[poppler] utils/pdfsig.cc

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Mon Sep 20 09:53:14 UTC 2021


 utils/pdfsig.cc |   37 ++++++++++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 11 deletions(-)

New commits:
commit 6bdf5710b0fb13bddc1d31c32d6622516221151d
Author: Albert Astals Cid <aacid at kde.org>
Date:   Mon Sep 20 11:45:05 2021 +0200

    pdfsig: Don't infinite loop if the NSS password given is wrong

diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc
index 3abe7287..cf2c3d6d 100644
--- a/utils/pdfsig.cc
+++ b/utils/pdfsig.cc
@@ -169,26 +169,41 @@ static void print_version_usage(bool usage)
     }
 }
 
-static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates(bool *passwordNeeded)
+static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates(bool *error)
 {
-    *passwordNeeded = false;
-    auto passwordCallback = [&passwordNeeded](const char *) -> char * {
+    bool wrongPassword = false;
+    bool passwordNeeded = false;
+    auto passwordCallback = [&passwordNeeded, &wrongPassword](const char *) -> char * {
+        static bool firstTime = true;
+        if (!firstTime) {
+            wrongPassword = true;
+            return nullptr;
+        }
+        firstTime = false;
         if (nssPassword.getLength() > 0) {
             return strdup(nssPassword.c_str());
         } else {
-            *passwordNeeded = true;
+            passwordNeeded = true;
             return nullptr;
         }
     };
     SignatureHandler::setNSSPasswordCallback(passwordCallback);
     std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = SignatureHandler::getAvailableSigningCertificates();
     SignatureHandler::setNSSPasswordCallback({});
-    if (*passwordNeeded) {
+    if (passwordNeeded) {
+        *error = true;
         printf("Password is needed to access the NSS database.\n");
         printf("\tPlease provide one with -nss-pwd.\n");
         return {};
     }
+    if (wrongPassword) {
+        *error = true;
+        printf("Password was not accepted to open the NSS database.\n");
+        printf("\tPlease provide the correct one with -nss-pwd.\n");
+        return {};
+    }
 
+    *error = false;
     return vCerts;
 }
 
@@ -219,9 +234,9 @@ int main(int argc, char *argv[])
     SignatureHandler::setNSSDir(nssDir);
 
     if (listNicknames) {
-        bool passwordNeeded;
-        const std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = getAvailableSigningCertificates(&passwordNeeded);
-        if (passwordNeeded) {
+        bool getCertsError;
+        const std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = getAvailableSigningCertificates(&getCertsError);
+        if (getCertsError) {
             return 2;
         } else {
             if (vCerts.empty()) {
@@ -286,10 +301,10 @@ int main(int argc, char *argv[])
             return 2;
         }
 
-        bool passwordNeeded;
+        bool getCertsError;
         // We need to call this otherwise NSS spins forever
-        getAvailableSigningCertificates(&passwordNeeded);
-        if (passwordNeeded) {
+        getAvailableSigningCertificates(&getCertsError);
+        if (getCertsError) {
             return 2;
         }
 


More information about the poppler mailing list