[Libreoffice-commits] core.git: 2 commits - vcl/source

Tor Lillqvist tml at collabora.com
Wed Mar 11 15:48:12 PDT 2015 

 vcl/source/gdi/pdfwriter_impl.cxx |   25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

New commits:
commit 33434f47ac44f5cb4612a11b1c28c4582976cb25
Author: Tor Lillqvist <tml at collabora.com>
Date:   Thu Mar 12 00:31:18 2015 +0200

    Fix crash when timestamping PDF signature
    
    Using the NSS API for CMS and ASN.1-based stuff in general correctly is
    extremely hard. It is very easy to do things slightly wrong. Of course no
    compiler warnings are produced. You just get code that happens to work by
    accident when compiled with one compiler, but not another, or depending on
    contents of uninitialised memory, or the phase of the moon.
    
    The problem was that the "values" field of a NSSCMSAttribute struct apparently
    is supposed to point to *two* SECItem pointers, one pointing to the actual
    value, and a NULL one.
    
    Anyway, now valgrind finally does not complain about any use of uninitialised
    memory.
    
    Most likely my earlier recent commits to this file were not necessary after
    all. They just seemed to help by accident, at least at one stage. But
    whatever...
    
    Change-Id: Ic98401b5d151bbb2398f809f47699f670e9720fa

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index bc29a4e..fc44073 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6893,7 +6893,9 @@ bool PDFWriterImpl::finalizeSignature()
     SECItem response_item;
     NSSCMSAttribute timestamp;
     SECItem values[2];
-    SECItem *valuesp = values;
+    SECItem *valuesp[2];
+    valuesp[0] = values;
+    valuesp[1] = NULL;
     SECOidData typetag;
 
     if( !m_aContext.SignTSA.isEmpty() )
@@ -7149,12 +7151,15 @@ bool PDFWriterImpl::finalizeSignature()
 
         // timestamp.type filled in below
 
+        // Not sure if we actually need two entries in the values array, now when valuesp is an
+        // array too, the pointer to the values array followed by a null pointer. But I don't feel
+        // like experimenting.
         values[0] = response.timeStampToken;
         values[1].type = siBuffer;
         values[1].data = NULL;
         values[1].len = 0;
 
-        timestamp.values = &valuesp;
+        timestamp.values = valuesp;
 
         typetag.oid.data = NULL;
         // id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1)
commit 20e5de21225bfd2b55fcff6afcc235b035b38134
Author: Tor Lillqvist <tml at collabora.com>
Date:   Wed Mar 11 22:31:47 2015 +0200

    Don't bother with macros that are dummy on Unix in Unix-only code
    
    In NSS's <secasn1t.h>, for non-Windows:
    
     #define SEC_ASN1_SUB(x)        x
     #define SEC_ASN1_XTRN          0
     #define SEC_ASN1_MKSUB(x)
    
    Change-Id: Ie42d881cebffdd060309d6a15d8d9c319c260699

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index df2e74e..bc29a4e 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6299,16 +6299,10 @@ TimeStampResp ::= SEQUENCE  {
      timeStampToken TimeStampToken OPTIONAL  }
 */
 
-SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
-SEC_ASN1_MKSUB(MessageImprint_Template)
-SEC_ASN1_MKSUB(Extensions_Template)
-SEC_ASN1_MKSUB(PKIStatusInfo_Template)
-SEC_ASN1_MKSUB(Any_Template)
-
 const SEC_ASN1Template MessageImprint_Template[] =
 {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(MessageImprint) },
-    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(MessageImprint, hashAlgorithm), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), 0 },
+    { SEC_ASN1_INLINE, offsetof(MessageImprint, hashAlgorithm), SECOID_AlgorithmIDTemplate, 0 },
     { SEC_ASN1_OCTET_STRING, offsetof(MessageImprint, hashedMessage), 0, 0 },
     { 0, 0, 0, 0 }
 };
@@ -6331,11 +6325,11 @@ const SEC_ASN1Template TimeStampReq_Template[] =
 {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(TimeStampReq) },
     { SEC_ASN1_INTEGER, offsetof(TimeStampReq, version), 0, 0 },
-    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(TimeStampReq, messageImprint), SEC_ASN1_SUB(MessageImprint_Template), 0 },
+    { SEC_ASN1_INLINE, offsetof(TimeStampReq, messageImprint), MessageImprint_Template, 0 },
     { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, reqPolicy), 0, 0 },
     { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, nonce), 0, 0 },
     { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, certReq), 0, 0 },
-    { SEC_ASN1_XTRN | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(TimeStampReq, extensions), SEC_ASN1_SUB(Extensions_Template), 0 },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(TimeStampReq, extensions), Extensions_Template, 0 },
     { 0, 0, 0, 0 }
 };
 
@@ -6367,8 +6361,8 @@ typedef struct {
 const SEC_ASN1Template TimeStampResp_Template[] =
 {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(TimeStampResp) },
-    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(TimeStampResp, status), SEC_ASN1_SUB(PKIStatusInfo_Template), 0 },
-    { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL, offsetof(TimeStampResp, timeStampToken), SEC_ASN1_SUB(Any_Template), 0 },
+    { SEC_ASN1_INLINE, offsetof(TimeStampResp, status), PKIStatusInfo_Template, 0 },
+    { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL, offsetof(TimeStampResp, timeStampToken), Any_Template, 0 },
     { 0, 0, 0, 0 }
 };

More information about the Libreoffice-commits mailing list