[Libreoffice-commits] core.git: vcl/source

Tor Lillqvist tml at collabora.com
Fri Dec 12 08:08:51 PST 2014


 vcl/source/gdi/pdfwriter_impl.cxx |   39 +++++++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 13 deletions(-)

New commits:
commit cbf0c9f8332be9abfed6016f9708e3260331eb2d
Author: Tor Lillqvist <tml at collabora.com>
Date:   Fri Dec 12 17:57:19 2014 +0200

    Tentative fix for fdo#83937
    
    One clear bug in the code, in my opinion, was that
    PDFSigningPKCS7PasswordCallback() returned its argument as such. However, a
    PK11PasswordFunc should return "a pointer to the password. This memory must
    have been allocated with PR_Malloc or PL_strdup", says
    https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_functions/pkfnc.html
    .
    
    I could not test this fix fully before my hardware token decided to block
    itself, thanks to too many wrong PIN attempts. Possibly it would work to even
    just pass NULL for the password callback function and its argument to
    NSS_CMSEncoder_Start(). After all, at least with the hardware token and
    associated software that I tested with, the software itself pops up a dialog
    asking for the PIN (password).
    
    Change-Id: I85a8b2833cfdd1a1d7b7779016fefb71dd53ab80

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 457af31..72c8f2e 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -5980,20 +5980,22 @@ bool PDFWriterImpl::emitSignature()
 
 #if !defined(ANDROID) && !defined(IOS) && !defined(_WIN32)
 
+namespace {
+
 char *PDFSigningPKCS7PasswordCallback(PK11SlotInfo * /*slot*/, PRBool /*retry*/, void *arg)
 {
-    return (char *)arg;
+    return PL_strdup((char *)arg);
 }
 
-namespace {
-    class HashContextScope {
-        HASHContext *mpPtr;
-    public:
-        HashContextScope(HASHContext *pPtr) : mpPtr(pPtr) {}
-        ~HashContextScope() { clear(); }
-        void clear() { if (mpPtr) { HASH_Destroy(mpPtr); } mpPtr = NULL; }
-        HASHContext *get() { return mpPtr; }
-    };
+class HashContextScope {
+    HASHContext *mpPtr;
+public:
+    HashContextScope(HASHContext *pPtr) : mpPtr(pPtr) {}
+    ~HashContextScope() { clear(); }
+    void clear() { if (mpPtr) { HASH_Destroy(mpPtr); } mpPtr = NULL; }
+    HASHContext *get() { return mpPtr; }
+};
+
 }
 
 #endif
@@ -6109,8 +6111,6 @@ bool PDFWriterImpl::finalizeSignature()
     HASH_End(hc.get(), digest.data, &digest.len, SHA1_LENGTH);
     hc.clear();
 
-    OString pass = OUStringToOString( m_aContext.SignPassword, RTL_TEXTENCODING_UTF8 );
-
     NSSCMSMessage *cms_msg = NSS_CMSMessage_Create(NULL);
     if (!cms_msg)
     {
@@ -6184,20 +6184,33 @@ bool PDFWriterImpl::finalizeSignature()
     NSSCMSEncoderContext *cms_ecx;
 
     //FIXME: Check if password is passed correctly to SEC_PKCS7CreateSignedData function
-    cms_ecx = NSS_CMSEncoder_Start(cms_msg, NULL, NULL, &cms_output, arena, (PK11PasswordFunc)::PDFSigningPKCS7PasswordCallback, (void *)pass.getStr(), NULL, NULL, NULL, NULL);
+
+    // Inded, it was not, I think, and that caused a crash as described in fdo#83937.
+    // Unfortunately I could not test this fix fully before my hardware token decided to
+    // block itself thanks to too many wrong PIN attempts. Possibly it would work to
+    // even just pass NULL for the password callback function and its argument here.
+    // After all, at least with the hardware token and associated software I tested
+    // with, the software itself pops up a dialog asking for the PIN (password).
+
+    char *pass(strdup(OUStringToOString( m_aContext.SignPassword, RTL_TEXTENCODING_UTF8 ).getStr()));
+    cms_ecx = NSS_CMSEncoder_Start(cms_msg, NULL, NULL, &cms_output, arena, PDFSigningPKCS7PasswordCallback, pass, NULL, NULL, NULL, NULL);
 
     if (!cms_ecx)
     {
         SAL_WARN("vcl.pdfwriter", "PDF Signing: can't start DER encoder.");
+        free(pass);
         return false;
     }
 
     if (NSS_CMSEncoder_Finish(cms_ecx) != SECSuccess)
     {
         SAL_WARN("vcl.pdfwriter", "PDF Signing: can't finish DER encoder.");
+        free(pass);
         return false;
     }
 
+    free(pass);
+
     OStringBuffer cms_hexbuffer;
 
     for (unsigned int i = 0; i < cms_output.len ; i++)


More information about the Libreoffice-commits mailing list