#540: M1520826

security/nss/lib/smime/cmscinfo.c

@@ -53,6 +53,10 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
 {
     SECOidTag kind;
 
+    if (cinfo == NULL) {
+        return;
+    }
+
     kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
     switch (kind) {
     case SEC_OID_PKCS7_ENVELOPED_DATA:
@@ -88,6 +92,11 @@ NSSCMSContentInfo *
 NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo)
 {
     NSSCMSContentInfo * ccinfo  = NULL;
+
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
     switch (tag) {
     case SEC_OID_PKCS7_SIGNED_DATA:
@@ -129,6 +138,9 @@ SECStatus
 NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream)
 {
    SECStatus rv;
+   if (cinfo == NULL) {
+       return SECFailure;
+   }
 
    rv = NSS_CMSContentInfo_Private_Init(cinfo);
    if (rv != SECSuccess) {
@@ -146,6 +158,9 @@ SECStatus
 NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr)
 {
     SECStatus rv;
+    if (cinfo == NULL || cmsg == NULL) {
+        return SECFailure;
+    }
 
     cinfo->contentTypeTag = SECOID_FindOIDByTag(type);
     if (cinfo->contentTypeTag == NULL)
@@ -227,6 +242,10 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn
 void *
 NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     SECOidTag tag = cinfo->contentTypeTag 
 	                ? cinfo->contentTypeTag->offset 
 	                : SEC_OID_UNKNOWN;
@@ -255,6 +274,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
     SECOidTag          tag;
     SECItem           *pItem = NULL;
 
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
     if (NSS_CMSType_IsData(tag)) {
 	pItem = cinfo->content.data; 
@@ -278,6 +301,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
 SECOidTag
 NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return SEC_OID_UNKNOWN;
+    }
+
     if (cinfo->contentTypeTag == NULL)
 	cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
 
@@ -290,6 +317,10 @@ NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
 SECItem *
 NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     if (cinfo->contentTypeTag == NULL)
 	cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
 
@@ -306,6 +337,10 @@ NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
 SECOidTag
 NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return SEC_OID_UNKNOWN;
+    }
+
     if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN)
 	cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg));
 
@@ -318,6 +353,10 @@ NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
 SECAlgorithmID *
 NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     return &(cinfo->contentEncAlg);
 }
 
@@ -326,6 +365,9 @@ NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo
 				    SECOidTag bulkalgtag, SECItem *parameters, int keysize)
 {
     SECStatus rv;
+    if (cinfo == NULL) {
+        return SECFailure;
+    }
 
     rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters);
     if (rv != SECSuccess)
@@ -339,6 +381,9 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin
 				    SECAlgorithmID *algid, int keysize)
 {
     SECStatus rv;
+    if (cinfo == NULL) {
+        return SECFailure;
+    }
 
     rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
     if (rv != SECSuccess)
@@ -351,14 +396,23 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin
 void
 NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey)
 {
-    cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
-    cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
+    if (cinfo == NULL) {
+        return;
+    }
+
+    if (bulkkey == NULL) {
+        cinfo->bulkkey = NULL;
+        cinfo->keysize = 0;
+    } else {
+        cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
+        cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
+    }
 }
 
 PK11SymKey *
 NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
 {
-    if (cinfo->bulkkey == NULL)
+    if (cinfo == NULL || cinfo->bulkkey == NULL)
 	return NULL;
 
     return PK11_ReferenceSymKey(cinfo->bulkkey);
@@ -367,5 +421,9 @@ NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
 int
 NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return 0;
+    }
+
     return cinfo->keysize;
 }

security/nss/lib/smime/cmsdigdata.c

@@ -56,7 +56,9 @@ void
 NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd)
 {
     /* everything's in a pool, so don't worry about the storage */
-    NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
+    if (digd != NULL) {
+        NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
+    }
     return;
 }
 

security/nss/lib/smime/cmsencdata.c

@@ -86,7 +86,9 @@ void
 NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd)
 {
     /* everything's in a pool, so don't worry about the storage */
-    NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
+    if (encd != NULL) {
+         NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
+    }
     return;
 }
 

security/nss/lib/smime/cmsenvdata.c

@@ -144,6 +144,11 @@ NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd)
     poolp = envd->cmsg->poolp;
     cinfo = &(envd->contentInfo);
 
+    if (cinfo == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        goto loser;
+    }
+
     recipientinfos = envd->recipientInfos;
     if (recipientinfos == NULL) {
 	PORT_SetError(SEC_ERROR_BAD_DATA);

security/nss/lib/smime/cmsmessage.c

@@ -73,6 +73,10 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
 			NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
 			SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
 {
+    if (cmsg == NULL) {
+        return;
+    }
+
     if (pwfn)
 	PK11_SetPasswordFunc(pwfn);
     cmsg->pwfn_arg = pwfn_arg;
@@ -88,6 +92,9 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
 void
 NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
 {
+    if (cmsg == NULL)
+        return;
+
     PORT_Assert (cmsg->refCount > 0);
     if (cmsg->refCount <= 0)	/* oops */
 	return;
@@ -127,6 +134,10 @@ NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
 PLArenaPool *
 NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
 {
+    if (cmsg == NULL) {
+        return NULL;
+    }
+
     return cmsg->poolp;
 }
 
@@ -136,6 +147,10 @@ NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
 NSSCMSContentInfo *
 NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
 {
+    if (cmsg == NULL) {
+        return NULL;
+    }
+
     return &(cmsg->contentInfo);
 }
 
@@ -147,6 +162,10 @@ NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
 SECItem *
 NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
 {
+    if (cmsg == NULL) {
+        return NULL;
+    }
+
     /* this is a shortcut */
     NSSCMSContentInfo * cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
     SECItem           * pItem = NSS_CMSContentInfo_GetInnerContent(cinfo);
@@ -164,6 +183,10 @@ NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg)
     int count = 0;
     NSSCMSContentInfo *cinfo;
 
+    if (cmsg == NULL) {
+        return 0;
+    }
+
     /* walk down the chain of contentinfos */
     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
 	count++;
@@ -183,6 +206,10 @@ NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n)
     int count = 0;
     NSSCMSContentInfo *cinfo;
 
+    if (cmsg == NULL) {
+        return NULL;
+    }
+
     /* walk down the chain of contentinfos */
     for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
 	count++;
@@ -199,6 +226,10 @@ NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg)
 {
     NSSCMSContentInfo *cinfo;
 
+    if (cmsg == NULL) {
+        return PR_FALSE;
+    }
+
     /* descend into CMS message */
     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
 	if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(cinfo)))
@@ -219,6 +250,10 @@ NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg)
 {
     NSSCMSContentInfo *cinfo;
 
+    if (cmsg == NULL) {
+        return PR_FALSE;
+    }
+
     /* walk down the chain of contentinfos */
     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo))
     {
@@ -249,11 +284,18 @@ NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg)
 {
     NSSCMSContentInfo *cinfo;
 
+    if (cmsg == NULL) {
+        return PR_FALSE;
+    }
+
     /* walk down the chain of contentinfos */
     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo))
     {
 	switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
 	case SEC_OID_PKCS7_SIGNED_DATA:
+            if (cinfo->content.signedData == NULL) {
+                return PR_FALSE;
+            }
 	    if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos))
 		return PR_TRUE;
 	    break;

security/nss/lib/smime/cmsudf.c

@@ -240,7 +240,7 @@ NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd)
 {
     const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type);
 
-    if (typeInfo && typeInfo->destroy) {
+    if (typeInfo && typeInfo->destroy && (gd != NULL)) {
 	(*typeInfo->destroy)(gd);
     }