From b1a0deb56cac0e017195f6e3b14916065e3358fe Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 29 Sep 2010 17:15:37 -0400 Subject: [PATCH 027/150] - clear buffers before encoding stuff into them --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 33 ++++++++++++++++++++++++ 1 files changed, 33 insertions(+), 0 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index af74e93..129f8ac 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -49,6 +49,7 @@ #define CONFIGDIR "/home/nalin/projects/krb5/pkinit/src/plugins/preauth/pkinit" /* FIXME */ #define NULLCX NULL /* FIXME */ +#define DEBUG_DER "derdump" /* Forward declarations. */ static krb5_error_code cert_retrieve_cert_sans(krb5_context context, @@ -380,11 +381,13 @@ secitem_to_dh_pubval(SECItem *item, unsigned char **out, unsigned int *len) uval = item; } + memset(&uinteger, 0, sizeof(uinteger)); if (SEC_ASN1EncodeItem(pool, &uinteger, uval, SEC_IntegerTemplate) != &uinteger) { PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + memset(&bits, 0, sizeof(bits)); if (SEC_ASN1EncodeItem(pool, &bits, &uinteger, SEC_BitStringTemplate) != &bits) { PORT_FreeArena(pool, PR_TRUE); @@ -494,6 +497,7 @@ client_create_dh(krb5_context context, params.p = pqg_params->prime; params.g = pqg_params->base; params.q = pqg_params->subPrime; + memset(&encoded, 0, sizeof(encoded)); if (SEC_ASN1EncodeItem(pool, &encoded, ¶ms, domain_parameters_template) != &encoded) { PK11_FreeSlot(slot); @@ -816,6 +820,7 @@ create_issuerAndSerial(krb5_context context, /* Encode the issuer/serial. */ isn.issuer = id_cryptoctx->id_cert->derIssuer; isn.serial = id_cryptoctx->id_cert->serialNumber; + memset(&item, 0, sizeof(item)); if (SEC_ASN1EncodeItem(id_cryptoctx->id_cert->arena, &item, &isn, issuer_and_serial_number_template) != &item) { PORT_FreeArena(pool, PR_TRUE); @@ -1979,6 +1984,19 @@ crypto_check_cert_eku(krb5_context context, return 0; } +#ifdef DEBUG_DER +static void +derdump(unsigned char *data, unsigned int length) +{ + FILE *p; + p = popen(DEBUG_DER, "w"); + if (p != NULL) { + fwrite(data, 1, length, p); + pclose(p); + } +} +#endif + krb5_error_code cms_contentinfo_create(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, @@ -2018,6 +2036,7 @@ cms_contentinfo_create(krb5_context context, return ENOMEM; } + memset(&encoded, 0, sizeof(encoded)); if (NSS_CMSDEREncode(msg, NULL, &encoded, pool) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); return ENOMEM; @@ -2028,6 +2047,10 @@ cms_contentinfo_create(krb5_context context, return ENOMEM; } +#ifdef DEBUG_DER + derdump(*out_data, *out_data_len); +#endif + PORT_FreeArena(pool, PR_TRUE); return 0; @@ -2114,6 +2137,7 @@ cms_envelopeddata_create(krb5_context context, } /* Encode and export. */ + memset(&encoded, 0, sizeof(encoded)); if (NSS_CMSDEREncode(msg, NULL, &encoded, pool) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); return ENOMEM; @@ -2123,6 +2147,10 @@ cms_envelopeddata_create(krb5_context context, return ENOMEM; } +#ifdef DEBUG_DER + derdump(*envel_data, *envel_data_len); +#endif + PORT_FreeArena(pool, PR_TRUE); return 0; @@ -2290,6 +2318,7 @@ cms_signeddata_create(krb5_context context, } /* Encode and export. */ + memset(&encoded, 0, sizeof(encoded)); if (NSS_CMSDEREncode(msg, NULL, &encoded, pool) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); return ENOMEM; @@ -2299,6 +2328,10 @@ cms_signeddata_create(krb5_context context, return ENOMEM; } +#ifdef DEBUG_DER + derdump(*signed_data, *signed_data_len); +#endif + PORT_FreeArena(pool, PR_TRUE); return 0; -- 1.7.6.4