[poppler] poppler/SignatureHandler.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Mar 13 14:37:48 UTC 2023
poppler/SignatureHandler.cc | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
New commits:
commit bd533d75bb171dada6fa9e9fdc5bdc3e42824b97
Author: Sune Vuorela <sune at vuorela.dk>
Date: Mon Mar 13 14:21:23 2023 +0100
Put the arenapool in a unique_ptr
Also allocate it a bit earlier to use it for a few other entries that
might otherwise else be leaked in certain error conditions
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index b56b23b5..9979119a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -212,7 +212,7 @@ static void shutdownNss()
// SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are
// not exported from libsmime, so copy them here. Sigh.
-static SECStatus my_SEC_StringToOID(SECItem *to, const char *from, PRUint32 len)
+static SECStatus my_SEC_StringToOID(PLArenaPool *arena, SECItem *to, const char *from, PRUint32 len)
{
PRUint32 decimal_numbers = 0;
PRUint32 result_bytes = 0;
@@ -305,7 +305,7 @@ static SECStatus my_SEC_StringToOID(SECItem *to, const char *from, PRUint32 len)
SECItem result_item = { siBuffer, nullptr, 0 };
result_item.data = result;
result_item.len = result_bytes;
- rv = SECITEM_CopyItem(nullptr, to, &result_item);
+ rv = SECITEM_CopyItem(arena, to, &result_item);
}
return rv;
}
@@ -1097,13 +1097,19 @@ std::unique_ptr<GooString> SignatureHandler::signDetached(const char *password)
return nullptr;
}
+ struct PLArenaFreeFalse
+ {
+ void operator()(PLArenaPool *arena) { PORT_FreeArena(arena, PR_FALSE); }
+ };
+ std::unique_ptr<PLArenaPool, PLArenaFreeFalse> arena { PORT_NewArena(10000) };
+
// Add the signing certificate as a signed attribute.
ESSCertIDv2 *aCertIDs[2];
ESSCertIDv2 aCertID;
// Write ESSCertIDv2.hashAlgorithm.
aCertID.hashAlgorithm.algorithm.data = nullptr;
aCertID.hashAlgorithm.parameters.data = nullptr;
- SECOID_SetAlgorithmID(nullptr, &aCertID.hashAlgorithm, SEC_OID_SHA256, nullptr);
+ SECOID_SetAlgorithmID(arena.get(), &aCertID.hashAlgorithm, SEC_OID_SHA256, nullptr);
// Write ESSCertIDv2.certHash.
SECItem aCertHashItem;
@@ -1154,7 +1160,7 @@ std::unique_ptr<GooString> SignatureHandler::signDetached(const char *password)
* { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
* smime(16) id-aa(2) 47 }
*/
- if (my_SEC_StringToOID(&aOidData.oid, "1.2.840.113549.1.9.16.2.47", 0) != SECSuccess) {
+ if (my_SEC_StringToOID(arena.get(), &aOidData.oid, "1.2.840.113549.1.9.16.2.47", 0) != SECSuccess) {
return nullptr;
}
@@ -1173,16 +1179,13 @@ std::unique_ptr<GooString> SignatureHandler::signDetached(const char *password)
SECItem cms_output;
cms_output.data = nullptr;
cms_output.len = 0;
- PLArenaPool *arena = PORT_NewArena(10000);
- NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, nullptr, &cms_output, arena, passwordCallback, const_cast<char *>(password), nullptr, nullptr, nullptr, nullptr);
+ NSSCMSEncoderContext *cms_ecx = NSS_CMSEncoder_Start(cms_msg, nullptr, nullptr, &cms_output, arena.get(), passwordCallback, const_cast<char *>(password), nullptr, nullptr, nullptr, nullptr);
if (!cms_ecx) {
- PORT_FreeArena(arena, PR_FALSE);
return nullptr;
}
if (NSS_CMSEncoder_Finish(cms_ecx) != SECSuccess) {
- PORT_FreeArena(arena, PR_FALSE);
return nullptr;
}
@@ -1190,7 +1193,6 @@ std::unique_ptr<GooString> SignatureHandler::signDetached(const char *password)
SECITEM_FreeItem(pEncodedCertificate, PR_TRUE);
NSS_CMSMessage_Destroy(cms_msg);
- PORT_FreeArena(arena, PR_FALSE);
return std::unique_ptr<GooString>(signature);
}
More information about the poppler
mailing list