Add null checks in System.Security.Cryptography

krwq · carlossanlop · commit 7c2d8f8ed9f4 · 2024-01-15T20:16:35.000Z
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/apibridge.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/apibridge.c
@@ -112,7 +112,7 @@ int32_t local_X509_get_version(const X509* x509)
 
 X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)
 {
-    if (x509)
+    if (x509 && x509->cert_info)
     {
         return x509->cert_info->key;
     }
@@ -123,13 +123,28 @@ X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)
 int32_t local_X509_PUBKEY_get0_param(
     ASN1_OBJECT** palgOid, const uint8_t** pkeyBytes, int* pkeyBytesLen, X509_ALGOR** palg, X509_PUBKEY* pubkey)
 {
+    if (!pubkey)
+    {
+        return 0;
+    }
+
     if (palgOid)
     {
+        if (!pubkey->algor)
+        {
+            return 0;
+        }
+
         *palgOid = pubkey->algor->algorithm;
     }
 
     if (pkeyBytes)
     {
+        if (!pubkey->public_key)
+        {
+            return 0;
+        }
+
         *pkeyBytes = pubkey->public_key->data;
         *pkeyBytesLen = pubkey->public_key->length;
     }
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/openssl.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/openssl.c
@@ -635,6 +635,11 @@ BIO* CryptoNative_GetX509NameInfo(X509* x509, int32_t nameType, int32_t forIssue
                                     0 == strncmp(localOid, szOidUpn, sizeof(szOidUpn)))
                                 {
                                     // OTHERNAME->ASN1_TYPE->union.field
+                                    if (!value->value)
+                                    {
+                                        return NULL;
+                                    }
+
                                     str = value->value->value.asn1_string;
                                 }
                             }
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_pkcs7.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_pkcs7.c
@@ -46,9 +46,19 @@ int32_t CryptoNative_GetPkcs7Certificates(PKCS7* p7, X509Stack** certs)
     switch (OBJ_obj2nid(p7->type))
     {
         case NID_pkcs7_signed:
+            if (!p7->d.sign)
+            {
+                return 0;
+            }
+
             *certs = p7->d.sign->cert;
             return 1;
         case NID_pkcs7_signedAndEnveloped:
+            if (!p7->d.signed_and_enveloped)
+            {
+                return 0;
+            }
+
             *certs = p7->d.signed_and_enveloped->cert;
             return 1;
     }
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertTests.cs
@@ -399,6 +399,12 @@ public static void UseAfterDispose()
             }
         }
 
+        [Fact]
+        public static void EmptyPkcs7ThrowsException()
+        {
+            Assert.ThrowsAny<CryptographicException>(() => new X509Certificate2(TestData.EmptyPkcs7));
+        }
+
         [Fact]
         public static void ExportPublicKeyAsPkcs12()
         {
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/TestData.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/TestData.cs
@@ -4175,5 +4175,7 @@ internal static DSAParameters GetDSA1024Params()
             "C0CC2B115B9D33BD6E528E35670E5A6A8D9CF52199F8D693315C60D9ADAD54EF7FDCED36" +
             "0C8C79E84D42AB5CB6355A70951B1ABF1F2B3FB8BEB7E3A8D6BA2293C0DB8C86B0BB060F" +
             "0D6DB9939E88B998662A27F092634BBF21F58EEAAA").HexToByteArray();
+
+        internal static readonly byte[] EmptyPkcs7 = "300B06092A864886F70D010702".HexToByteArray();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ int32_t local_X509_get_version(const X509* x509)`
`112`	`112`
`113`	`113`	`X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)`
`114`	`114`	`{`
`115`		`- if (x509)`
	`115`	`+ if (x509 && x509->cert_info)`
`116`	`116`	`{`
`117`	`117`	`return x509->cert_info->key;`
`118`	`118`	`}`
`@@ -123,13 +123,28 @@ X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)`
`123`	`123`	`int32_t local_X509_PUBKEY_get0_param(`
`124`	`124`	`ASN1_OBJECT palgOid, const uint8_t pkeyBytes, int* pkeyBytesLen, X509_ALGOR** palg, X509_PUBKEY* pubkey)`
`125`	`125`	`{`
	`126`	`+ if (!pubkey)`
	`127`	`+ {`
	`128`	`+ return 0;`
	`129`	`+ }`
	`130`	`+`
`126`	`131`	`if (palgOid)`
`127`	`132`	`{`
	`133`	`+ if (!pubkey->algor)`
	`134`	`+ {`
	`135`	`+ return 0;`
	`136`	`+ }`
	`137`	`+`
`128`	`138`	`*palgOid = pubkey->algor->algorithm;`
`129`	`139`	`}`
`130`	`140`
`131`	`141`	`if (pkeyBytes)`
`132`	`142`	`{`
	`143`	`+ if (!pubkey->public_key)`
	`144`	`+ {`
	`145`	`+ return 0;`
	`146`	`+ }`
	`147`	`+`
`133`	`148`	`*pkeyBytes = pubkey->public_key->data;`
`134`	`149`	`*pkeyBytesLen = pubkey->public_key->length;`
`135`	`150`	`}`
Original file line number	Diff line number	Diff line change
`@@ -635,6 +635,11 @@ BIO* CryptoNative_GetX509NameInfo(X509* x509, int32_t nameType, int32_t forIssue`
`635`	`635`	`0 == strncmp(localOid, szOidUpn, sizeof(szOidUpn)))`
`636`	`636`	`{`
`637`	`637`	`// OTHERNAME->ASN1_TYPE->union.field`
	`638`	`+ if (!value->value)`
	`639`	`+ {`
	`640`	`+ return NULL;`
	`641`	`+ }`
	`642`	`+`
`638`	`643`	`str = value->value->value.asn1_string;`
`639`	`644`	`}`
`640`	`645`	`}`
Original file line number	Diff line number	Diff line change
`@@ -399,6 +399,12 @@ public static void UseAfterDispose()`
`399`	`399`	`}`
`400`	`400`	`}`
`401`	`401`
	`402`	`+ [Fact]`
	`403`	`+ public static void EmptyPkcs7ThrowsException()`
	`404`	`+ {`
	`405`	`+ Assert.ThrowsAny<CryptographicException>(() => new X509Certificate2(TestData.EmptyPkcs7));`
	`406`	`+ }`
	`407`	`+`
`402`	`408`	`[Fact]`
`403`	`409`	`public static void ExportPublicKeyAsPkcs12()`
`404`	`410`	`{`
Original file line number	Diff line number	Diff line change
`@@ -4175,5 +4175,7 @@ internal static DSAParameters GetDSA1024Params()`
`4175`	`4175`	`"C0CC2B115B9D33BD6E528E35670E5A6A8D9CF52199F8D693315C60D9ADAD54EF7FDCED36" +`
`4176`	`4176`	`"0C8C79E84D42AB5CB6355A70951B1ABF1F2B3FB8BEB7E3A8D6BA2293C0DB8C86B0BB060F" +`
`4177`	`4177`	`"0D6DB9939E88B998662A27F092634BBF21F58EEAAA").HexToByteArray();`
	`4178`	`+`
	`4179`	`+ internal static readonly byte[] EmptyPkcs7 = "300B06092A864886F70D010702".HexToByteArray();`
`4178`	`4180`	`}`
`4179`	`4181`	`}`