From 3c70c38272e6a5d042f558b69044d21adc9fe7d0 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Mon, 20 Feb 2012 12:47:14 +0000 Subject: fdo#39657: fix crash when parsing XML signatures --- xmlsecurity/source/helper/xsecverify.cxx | 86 +++++++++++++++++++++++++++----- 1 file changed, 74 insertions(+), 12 deletions(-) diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx index 39c93cda5..2debeab8c 100644 --- a/xmlsecurity/source/helper/xsecverify.cxx +++ b/xmlsecurity/source/helper/xsecverify.cxx @@ -123,7 +123,12 @@ void XSecController::addSignature() void XSecController::addReference( const rtl::OUString& ouUri) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::addReference: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.addReference(TYPE_SAMEDOCUMENT_REFERENCE,ouUri, -1 ); } @@ -133,7 +138,12 @@ void XSecController::addStreamReference( { sal_Int32 type = (isBinary?TYPE_BINARYSTREAM_REFERENCE:TYPE_XMLSTREAM_REFERENCE); - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::addStreamReference: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); if ( isi.xReferenceResolvedListener.is() ) { @@ -156,7 +166,13 @@ void XSecController::addStreamReference( void XSecController::setReferenceCount() const { - const InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setReferenceCount: no signature"); + return; + } + const InternalSignatureInformation &isi = + m_vInternalSignatureInformations.back(); if ( isi.xReferenceResolvedListener.is() ) { @@ -184,51 +200,97 @@ void XSecController::setReferenceCount() const void XSecController::setX509IssuerName( rtl::OUString& ouX509IssuerName ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setX509IssuerName: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.signatureInfor.ouX509IssuerName = ouX509IssuerName; } void XSecController::setX509SerialNumber( rtl::OUString& ouX509SerialNumber ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setX509SerialNumber: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.signatureInfor.ouX509SerialNumber = ouX509SerialNumber; } void XSecController::setX509Certificate( rtl::OUString& ouX509Certificate ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setX509Certificate: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.signatureInfor.ouX509Certificate = ouX509Certificate; } void XSecController::setSignatureValue( rtl::OUString& ouSignatureValue ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setSignatureValue: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.signatureInfor.ouSignatureValue = ouSignatureValue; } void XSecController::setDigestValue( rtl::OUString& ouDigestValue ) { - SignatureInformation &si = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1].signatureInfor; - SignatureReferenceInformation &reference = si.vSignatureReferenceInfors[si.vSignatureReferenceInfors.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setDigestValue: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); + if (isi.signatureInfor.vSignatureReferenceInfors.empty()) + { + OSL_TRACE("XSecController::setDigestValue: no signature reference"); + return; + } + SignatureReferenceInformation &reference = + isi.signatureInfor.vSignatureReferenceInfors.back(); reference.ouDigestValue = ouDigestValue; } void XSecController::setDate( rtl::OUString& ouDate ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setDate: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); convertDateTime( isi.signatureInfor.stDateTime, ouDate ); isi.signatureInfor.ouDateTime = ouDate; } void XSecController::setId( rtl::OUString& ouId ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setId: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.signatureInfor.ouSignatureId = ouId; } void XSecController::setPropertyId( rtl::OUString& ouPropertyId ) { - InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; + if (m_vInternalSignatureInformations.empty()) + { + OSL_TRACE("XSecController::setPropertyId: no signature"); + return; + } + InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); isi.signatureInfor.ouPropertyId = ouPropertyId; } -- cgit v1.2.3