From 0df8f4ec79a11de5bf82ce472801467aa70defa8 Mon Sep 17 00:00:00 2001
From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Thu, 2 Jul 2015 16:05:41 +0200
Subject: [PATCH] Fix segfault in getCertificateChain

[Problem] When getCertificateChain is called with empty certificate a segfault
occurs in client.
[Solution] Add param check in client.

[Verification] Run ckm-tests --regexp=T13122_get_chain_empty_cert &&
ckm-tests --regexp=T13121_get_chain_no_cert

Change-Id: I4f29ab1ca95166de261ef9120897ac85ac80c722
---
 src/manager/client/client-manager-impl.cpp |  6 ++++++
 src/manager/service/ckm-logic.cpp          | 16 ++++++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index 3bb1ef9..79774c1 100644
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -573,6 +573,9 @@ int ManagerImpl::getCertificateChain(
     RawBufferVector untrustedVector;
     RawBufferVector trustedVector;
 
+    if(!certificate || certificate->empty())
+        return CKM_API_ERROR_INPUT_PARAM;
+
     for (auto &e: untrustedCertificates) {
         untrustedVector.push_back(e->getDER());
     }
@@ -601,6 +604,9 @@ int ManagerImpl::getCertificateChain(
     LabelNameVector untrustedVector;
     LabelNameVector trustedVector;
 
+    if(!certificate || certificate->empty())
+        return CKM_API_ERROR_INPUT_PARAM;
+
     for (auto &e: untrustedCertificates) {
         AliasSupport helper(e);
         untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 8197fb9..3ce1e1c 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1318,10 +1318,18 @@ int CKMLogic::getCertificateChainHelper(
     if (cert.empty())
         return CKM_API_ERROR_INPUT_PARAM;
 
-    for (auto &e: untrustedCertificates)
-        untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
-    for (auto &e: trustedCertificates)
-        trustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
+    for (auto &e: untrustedCertificates) {
+        CertificateImpl c(e, DataFormat::FORM_DER);
+        if(c.empty())
+            return CKM_API_ERROR_INPUT_PARAM;
+        untrustedCertVector.push_back(std::move(c));
+    }
+    for (auto &e: trustedCertificates) {
+        CertificateImpl c(e, DataFormat::FORM_DER);
+        if(c.empty())
+            return CKM_API_ERROR_INPUT_PARAM;
+        trustedCertVector.push_back(std::move(c));
+    }
 
     CertificateStore store;
     int retCode = store.verifyCertificate(cert,
-- 
2.7.4