[poppler] poppler/SignatureHandler.cc poppler/SignatureHandler.h

[GitLab Mirror]

 poppler/SignatureHandler.cc |   15 ++++++++++++---
 poppler/SignatureHandler.h  |    7 ++++++-
 2 files changed, 18 insertions(+), 4 deletions(-)

New commits:
commit 33672ca1b6670f7378e24f6d475438f7f5d86b05
Author: Sune Vuorela <sune at vuorela.dk>
Date:   Mon May 22 19:53:08 2023 +0000

    Fix crash with weird hashing used for signatures

diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index a306c358..b8f08acd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -768,11 +768,11 @@ SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned
         SECItem usedAlgorithm = NSS_CMSSignedData_GetDigestAlgs(CMSSignedData)[0]->algorithm;
         auto hashAlgorithm = SECOID_FindOIDTag(&usedAlgorithm);
         HASH_HashType hashType = HASH_GetHashTypeByOidTag(hashAlgorithm);
-        hashContext = std::make_unique<HashContext>(ConvertHashTypeFromNss(hashType));
+        hashContext = HashContext::create(ConvertHashTypeFromNss(hashType));
     }
 }
 
-SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(std::make_unique<HashContext>(digestAlgTag)), signing_cert(nullptr)
+SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
 {
     SignatureHandler::setNSSDir({});
     signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname.c_str());
@@ -1232,7 +1232,16 @@ std::vector<unsigned char> HashContext::endHash()
     return digestBuffer;
 }
 
-HashContext::HashContext(HashAlgorithm algorithm) : hash_context { HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, digest_alg_tag(algorithm) { }
+HashContext::HashContext(HashAlgorithm algorithm, private_tag) : hash_context { HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, digest_alg_tag(algorithm) { }
+
+std::unique_ptr<HashContext> HashContext::create(HashAlgorithm algorithm)
+{
+    auto ctx = std::make_unique<HashContext>(algorithm, private_tag {});
+    if (ctx->hash_context) {
+        return ctx;
+    }
+    return {};
+}
 
 HashAlgorithm HashContext::getHashAlgorithm() const
 {
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 8a978f09..d166305b 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -47,12 +47,17 @@
 
 class HashContext
 {
+    class private_tag
+    {
+    };
+
 public:
-    explicit HashContext(HashAlgorithm algorithm);
+    HashContext(HashAlgorithm algorithm, private_tag);
     void updateHash(unsigned char *data_block, int data_len);
     std::vector<unsigned char> endHash();
     HashAlgorithm getHashAlgorithm() const;
     ~HashContext() = default;
+    static std::unique_ptr<HashContext> create(HashAlgorithm algorithm);
 
 private:
     struct HashDestroyer