projects / platform / core / security / key-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e5352a7)
Fix segfault in getCertificateChain 20/42820/3
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Thu, 2 Jul 2015 14:05:41 +0000 (16:05 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 7 Jul 2015 11:24:03 +0000 (04:24 -0700)
[Problem] When getCertificateChain is called with empty certificate a segfault
occurs in client.
[Solution] Add param check in client.

[Verification] Run ckm-tests --regexp=T13122_get_chain_empty_cert &&
ckm-tests --regexp=T13121_get_chain_no_cert

Change-Id: I4f29ab1ca95166de261ef9120897ac85ac80c722

src/manager/client/client-manager-impl.cpp patch | blob | history
src/manager/service/ckm-logic.cpp patch | blob | history

diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index 3bb1ef9..79774c1 100644 (file)
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -573,6 +573,9 @@ int ManagerImpl::getCertificateChain(
     RawBufferVector untrustedVector;
     RawBufferVector trustedVector;
 
+    if(!certificate || certificate->empty())
+        return CKM_API_ERROR_INPUT_PARAM;
+
     for (auto &e: untrustedCertificates) {
         untrustedVector.push_back(e->getDER());
     }
@@ -601,6 +604,9 @@ int ManagerImpl::getCertificateChain(
     LabelNameVector untrustedVector;
     LabelNameVector trustedVector;
 
+    if(!certificate || certificate->empty())
+        return CKM_API_ERROR_INPUT_PARAM;
+
     for (auto &e: untrustedCertificates) {
         AliasSupport helper(e);
         untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 8197fb9..3ce1e1c 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1318,10 +1318,18 @@ int CKMLogic::getCertificateChainHelper(
     if (cert.empty())
         return CKM_API_ERROR_INPUT_PARAM;
 
-    for (auto &e: untrustedCertificates)
-        untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
-    for (auto &e: trustedCertificates)
-        trustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
+    for (auto &e: untrustedCertificates) {
+        CertificateImpl c(e, DataFormat::FORM_DER);
+        if(c.empty())
+            return CKM_API_ERROR_INPUT_PARAM;
+        untrustedCertVector.push_back(std::move(c));
+    }
+    for (auto &e: trustedCertificates) {
+        CertificateImpl c(e, DataFormat::FORM_DER);
+        if(c.empty())
+            return CKM_API_ERROR_INPUT_PARAM;
+        trustedCertVector.push_back(std::move(c));
+    }
 
     CertificateStore store;
     int retCode = store.verifyCertificate(cert,
Domain: Security / Utilities;