]> git.ipfire.org Git - thirdparty/FORT-validator.git/commitdiff
projects / thirdparty / FORT-validator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b1eb3c5)
Prevent crash on missing signedAttrs
authorAlberto Leiva Popper <ydahhrk@gmail.com>
Tue, 6 Aug 2024 16:35:14 +0000 (10:35 -0600)
committerAlberto Leiva Popper <ydahhrk@gmail.com>
Tue, 6 Aug 2024 16:35:14 +0000 (10:35 -0600)
Though RPKI enforces the presence of this field, it is very much
optional in CMS.
Also adds missing validation messages in relevant error paths.

Thanks to Niklas Vogel for reporting this.

src/asn1/signed_data.c patch | blob | blame | history

diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c
index 41ebf911ebab94214ec7bb3fced2faed9ef1a0b9..0d74bf168bad15425dc21c0810d592314ec0a035 100644 (file)
--- a/src/asn1/signed_data.c
+++ b/src/asn1/signed_data.c
@@ -468,30 +468,32 @@ get_content_type_attr(struct SignedData *sdata, OBJECT_IDENTIFIER_t **result)
        bool equal;
 
        if (sdata == NULL)
-               return -EINVAL;
+               return pr_val_err("SignedData is NULL.");
        if (sdata->signerInfos.list.array == NULL)
-               return -EINVAL;
+               return pr_val_err("SignerInfos array is NULL.");
        if (sdata->signerInfos.list.array[0] == NULL)
-               return -EINVAL;
+               return pr_val_err("SignerInfos array first element is NULL.");
 
        signedAttrs = sdata->signerInfos.list.array[0]->signedAttrs;
+       if (signedAttrs == NULL)
+               return pr_val_err("signedAttrs is NULL.");
        if (signedAttrs->list.array == NULL)
-               return -EINVAL;
+               return pr_val_err("signedAttrs array is NULL.");
 
        for (i = 0; i < signedAttrs->list.count; i++) {
                attr = signedAttrs->list.array[i];
                if (!attr)
-                       return -EINVAL;
+                       return pr_val_err("signedAttrs array element %d is NULL.", i);
                error = oid2arcs(&attr->attrType, &arcs);
                if (error)
-                       return -EINVAL;
+                       return error;
                equal = ARCS_EQUAL_OIDS(&arcs, oid_cta);
                free_arcs(&arcs);
                if (equal) {
                        if (attr->attrValues.list.array == NULL)
-                               return -EINVAL;
+                               return pr_val_err("signedAttrs attrValue array is NULL.");
                        if (attr->attrValues.list.array[0] == NULL)
-                               return -EINVAL;
+                               return pr_val_err("signedAttrs attrValue array first element is NULL.");
                        return asn1_decode_any(attr->attrValues.list.array[0],
                            &asn_DEF_OBJECT_IDENTIFIER,
                            (void **) result, true);
Mirror of https://github.com/NICMx/FORT-validator.git