From 78fb343d1a5f04d3a12727615dea63a0f3e3fc9f Mon Sep 17 00:00:00 2001
From: KyungwooNoh <kw1004.noh@samsung.com>
Date: Fri, 14 Jun 2013 20:31:39 +0900
Subject: [PATCH] fixed prevent issue

Change-Id: I7784fadf52febd37646e617ae0ab27ff43618ab8
Signed-off-by: KyungwooNoh <kw1004.noh@samsung.com>
---
 src/security/FSecRsaKeyConverter.cpp               |  1 +
 src/security/FSec_Prng.cpp                         | 12 ++++++------
 src/security/cert/FSecCert_CertPrivateKeyInfo.cpp  | 16 ++++++++++++++--
 src/security/cert/FSecCert_Certificate.cpp         |  1 +
 src/security/crypto/FSecCryptoSha2Hash.cpp         |  4 +++-
 src/security/crypto/FSecCryptoSha2Hmac.cpp         |  1 +
 src/security/crypto/FSecCrypto_SymmetricCipher.cpp | 16 ++++++++++------
 7 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/src/security/FSecRsaKeyConverter.cpp b/src/security/FSecRsaKeyConverter.cpp
index 32b1e92..4302318 100644
--- a/src/security/FSecRsaKeyConverter.cpp
+++ b/src/security/FSecRsaKeyConverter.cpp
@@ -351,6 +351,7 @@ RsaKeyConverter::ConvertDerToPemN(RsaKeyFormat format, const IKey& key)
 		if (pPrivKeyInfo != null)
 		{
 			pEvpKey = EVP_PKCS82PKEY(pPrivKeyInfo);
+			SysTryCatch(NID_SEC, pEvpKey != null, r = E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid");
 			PKCS8_PRIV_KEY_INFO_free(pPrivKeyInfo);
 		}
 		pBio = BIO_new(BIO_s_mem());
diff --git a/src/security/FSec_Prng.cpp b/src/security/FSec_Prng.cpp
index 63c1d36..1509e7a 100644
--- a/src/security/FSec_Prng.cpp
+++ b/src/security/FSec_Prng.cpp
@@ -185,19 +185,19 @@ _Prng::GenerateRandomBytes(PrngContext& prng, ByteBuffer* pSeed)
 	}
 
 	pBlock = std::unique_ptr <byte[]> (new (std::nothrow) byte[blockSize]);
-	SysTryCatch(NID_SEC, pBlock != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
+	SysTryReturn(NID_SEC, pBlock != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
 
 	pInterVal1 = std::unique_ptr <byte[]> (new (std::nothrow) byte[blockSize]);
-	SysTryCatch(NID_SEC, pInterVal1 != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
+	SysTryReturn(NID_SEC, pInterVal1 != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
 
 	pInterVal2 = std::unique_ptr <byte[]> (new (std::nothrow) byte[blockSize]);
-	SysTryCatch(NID_SEC, pInterVal2 != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
+	SysTryReturn(NID_SEC, pInterVal2 != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
 
 	pInterVal1XorBlock = std::unique_ptr <byte[]> (new (std::nothrow) byte[blockSize]);
-	SysTryCatch(NID_SEC, pInterVal1XorBlock != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
+	SysTryReturn(NID_SEC, pInterVal1XorBlock != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
 
 	pInterVal2XorInterVal1 = std::unique_ptr <byte[]> (new (std::nothrow) byte[blockSize]);
-	SysTryCatch(NID_SEC, pInterVal2XorInterVal1 != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
+	SysTryReturn(NID_SEC, pInterVal2XorInterVal1 != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
 
 	lenInterVal1 = blockSize;
 	lenInterVal2 = blockSize;
@@ -236,7 +236,7 @@ _Prng::GenerateRandomBytes(PrngContext& prng, ByteBuffer* pSeed)
 			{
 				r = E_INVALID_ARG;
 				SysLogException(NID_SEC, r, "The seed length do not match the data block size.");
-				goto CATCH;
+				return r;
 			}
 
 			memcpy(pBlock.get(), pDt, dtLen);
diff --git a/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp b/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp
index 6edf660..5dba0c3 100644
--- a/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp
+++ b/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp
@@ -46,6 +46,18 @@ using namespace Tizen::Base;
 using namespace Tizen::Io;
 using namespace Tizen::Security;
 
+struct FreeCharPtr
+{
+	void operator ()(char* p)
+	{   
+		if (p != null)
+		{   
+			free(p);
+		}   
+	}   
+};
+
+
 namespace Tizen { namespace Security { namespace Cert
 {
 
@@ -103,7 +115,7 @@ _CertPrivateKeyInfo::GetEncDecPrivateKeyN(int& keyLen, byte** ppPrivKey, int enc
 	int err = 0;
 	EVP_CIPHER_CTX ctx;
 
-	std::unique_ptr< char > pUniqueKey(GetDeviceUniqueKey(certMgrInfo, certMgrInfoLen, aesBlockLen));
+	std::unique_ptr< char, FreeCharPtr > pUniqueKey(GetDeviceUniqueKey(certMgrInfo, certMgrInfoLen, aesBlockLen));
 	SysTryReturnResult(NID_SEC_CERT, pUniqueKey != null, E_SYSTEM, "Failed to generate unique key.");
 	
 	memset(uniqueKey, 0, aesBlockLen);
@@ -172,7 +184,7 @@ _CertPrivateKeyInfo::GetPkcs8EncDecKeyN(int& keyLen, byte** ppPrivKey, int encDe
 	long tempkeyLen = 0;
 	byte* pPrivKey = null;
 
-	std::unique_ptr< char > pUniqueKey(GetDeviceUniqueKey(certMgrInfo, certMgrInfoLen, aesBlockLen));
+	std::unique_ptr< char, FreeCharPtr > pUniqueKey(GetDeviceUniqueKey(certMgrInfo, certMgrInfoLen, aesBlockLen));
 	SysTryReturnResult(NID_SEC_CERT, pUniqueKey != null, E_SYSTEM, "Failed to generate unique key.");
 
 	memset(uniqueKey, 0, aesBlockLen);
diff --git a/src/security/cert/FSecCert_Certificate.cpp b/src/security/cert/FSecCert_Certificate.cpp
index 131d520..553de1b 100644
--- a/src/security/cert/FSecCert_Certificate.cpp
+++ b/src/security/cert/FSecCert_Certificate.cpp
@@ -850,6 +850,7 @@ _X509Certificate::ParseSubjectPublicKeyInfo(void)
 	SysTryReturnResult(NID_SEC_CERT, pKey != null, E_PARSING_FAILED, "Failed to get certificate public key.");
 
 	pubKeyLen = i2d_PublicKey(pKey, &pPubKey);
+	SysTryReturnResult(NID_SEC_CERT, pPubKey != null, E_PARSING_FAILED, "Failed to get certificate public key.");
 
 	__tbsCert.SetPublicKeyInfo(pubKeyLen, pPubKey);
 
diff --git a/src/security/crypto/FSecCryptoSha2Hash.cpp b/src/security/crypto/FSecCryptoSha2Hash.cpp
index 7fa1f2a..b04983a 100644
--- a/src/security/crypto/FSecCryptoSha2Hash.cpp
+++ b/src/security/crypto/FSecCryptoSha2Hash.cpp
@@ -166,14 +166,16 @@ Sha2Hash::FinalizeN(void)
 	int ret = 0;
 	int outLen = 0;
 	std::unique_ptr<ByteBuffer> pOutput(null);
+	std::unique_ptr<byte[]> pTempBuf(null);
 
 	ClearLastResult();
 
 	SysAssertf(__pEvpMdCtx != null && __pAlgorithm != null, "Not yet constructed. Initialize() and SetAlgorithm() should be called before use.");
 
 	outLen = EVP_MD_size(__pAlgorithm);
+	SysTryCatch(NID_SEC_CRYPTO, outLen > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 
-	std::unique_ptr<byte[]> pTempBuf(new (std::nothrow) byte[outLen]);
+	pTempBuf = std::unique_ptr<byte[]>(new (std::nothrow) byte[outLen]);
 	SysTryCatch(NID_SEC_CRYPTO, pTempBuf != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 
 	ret = EVP_DigestFinal(__pEvpMdCtx, pTempBuf.get(), null);
diff --git a/src/security/crypto/FSecCryptoSha2Hmac.cpp b/src/security/crypto/FSecCryptoSha2Hmac.cpp
index 8c15534..c4ba38f 100644
--- a/src/security/crypto/FSecCryptoSha2Hmac.cpp
+++ b/src/security/crypto/FSecCryptoSha2Hmac.cpp
@@ -121,6 +121,7 @@ Sha2Hmac::GetHmacN(const ByteBuffer& input) const
 	SysTryReturn(NID_SEC_CRYPTO, keyLen > 0, null, E_KEY_NOT_FOUND, "[E_KEY_NOT_FOUND] Key length should be positive.");
 
 	mdLen = EVP_MD_size(__pAlgorithm);
+	SysTryReturn(NID_SEC_CRYPTO, mdLen > 0, null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 
 	std::unique_ptr<byte[]> pMd(new (std::nothrow) byte[mdLen]);
 	SysTryReturn(NID_SEC_CRYPTO, pMd != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
diff --git a/src/security/crypto/FSecCrypto_SymmetricCipher.cpp b/src/security/crypto/FSecCrypto_SymmetricCipher.cpp
index e1f8a1a..58e2163 100644
--- a/src/security/crypto/FSecCrypto_SymmetricCipher.cpp
+++ b/src/security/crypto/FSecCrypto_SymmetricCipher.cpp
@@ -499,7 +499,8 @@ _SymmetricCipher::DoWrapN(const Tizen::Base::ByteBuffer& secretKey)
 	{
 		r = E_SYSTEM;
 		SysLogException(NID_SEC_CRYPTO, r, "An Unexpected system error occurred.");
-		goto CATCH;
+		SetLastResult(r);
+		return null;
 	}
 
 
@@ -520,7 +521,8 @@ _SymmetricCipher::DoWrapN(const Tizen::Base::ByteBuffer& secretKey)
 	default:
 		r = E_UNSUPPORTED_ALGORITHM;
 		SysLogException(NID_SEC_CRYPTO, r, " The algorithm for input key length is not supported");
-		goto CATCH;
+		SetLastResult(r);
+		return null;
 	}
 
 	pOut = std::unique_ptr <byte[]> (new (std::nothrow) byte[dataLen + 8]);
@@ -587,7 +589,7 @@ _SymmetricCipher::DoWrapN(const Tizen::Base::ByteBuffer& secretKey)
 	pOutBuf->Flip();
 
 CATCH:
-
+	
 	EVP_CIPHER_CTX_cleanup(&cipherCtx);
 
 	SetLastResult(r);
@@ -637,9 +639,10 @@ _SymmetricCipher::DoUnwrapN(const Tizen::Base::ByteBuffer& wrappedKey)
 
 	if (numVal < _MIN_WRAP_KEY_LEN_REFACTOR || dataLen > _MAX_AES_WRAP_DATA_LENGTH)
 	{
-		ret = E_SYSTEM;
+		r = E_SYSTEM;
 		SysLogException(NID_SEC_CRYPTO, r, "An Unexpected system error occurred.");
-		goto CATCH;
+		SetLastResult(r);
+		return null;
 	}
 
 
@@ -660,7 +663,8 @@ _SymmetricCipher::DoUnwrapN(const Tizen::Base::ByteBuffer& wrappedKey)
 	default:
 		r = E_UNSUPPORTED_ALGORITHM;
 		SysLogException(NID_SEC_CRYPTO, r, " The algorithm for input key length is not supported");
-		goto CATCH;
+		SetLastResult(r);
+		return null;
 	}
 
 	pOut = std::unique_ptr <byte[]> (new (std::nothrow) byte[dataLen]);
-- 
2.7.4