[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Mar 13 22:09:15 UTC 2023
poppler/SignatureHandler.cc | 20 ++++++++++++++------
poppler/SignatureHandler.h | 1 -
2 files changed, 14 insertions(+), 7 deletions(-)
New commits:
commit fb49889fea6e6003d8b8e2d65de0ce58d6229d54
Author: Sune Vuorela <sune at vuorela.dk>
Date: Mon Mar 13 13:56:59 2023 +0100
Simplify temp_certs memory handling
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 138f394a..d0f6e0fd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -786,7 +786,7 @@ void SignatureHandler::setNSSPasswordCallback(const std::function<char *(const c
PasswordFunction = f;
}
-SignatureHandler::SignatureHandler(unsigned char *p7, int p7_length) : hash_context(nullptr), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr), signing_cert(nullptr), temp_certs(nullptr)
+SignatureHandler::SignatureHandler(unsigned char *p7, int p7_length) : hash_context(nullptr), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr), signing_cert(nullptr)
{
setNSSDir({});
CMSitem.data = p7;
@@ -800,7 +800,7 @@ SignatureHandler::SignatureHandler(unsigned char *p7, int p7_length) : hash_cont
}
SignatureHandler::SignatureHandler(const char *certNickname, HashAlgorithm digestAlgTag)
- : hash_length(digestLength(digestAlgTag)), digest_alg_tag(digestAlgTag), CMSitem(), hash_context(nullptr), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr), signing_cert(nullptr), temp_certs(nullptr)
+ : hash_length(digestLength(digestAlgTag)), digest_alg_tag(digestAlgTag), CMSitem(), hash_context(nullptr), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr), signing_cert(nullptr)
{
setNSSDir({});
CMSMessage = NSS_CMSMessage_Create(nullptr);
@@ -835,14 +835,24 @@ SignatureHandler::~SignatureHandler()
{
SECITEM_FreeItem(&CMSitem, PR_FALSE);
if (CMSMessage) {
+ // in the CMS_SignedDataCreate, we malloc some memory
+ // inside the CMSSignedData structure
+ // which is otherwise destructed by NSS_CMSMessage_Destroy
+ // but given we did the malloc ourselves
+ // we also need to free it ourselves.
+ // After we free the surrounding memory but we need
+ // a handle to it before.
+ CERTCertificate **toFree = nullptr;
+ if (CMSSignedData) {
+ toFree = CMSSignedData->tempCerts;
+ }
NSS_CMSMessage_Destroy(CMSMessage);
+ free(toFree);
}
if (signing_cert) {
CERT_DestroyCertificate(signing_cert);
}
-
- free(temp_certs);
}
NSSCMSMessage *SignatureHandler::CMS_MessageCreate(SECItem *cms_item)
@@ -888,8 +898,6 @@ NSSCMSSignedData *SignatureHandler::CMS_SignedDataCreate(NSSCMSMessage *cms_msg)
for (i = 0; signedData->rawCerts[i]; ++i) {
signedData->tempCerts[i] = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), signedData->rawCerts[i], nullptr, 0, 0);
}
-
- temp_certs = signedData->tempCerts;
return signedData;
} else {
return nullptr;
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 5f7a6b20..b45a27e7 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -96,7 +96,6 @@ private:
NSSCMSSignedData *CMSSignedData;
NSSCMSSignerInfo *CMSSignerInfo;
CERTCertificate *signing_cert;
- CERTCertificate **temp_certs;
static std::string sNssDir;
};
More information about the poppler
mailing list