~mcf/mupdf

ref: e27ceb2b0e64b9a56ba79d844ea96553d87dc113 mupdf/platform/java/jni/pkcs7verifier.c -rw-r--r-- 3.6 KiB
e27ceb2b — Robin Watts OSS-Fuzz 29728: Avoid buffer overflow. 1 year, 8 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/* PKCS7Verifier interface */

static void java_pkcs7_drop_verifier(fz_context *ctx, pdf_pkcs7_verifier *verifier_)
{
	java_pkcs7_verifier *verifier = (java_pkcs7_verifier *) verifier_;
	jboolean detach = JNI_FALSE;
	JNIEnv *env = NULL;

	env = jni_attach_thread(ctx, &detach);
	if (!env)
		fz_throw(ctx, FZ_ERROR_GENERIC, "cannot attach to JVM in java_pkcs7_check_digest");

	(*env)->DeleteGlobalRef(env, verifier->jverifier);
	fz_free(ctx, verifier);

	jni_detach_thread(detach);
}

static pdf_signature_error java_pkcs7_check_certificate(fz_context *ctx, pdf_pkcs7_verifier *verifier, unsigned char *signature, size_t len)
{
	java_pkcs7_verifier *pkcs7_verifier = (java_pkcs7_verifier *) verifier;
	jobject jverifier = pkcs7_verifier->jverifier;
	jint result = PDF_SIGNATURE_ERROR_UNKNOWN;
	jboolean detach = JNI_FALSE;
	JNIEnv *env = NULL;
	jobject jsignature = NULL;

	env = jni_attach_thread(ctx, &detach);
	if (env == NULL)
		fz_throw(ctx, FZ_ERROR_GENERIC, "cannot attach to JVM in java_pkcs7_check_digest");

	fz_try(ctx)
		jsignature = to_byteArray(ctx, env, signature, (int)len);
	fz_catch(ctx)
		fz_rethrow_and_detach_thread(ctx, detach);

	result = (*env)->CallIntMethod(env, jverifier, mid_PKCS7Verifier_checkCertificate, jsignature);
	if ((*env)->ExceptionCheck(env))
		fz_throw_java_and_detach_thread(ctx, env, detach);

	jni_detach_thread(detach);

	return result;
}

static pdf_signature_error java_pkcs7_check_digest(fz_context *ctx, pdf_pkcs7_verifier *verifier, fz_stream *stm, unsigned char *signature, size_t len)
{
	java_pkcs7_verifier *pkcs7_verifier = (java_pkcs7_verifier *) verifier;
	jobject jverifier = pkcs7_verifier->jverifier;
	jint result = PDF_SIGNATURE_ERROR_UNKNOWN;
	jboolean detach = JNI_FALSE;
	jobject jsignature = NULL;
	jobject jstm = NULL;
	JNIEnv *env = NULL;

	env = jni_attach_thread(ctx, &detach);
	if (env == NULL)
		fz_throw(ctx, FZ_ERROR_GENERIC, "cannot attach to JVM in java_pkcs7_check_digest");

	fz_try(ctx)
	{
		jsignature = to_byteArray(ctx, env, signature, (int)len);
		jstm = to_FitzInputStream(ctx, env, stm);
	}
	fz_catch(ctx)
		fz_rethrow_and_detach_thread(ctx, detach);

	result = (*env)->CallIntMethod(env, jverifier, mid_PKCS7Verifier_checkDigest, jstm, jsignature);
	if ((*env)->ExceptionCheck(env))
		fz_throw_java_and_detach_thread(ctx, env, detach);

	jni_detach_thread(detach);

	return result;
}

static pdf_pkcs7_verifier *java_pkcs7_new_verifier(fz_context *ctx, jobject jverifier)
{
	java_pkcs7_verifier *verifier = fz_malloc_struct(ctx, java_pkcs7_verifier);
	verifier->base.drop = java_pkcs7_drop_verifier;
	verifier->base.check_digest = java_pkcs7_check_digest;
	verifier->base.check_certificate = java_pkcs7_check_certificate;
	verifier->jverifier = jverifier;
	return &verifier->base;
}

JNIEXPORT jlong JNICALL
FUN(PKCS7Verifier_newNative)(JNIEnv *env, jobject self, jobject jverifier)
{
	fz_context *ctx = get_context(env);
	pdf_pkcs7_verifier *verifier = NULL;

	if (!ctx) return 0;
	if (!jverifier) jni_throw_arg(env, "verifier must not be null");

	jverifier = (*env)->NewGlobalRef(env, jverifier);
	if (!jverifier) jni_throw_arg(env, "unable to get reference to verifier");

	fz_try(ctx)
		verifier = java_pkcs7_new_verifier(ctx, jverifier);
	fz_catch(ctx)
	{
		(*env)->DeleteGlobalRef(env, jverifier);
		jni_rethrow(env, ctx);
	}

	return jlong_cast(verifier);
}

JNIEXPORT void JNICALL
FUN(PKCS7Verifier_finalize)(JNIEnv *env, jobject self)
{
	fz_context *ctx = get_context(env);
	java_pkcs7_verifier *verifier = from_PKCS7Verifier_safe(env, self);
	if (!ctx || !verifier) return;
	(*env)->SetLongField(env, self, fid_PKCS7Verifier_pointer, 0);
	pdf_drop_verifier(ctx, &verifier->base);
}