Fix crash with weird hashing used for signatures

author: Sune Vuorela <sune@vuorela.dk> 2023-05-22 19:53:08 +0000
committer: Albert Astals Cid <tsdgeos@yahoo.es> 2023-05-22 19:53:08 +0000
commit: 33672ca1b6670f7378e24f6d475438f7f5d86b05 (patch)
tree: bfa9e7942c440c1ed78b720258e4d6d0f94df467
parent: 4efd2f9f8175cb5d448809b56f67524df6e220aa (diff)
2 files changed, 18 insertions, 4 deletions
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index a306c358..b8f08acd 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -768,11 +768,11 @@ SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned
         SECItem usedAlgorithm = NSS_CMSSignedData_GetDigestAlgs(CMSSignedData)[0]->algorithm;
         auto hashAlgorithm = SECOID_FindOIDTag(&usedAlgorithm);
         HASH_HashType hashType = HASH_GetHashTypeByOidTag(hashAlgorithm);
-        hashContext = std::make_unique<HashContext>(ConvertHashTypeFromNss(hashType));
+        hashContext = HashContext::create(ConvertHashTypeFromNss(hashType));
     }
 }
 
-SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(std::make_unique<HashContext>(digestAlgTag)), signing_cert(nullptr)
+SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
 {
     SignatureHandler::setNSSDir({});
     signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname.c_str());
@@ -1232,7 +1232,16 @@ std::vector<unsigned char> HashContext::endHash()
     return digestBuffer;
 }
 
-HashContext::HashContext(HashAlgorithm algorithm) : hash_context { HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, digest_alg_tag(algorithm) { }
+HashContext::HashContext(HashAlgorithm algorithm, private_tag) : hash_context { HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, digest_alg_tag(algorithm) { }
+
+std::unique_ptr<HashContext> HashContext::create(HashAlgorithm algorithm)
+{
+    auto ctx = std::make_unique<HashContext>(algorithm, private_tag {});
+    if (ctx->hash_context) {
+        return ctx;
+    }
+    return {};
+}
 
 HashAlgorithm HashContext::getHashAlgorithm() const
 {
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 8a978f09..d166305b 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -47,12 +47,17 @@
 
 class HashContext
 {
+    class private_tag
+    {
+    };
+
 public:
-    explicit HashContext(HashAlgorithm algorithm);
+    HashContext(HashAlgorithm algorithm, private_tag);
     void updateHash(unsigned char *data_block, int data_len);
     std::vector<unsigned char> endHash();
     HashAlgorithm getHashAlgorithm() const;
     ~HashContext() = default;
+    static std::unique_ptr<HashContext> create(HashAlgorithm algorithm);
 
 private:
     struct HashDestroyer
author	Sune Vuorela <sune@vuorela.dk>	2023-05-22 19:53:08 +0000
committer	Albert Astals Cid <tsdgeos@yahoo.es>	2023-05-22 19:53:08 +0000
commit	33672ca1b6670f7378e24f6d475438f7f5d86b05 (patch)
tree	bfa9e7942c440c1ed78b720258e4d6d0f94df467
parent	4efd2f9f8175cb5d448809b56f67524df6e220aa (diff)