[Libreoffice-commits] core.git: xmlsecurity/source
Stephan Bergmann
sbergman at redhat.com
Mon Jul 4 13:44:31 UTC 2016
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 46 +++++++-------
1 file changed, 26 insertions(+), 20 deletions(-)
New commits:
commit 321b8ff86ba623b92aab5608eb94385e56823b65
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Mon Jul 4 15:38:33 2016 +0200
Bad cast from SanExtensionImpl to CertificateExtension_XmlSecImpl
...both ultimately derive from css::security::XCertificateExtension, but that is
all they have in common. The special handling of 2.5.29.17 (and thus the bad
casts) was introduced with d5feca7dcd9b2de4332c6b53657f6f5acbeb7b9a
"tkr38: #i112307# Support for x509 v3 Subject Alternative Name extension added".
Lets assume that it was an oversight there that setCertExtn (which is a function
of CertificateExtension_XmlSecImpl, not inherited from a---common---base class)
should not be called on such special-case SanExtensionImpl instances.
Change-Id: I96cfd42f606c79920d1548f323b68f17ff4e9081
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 392d1b9..86f256b 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -28,6 +28,7 @@
#include <sal/config.h>
#include <comphelper/servicehelper.hxx>
+#include <rtl/ref.hxx>
#include "x509certificate_nssimpl.hxx"
#include "certificateextension_xmlsecimpl.hxx"
@@ -178,8 +179,6 @@ css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectUniqu
css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl::getExtensions() throw ( css::uno::RuntimeException, std::exception) {
if( m_pCert != nullptr && m_pCert->extensions != nullptr ) {
CERTCertExtension** extns ;
- CertificateExtension_XmlSecImpl* pExtn ;
- bool crit ;
int len ;
for( len = 0, extns = m_pCert->extensions; *extns != nullptr; len ++, extns ++ ) ;
@@ -198,17 +197,21 @@ css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension >
objID = oidString;
if ( objID.equals("2.5.29.17") )
- pExtn = reinterpret_cast<CertificateExtension_XmlSecImpl*>(new SanExtensionImpl());
+ xExtns[len] = reinterpret_cast<CertificateExtension_XmlSecImpl*>(new SanExtensionImpl());
else
- pExtn = new CertificateExtension_XmlSecImpl() ;
+ {
+ CertificateExtension_XmlSecImpl* pExtn
+ = new CertificateExtension_XmlSecImpl() ;
- if( (*extns)->critical.data == nullptr )
- crit = false ;
- else
- crit = (*extns)->critical.data[0] == 0xFF;
- pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, reinterpret_cast<unsigned char *>(const_cast<char *>(objID.getStr())), objID.getLength(), crit ) ;
+ bool crit ;
+ if( (*extns)->critical.data == nullptr )
+ crit = false ;
+ else
+ crit = (*extns)->critical.data[0] == 0xFF;
+ pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, reinterpret_cast<unsigned char *>(const_cast<char *>(objID.getStr())), objID.getLength(), crit ) ;
- xExtns[len] = pExtn ;
+ xExtns[len] = pExtn ;
+ }
}
return xExtns ;
@@ -219,28 +222,31 @@ css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension >
css::uno::Reference< css::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl::findCertificateExtension( const css::uno::Sequence< sal_Int8 >& oid ) throw (css::uno::RuntimeException, std::exception) {
if( m_pCert != nullptr && m_pCert->extensions != nullptr ) {
- CertificateExtension_XmlSecImpl* pExtn ;
CERTCertExtension** extns ;
SECItem idItem ;
- bool crit ;
idItem.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(oid.getConstArray()));
idItem.len = oid.getLength() ;
- pExtn = nullptr ;
+ css::uno::Reference<css::security::XCertificateExtension> pExtn;
for( extns = m_pCert->extensions; *extns != nullptr; extns ++ ) {
if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
const SECItem id = (*extns)->id;
OString objId(CERT_GetOidString(&id));
if ( objId.equals("OID.2.5.29.17") )
- pExtn = reinterpret_cast<CertificateExtension_XmlSecImpl*>(new SanExtensionImpl());
+ pExtn = new SanExtensionImpl();
else
- pExtn = new CertificateExtension_XmlSecImpl() ;
- if( (*extns)->critical.data == nullptr )
- crit = false ;
- else
- crit = (*extns)->critical.data[0] == 0xFF;
- pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+ {
+ rtl::Reference<CertificateExtension_XmlSecImpl> x(
+ new CertificateExtension_XmlSecImpl());
+ bool crit ;
+ if( (*extns)->critical.data == nullptr )
+ crit = false ;
+ else
+ crit = (*extns)->critical.data[0] == 0xFF;
+ x->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+ pExtn = x.get();
+ }
break;
}
}
More information about the Libreoffice-commits
mailing list