ff52e44ffd857a4a114b180a952e4
Author: Albert Astals Cid 
Date:   Fri Mar 1 17:46:55 2019 +0100

SignatureHandler: Fix crash on broken files

Issue #732

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 18033b48..c8258403 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -49,6 +49,10 @@ char *SignatureHandler::getSignerName()
   return nullptr;
 
   CERTCertificate *cert = 
NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, CERT_GetDefaultCertDB());
+
+  if (!cert)
+  return nullptr;
+
   return CERT_GetCommonName(>subject);
 }
 
@@ -397,6 +401,9 @@ SignatureValidationStatus 
SignatureHandler::validateSignature()
   if (!NSS_IsInitialized())
 return SIGNATURE_GENERIC_ERROR;
 
+  if (!hash_context)
+return SIGNATURE_GENERIC_ERROR;
+
   digest_buffer = (unsigned char *)PORT_Alloc(hash_length);
   unsigned int result_len = 0;
 
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h poppler/SignatureInfo.cc utils/pdfsig.1 utils/pdfsig.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   56 +---
 poppler/SignatureHandler.h  |9 ---
 poppler/SignatureInfo.cc|4 +--
 utils/pdfsig.1  |   15 ++-
 utils/pdfsig.cc |   12 +++--
 5 files changed, 68 insertions(+), 28 deletions(-)

New commits:
commit 7486e4995d66f1a8676f3e65e408e8cdab049f6b
Author: Albert Astals Cid 
Date:   Wed Jan 16 22:56:42 2019 +0100

pdfsig: add -nssdir option

Contains code inspired in code by Hans-Ulrich Jüttner and Adrian Johnson

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index f616afbb..18033b48 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -45,7 +45,7 @@ unsigned int SignatureHandler::digestLength(SECOidTag 
digestAlgId)
 
 char *SignatureHandler::getSignerName()
 {
-  if (!CMSSignerInfo)
+  if (!CMSSignerInfo || !NSS_IsInitialized())
   return nullptr;
 
   CERTCertificate *cert = 
NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, CERT_GetDefaultCertDB());
@@ -182,8 +182,7 @@ std::unique_ptr 
SignatureHandler::getCertificateInfo() cons
   return certInfo;
 }
 
-
-GooString *SignatureHandler::getDefaultFirefoxCertDB_Linux()
+static GooString *getDefaultFirefoxCertDB_Linux()
 {
   GooString * finalPath = nullptr;
   DIR *toSearchIn;
@@ -215,27 +214,45 @@ GooString 
*SignatureHandler::getDefaultFirefoxCertDB_Linux()
 /**
  * Initialise NSS
  */
-void SignatureHandler::init_nss()
+void SignatureHandler::setNSSDir(const GooString )
 {
-  GooString *certDBPath = getDefaultFirefoxCertDB_Linux();
+  static bool setNssDirCalled = false;
+
+  if (NSS_IsInitialized() && nssDir.getLength() > 0) {
+error(errInternal, 0, "You need to call setNSSDir before signature 
validation related operations happen");
+return;
+  }
+
+  if (setNssDirCalled)
+return;
+
+  setNssDirCalled = true;
+
   bool initSuccess = false;
-  if (certDBPath == nullptr) {
-initSuccess = (NSS_Init("sql:/etc/pki/nssdb") == SECSuccess);
+  if (nssDir.getLength() > 0) {
+initSuccess = (NSS_Init(nssDir.c_str()) == SECSuccess);
   } else {
-initSuccess = (NSS_Init(certDBPath->c_str()) == SECSuccess);
-  }
-  if (!initSuccess) {
-GooString homeNssDb(getenv("HOME"));
-homeNssDb.append("/.pki/nssdb");
-initSuccess = (NSS_Init(homeNssDb.c_str()) == SECSuccess);
+GooString *certDBPath = getDefaultFirefoxCertDB_Linux();
+if (certDBPath == nullptr) {
+  initSuccess = (NSS_Init("sql:/etc/pki/nssdb") == SECSuccess);
+} else {
+  initSuccess = (NSS_Init(certDBPath->c_str()) == SECSuccess);
+}
 if (!initSuccess) {
-  NSS_NoDB_Init(nullptr);
+  GooString homeNssDb(getenv("HOME"));
+  homeNssDb.append("/.pki/nssdb");
+  initSuccess = (NSS_Init(homeNssDb.c_str()) == SECSuccess);
+  if (!initSuccess) {
+   NSS_NoDB_Init(nullptr);
+  }
 }
+delete certDBPath;
   }
-  //Make sure NSS root certificates module is loaded
-  SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0);
 
-  delete certDBPath;
+  if (initSuccess) {
+//Make sure NSS root certificates module is loaded
+SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0);
+  }
 }
 
 
@@ -246,7 +263,7 @@ SignatureHandler::SignatureHandler(unsigned char *p7, int 
p7_length)
CMSSignerInfo(nullptr),
temp_certs(nullptr)
 {
-  init_nss();
+  setNSSDir({});
   CMSitem.data = p7;
   CMSitem.len = p7_length;
   CMSMessage = CMS_MessageCreate();
@@ -377,6 +394,9 @@ SignatureValidationStatus 
SignatureHandler::validateSignature()
   if (!CMSSignedData)
 return SIGNATURE_GENERIC_ERROR;
 
+  if (!NSS_IsInitialized())
+return SIGNATURE_GENERIC_ERROR;
+
   digest_buffer = (unsigned char *)PORT_Alloc(hash_length);
   unsigned int result_len = 0;
 
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index f49d4286..40ca990c 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -49,13 +49,16 @@ public:
   CertificateValidationStatus validateCertificate(time_t validation_time);
   std::unique_ptr getCertificateInfo() const;
 
+  // Initializes the NSS dir with the custom given directory
+  // calling it with an empty string means use the default firefox db, 
/etc/pki/nssdb, ~/.pki/nssdb
+  // If you don't want a custom NSS dir and the default entries are fine for 
you, not calling this function is fine
+  // If wanted, this has to be called before doing signature validation calls
+  static void setNSSDir(const GooString );
+
 private:
   SignatureHandler(const SignatureHandler &);
   SignatureHandler& operator=(const SignatureHandler &);
 
-  void init_nss();
-
-  GooString * getDefaultFirefoxCertDB_Linux();
   unsigned int digestLength(SECOidTag digestAlgId);
   NSSCMSMessage *CMS_MessageCreate(SECItem * cms_item);
   NSSCMSSignedData *CMS_SignedDataCreate(NSSCMSMessage * cms_msg);
diff --git a/poppler/SignatureInfo.cc b/poppler/SignatureInfo.cc
index b48ce146..3ab6f91f 100644
--- 

[poppler] poppler/SignatureHandler.cc

[GitLab Mirror]

 poppler/SignatureHandler.cc |   13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

New commits:
commit a85c2ed8f4359341adb94887c4b551a761244fdb
Author: Albert Astals Cid 
Date:   Sat Nov 17 19:29:16 2018 +0100

Be more stubborn looking for a nssdb

Fixes issue #669

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index aedccf7a..6c510229 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -114,10 +114,19 @@ GooString 
*SignatureHandler::getDefaultFirefoxCertDB_Linux()
 void SignatureHandler::init_nss() 
 {
   GooString *certDBPath = getDefaultFirefoxCertDB_Linux();
+  bool initSuccess = false;
   if (certDBPath == nullptr) {
-NSS_Init("sql:/etc/pki/nssdb");
+initSuccess = (NSS_Init("sql:/etc/pki/nssdb") == SECSuccess);
   } else {
-NSS_Init(certDBPath->c_str());
+initSuccess = (NSS_Init(certDBPath->c_str()) == SECSuccess);
+  }
+  if (!initSuccess) {
+GooString homeNssDb(getenv("HOME"));
+homeNssDb.append("/.pki/nssdb");
+initSuccess = (NSS_Init(homeNssDb.c_str()) == SECSuccess);
+if (!initSuccess) {
+  NSS_NoDB_Init(nullptr);
+}
   }
   //Make sure NSS root certificates module is loaded
   SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0);
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/SignatureHandler.cc

[Albert Astals Cid]

 poppler/SignatureHandler.cc |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 71645d9e76f9bb075ae9b6599d281b8382e86e67
Author: Albert Astals Cid 
Date:   Mon Jul 23 00:21:40 2018 +0200

Add (C) for the last commits

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index f748d153..a98e3f79 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -6,7 +6,7 @@
 //
 // Copyright 2015, 2016 André Guerreiro 
 // Copyright 2015 André Esser 
-// Copyright 2015, 2016 Albert Astals Cid 
+// Copyright 2015, 2016, 2018 Albert Astals Cid 
 // Copyright 2015 Markus Kilås 
 // Copyright 2017 Sebastian Rasmussen 
 // Copyright 2017 Hans-Ulrich Jüttner 
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/SignatureHandler.cc

[Albert Astals Cid]

 poppler/SignatureHandler.cc |   14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

New commits:
commit 4db6507320b51e060f73f7fb0eab364e8a1fee77
Author: Sebastian Rasmussen 
Date:   Wed Jan 11 23:37:54 2017 +0100

Check for error from NSS in SignatureHandler construct.

And cascading effects in other SignalHandler members.

Bug #99363

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index a5132a4..71644e5 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -8,6 +8,7 @@
 // Copyright 2015 André Esser 
 // Copyright 2015, 2016 Albert Astals Cid 
 // Copyright 2015 Markus Kilås 
+// Copyright 2017 Sebastian Rasmussen 
 //
 //
 
@@ -105,7 +106,8 @@ void SignatureHandler::init_nss()
 
 
 SignatureHandler::SignatureHandler(unsigned char *p7, int p7_length)
- : CMSMessage(NULL),
+ : hash_context(NULL),
+   CMSMessage(NULL),
CMSSignedData(NULL),
CMSSignerInfo(NULL),
temp_certs(NULL)
@@ -115,8 +117,10 @@ SignatureHandler::SignatureHandler(unsigned char *p7, int 
p7_length)
   CMSitem.len = p7_length;
   CMSMessage = CMS_MessageCreate();
   CMSSignedData = CMS_SignedDataCreate(CMSMessage);
-  CMSSignerInfo = CMS_SignerInfoCreate(CMSSignedData);
-  hash_context = initHashContext();
+  if (CMSSignedData) {
+CMSSignerInfo = CMS_SignerInfoCreate(CMSSignedData);
+hash_context = initHashContext();
+  }
 }
 
 HASHContext * SignatureHandler::initHashContext()
@@ -131,7 +135,9 @@ HASHContext * SignatureHandler::initHashContext()
 
 void SignatureHandler::updateHash(unsigned char * data_block, int data_len)
 {
-  HASH_Update(hash_context, data_block, data_len);
+  if (hash_context) {
+HASH_Update(hash_context, data_block, data_len);
+  }
 }
 
 SignatureHandler::~SignatureHandler()
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[Albert Astals Cid]

 poppler/SignatureHandler.cc |2 +-
 poppler/SignatureHandler.h  |   22 +-
 2 files changed, 10 insertions(+), 14 deletions(-)

New commits:
commit 7cf52e56677e11b15d610017bccd0cc3f74badaf
Author: Emmanuele Bassi 
Date:   Wed Mar 2 04:38:52 2016 +

Use correct includes for NSPR/NSS headers

The header files provided by NSS3 are inside versioned directories,
`$includedir/nss3` and `$includedir/nspr4`, which are provided by the
nss3 pkg-config file as include directives for the compiler.

We can also use nspr.h as a single entry point, to avoid cherry picking
specific headers.

https://bugzilla.freedesktop.org/show_bug.cgi?id=94360

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 01496e3..21d9c4d 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -15,7 +15,7 @@
 
 #include "SignatureHandler.h"
 #include "goo/gmem.h"
-#include 
+#include 
 
 #include 
 #include 
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index e6ace24..8e2a4da 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -17,21 +17,17 @@
 #include "SignatureInfo.h"
 
 /* NSPR Headers */
-#include 
-#include 
-#include 
-#include 
-#include 
+#include 
 
 /* NSS headers */
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
 
 class SignatureHandler
 {
___
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler