Make the PKCS#7 S/MIME functions check for passed NULL pointers.

Fix the usage message of smime utility and sanitise the return
codes.

Add some documentation.

3 files changed, 22 insertions, 3 deletions

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 3f6cad44f8..4b557f48a2 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -150,14 +150,19 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	BIO *p7bio;
 	BIO *tmpout;
 
+	if(!p7) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
+		return NULL;
+	}
+
 	if(!PKCS7_type_is_signed(p7)) {
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
 		return 0;
 	}
 
 	/* Check for no data and no content: no data to verify signature */
 	if(PKCS7_get_detached(p7) && !indata) {
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
 		return 0;
 	}
 
@@ -170,7 +175,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	sinfos = PKCS7_get_signer_info(p7);
 
 	if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
 		return 0;
 	}
 
@@ -264,6 +269,11 @@ STACK_OF(X509) *PKCS7_iget_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 	X509 *signer;
 	int i;
 
+	if(!p7) {
+		PKCS7err(PKCS7_F_PKCS7_IGET_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
+		return NULL;
+	}
+
 	if(!PKCS7_type_is_signed(p7)) {
 		PKCS7err(PKCS7_F_PKCS7_IGET_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
 		return NULL;
@@ -376,10 +386,17 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 	BIO *tmpmem;
 	int ret, i;
 	char buf[4096];
+
+	if(!p7) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
+		return 0;
+	}
+
 	if(!PKCS7_type_is_enveloped(p7)) {
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
 		return 0;
 	}
+
 	if(!X509_check_private_key(cert, pkey)) {
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT,
 				PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
index 7369e324d7..63a97e1540 100644
--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -455,6 +455,7 @@ int SMIME_text(BIO *in, BIO *out);
 #define PKCS7_R_ERROR_SETTING_CIPHER			 121
 #define PKCS7_R_INTERNAL_ERROR				 102
 #define PKCS7_R_INVALID_MIME_TYPE			 131
+#define PKCS7_R_INVALID_NULL_POINTER			 143
 #define PKCS7_R_MIME_NO_CONTENT_TYPE			 132
 #define PKCS7_R_MIME_PARSE_ERROR			 133
 #define PKCS7_R_MIME_SIG_PARSE_ERROR			 134
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index d0a1f599ab..d8491ff71b 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -105,6 +105,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {PKCS7_R_ERROR_SETTING_CIPHER            ,"error setting cipher"},
 {PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
 {PKCS7_R_INVALID_MIME_TYPE               ,"invalid mime type"},
+{PKCS7_R_INVALID_NULL_POINTER            ,"invalid null pointer"},
 {PKCS7_R_MIME_NO_CONTENT_TYPE            ,"mime no content type"},
 {PKCS7_R_MIME_PARSE_ERROR                ,"mime parse error"},
 {PKCS7_R_MIME_SIG_PARSE_ERROR            ,"mime sig parse error"},