From a0f6f0dea3a5bf432b357758978efca7aa0c393f Mon Sep 17 00:00:00 2001
From: "nelsonb%netscape.com" <nelsonb%netscape.com>
Date: Wed, 26 Nov 2003 22:02:38 +0000
Subject: [PATCH] In NSS_CMSSignedData_VerifySignerInfo(), test all returned
 pointers for NULL before attempting to dereference them. Bugscape bug 54057.
 r=wchang0222

---
 security/nss/lib/smime/cmssigdata.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c
index 6274890cb0e..4cfa50f31de 100644
--- a/security/nss/lib/smime/cmssigdata.c
+++ b/security/nss/lib/smime/cmssigdata.c
@@ -34,7 +34,7 @@
 /*
  * CMS signedData methods.
  *
- * $Id: cmssigdata.c,v 1.18 2003-07-31 00:16:27 nelsonb%netscape.com Exp $
+ * $Id: cmssigdata.c,v 1.19 2003-11-26 22:02:38 nelsonb%netscape.com Exp $
  */
 
 #include "cmslocal.h"
@@ -584,22 +584,35 @@ NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i,
     NSSCMSContentInfo *cinfo;
     SECOidData *algiddata;
     SECItem *contentType, *digest;
+    SECStatus rv;
 
     cinfo = &(sigd->contentInfo);
 
     signerinfo = sigd->signerInfos[i];
 
     /* verify certificate */
-    if (NSS_CMSSignerInfo_VerifyCertificate(signerinfo, certdb, certusage) != SECSuccess)
-	return SECFailure;		/* error is set by NSS_CMSSignerInfo_VerifyCertificate */
+    rv = NSS_CMSSignerInfo_VerifyCertificate(signerinfo, certdb, certusage);
+    if (rv != SECSuccess)
+	return rv; /* error is set */
 
     /* find digest and contentType for signerinfo */
     algiddata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
+    if (!algiddata)
+    	return SECFailure;  /* error code is set */
     digest = NSS_CMSSignedData_GetDigestByAlgTag(sigd, algiddata->offset);
+    if (!digest) {
+	PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+    	return SECFailure;
+    }
     contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo);
+    if (!contentType) {
+	PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+    	return SECFailure;
+    }
 
     /* now verify signature */
-    return NSS_CMSSignerInfo_Verify(signerinfo, digest, contentType);
+    rv = NSS_CMSSignerInfo_Verify(signerinfo, digest, contentType);
+    return rv;
 }
 
 /*