Merge branch 'KSICAPI-473' into 'develop'

KSICAPI-473: Some new rules contain potential segfaults or obsolete checks. See merge request developers/libksi!333
guardtime · Feb 7, 2018 · d83a350 · d83a350
2 parents 0a78e6a + feece5a
commit d83a350
Showing 1 changed file with 33 additions and 2 deletions.
diff --git a/src/ksi/verification_rule.c b/src/ksi/verification_rule.c
@@ -3154,7 +3154,7 @@ static int initPublicationsFile(KSI_VerificationContext *info) {
 	VerificationTempData *tempData = NULL;
 	KSI_PublicationsFile *tmp = NULL;
 
-	if (info == NULL) {
+	if (info == NULL || info->ctx == NULL) {
 		res = KSI_INVALID_ARGUMENT;
 		goto cleanup;
 	}
@@ -3418,6 +3418,7 @@ int KSI_VerificationRule_CalendarAuthenticationRecordSignatureVerification(KSI_V
 	KSI_Utf8String *sigtype = NULL;
 	VerificationTempData *tempData = NULL;
 	const KSI_VerificationStep step = KSI_VERIFY_CALAUTHREC_WITH_SIGNATURE;
+	KSI_TLV *baseTlv = NULL;
 
 	if (result == NULL) {
 		res = KSI_INVALID_ARGUMENT;
@@ -3498,7 +3499,14 @@ int KSI_VerificationRule_CalendarAuthenticationRecordSignatureVerification(KSI_V
 		goto cleanup;
 	}
 
-	res = KSI_TLV_serialize(sig->calendarAuthRec->pubData->baseTlv, &rawData, &rawData_len);
+	res = KSI_PublicationData_getBaseTlv(sig->calendarAuthRec->pubData, &baseTlv);
+	if (res != KSI_OK) {
+		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);
+		KSI_pushError(ctx, res, NULL);
+		goto cleanup;
+	}
+
+	res = KSI_TLV_serialize(baseTlv, &rawData, &rawData_len);
 	if (res != KSI_OK) {
 		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);
 		KSI_pushError(ctx, res, NULL);
@@ -4455,6 +4463,14 @@ int KSI_VerificationRule_UserProvidedPublicationTimeVerification(KSI_Verificatio
 
 	KSI_LOG_info(ctx, "Verify user publication time.");
 
+	if (sig->publication == NULL) {
+		const char *msg = "Signature does not contain publication record.";
+		KSI_LOG_info(ctx, "%s", msg);
+		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);
+		KSI_pushError(ctx, res = KSI_INVALID_FORMAT, msg);
+		goto cleanup;
+	}
+
 	res = KSI_PublicationData_getTime(sig->publication->publishedData, &sigPubTime);
 	if (res != KSI_OK) {
 		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);
@@ -4523,6 +4539,13 @@ int KSI_VerificationRule_UserProvidedPublicationTimeDoesNotSuit(KSI_Verification
 
 	KSI_LOG_info(ctx, "%s.", __FUNCTION__);
 
+	if (sig->publication == NULL) {
+		KSI_LOG_debug(ctx, "Missing publication data.");
+		VERIFICATION_RESULT_OK(step);
+		res = KSI_OK;
+		goto cleanup;
+	}
+
 	res = KSI_PublicationData_getTime(sig->publication->publishedData, &sigPubTime);
 	if (res != KSI_OK) {
 		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);
@@ -4593,6 +4616,14 @@ int KSI_VerificationRule_UserProvidedPublicationHashVerification(KSI_Verificatio
 
 	KSI_LOG_info(ctx, "Verify user publication hash.");
 
+	if (sig->publication == NULL) {
+		const char *msg = "Signature does not contain publication record.";
+		KSI_LOG_info(ctx, "%s", msg);
+		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);
+		KSI_pushError(ctx, res = KSI_INVALID_FORMAT, msg);
+		goto cleanup;
+	}
+
 	res = KSI_PublicationData_getImprint(sig->publication->publishedData, &sigPubHash);
 	if (res != KSI_OK) {
 		VERIFICATION_RESULT_ERR(KSI_VER_RES_NA, KSI_VER_ERR_GEN_2, KSI_VERIFY_NONE);