lsh123 · lsh123 · May 15, 2024 · May 13, 2024 · May 13, 2024 · May 13, 2024
diff --git a/config.h.in b/config.h.in
diff --git a/configure.ac b/configure.ac
diff --git a/src/cast_helpers.h b/src/cast_helpers.h
@@ -198,6 +198,22 @@
  *
  *****************************************************************************/
 
+ /* Safe cast with limits check: unsigned int -> long (assume uint >= 0) */
+#if (UINT_MAX > LONG_MAX)
+
+#define XMLSEC_SAFE_CAST_UINT_TO_LONG(srcVal, dstVal, errorAction, errorObject) \
+    XMLSEC_SAFE_CAST_MAX_CHECK(unsigned int, (srcVal), "%u",                    \
+        int, (dstVal), "%ld", LONG_MIN, LONG_MAX,                               \
+        errorAction, (errorObject))
+
+#else  /* UINT_MAX > LONG_MAX */
+
+#define XMLSEC_SAFE_CAST_UINT_TO_LONG(srcVal, dstVal, errorAction, errorObject) \
+    (dstVal) = (srcVal);
+
+#endif /* UINT_MAX > LONG_MAX */
+
+
 /* Safe cast with limits check: size_t -> long (assume size_t >= 0) */
 #if (SIZE_MAX > LONG_MAX)
 

diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c
@@ -1650,7 +1650,7 @@ xmlSecGnuTLSKeyDataEcPubKeyFromPrivKey(gnutls_privkey_t privkey) {
     err = gnutls_privkey_export_ecc_raw2(privkey,
                 &curve, &x, &y, &k,
                 0);
-    if((err != GNUTLS_E_SUCCESS) && (curve != GNUTLS_ECC_CURVE_INVALID)) {
+    if((err != GNUTLS_E_SUCCESS) || (curve == GNUTLS_ECC_CURVE_INVALID)) {
         xmlSecGnuTLSError("gnutls_privkey_export_ecc_raw2", err, NULL);
         goto done;
     }
@@ -2190,7 +2190,7 @@ xmlSecGnuTLSKeyDataGostPubKeyFromPrivKey(gnutls_privkey_t privkey) {
         &curve, &digest, &paramset,
         &x, &y, &k,
         0);
-    if((err != GNUTLS_E_SUCCESS) && (curve != GNUTLS_ECC_CURVE_INVALID)) {
+    if((err != GNUTLS_E_SUCCESS) || (curve == GNUTLS_ECC_CURVE_INVALID)) {
         xmlSecGnuTLSError("gnutls_privkey_export_gost_raw2", err, NULL);
         goto done;
     }

diff --git a/src/gnutls/kt_rsa.c b/src/gnutls/kt_rsa.c
@@ -35,7 +35,6 @@
 #include "../cast_helpers.h"
 #include "../transform_helpers.h"
 
-
 /*********************************************************************
  *
  * Key transport transforms context
@@ -213,7 +212,7 @@ xmlSecGnuTLSKeyTransportEncrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer
 			     0 /* flags */,
 			     &plaintext,
 			     &encrypted);
-    if((err != GNUTLS_E_SUCCESS) && (encrypted.data != NULL)) {
+    if((err != GNUTLS_E_SUCCESS) || (encrypted.data == NULL)) {
         xmlSecGnuTLSError("gnutls_pubkey_encrypt_data", err, NULL);
         return(-1);
     }
@@ -262,7 +261,7 @@ xmlSecGnuTLSKeyTransportDecrypt(xmlSecGnuTLSKeyTransportCtxPtr ctx, xmlSecBuffer
 			     0 /* flags */,
 			     &ciphertext,
 			     &plaintext);
-    if((err != GNUTLS_E_SUCCESS) && (plaintext.data != NULL)) {
+    if((err != GNUTLS_E_SUCCESS) || (plaintext.data == NULL)) {
         xmlSecGnuTLSError("gnutls_privkey_decrypt_data", err, NULL);
         return(-1);
     }

diff --git a/src/keyinfo.c b/src/keyinfo.c
@@ -1633,7 +1633,6 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt
                             xmlSecKeyDataKlassGetName(id));
         return(-1);
     }
-
     return(0);
 }
 

diff --git a/src/keys.c b/src/keys.c
@@ -430,13 +430,11 @@ xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
 
     if((keyReq->keyId != xmlSecKeyDataIdUnknown) &&
        (!xmlSecKeyDataCheckId(value, keyReq->keyId))) {
-
         return(0);
     }
     if((keyReq->keyBitsSize > 0) &&
        (xmlSecKeyDataGetSize(value) > 0) &&
        (xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) {
-
         return(0);
     }
     return(1);

diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c
@@ -347,14 +347,18 @@ xmlSecNssKeyTransportCtxUpdate(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr
 #ifndef XMLSEC_NO_RSA_OAEP
 static int
 xmlSecNssKeyTransportSetOaepParams(xmlSecNssKeyTransportCtxPtr ctx, CK_RSA_PKCS_OAEP_PARAMS* oaepParams) {
+    xmlSecSize size;
+
     xmlSecAssert2(ctx != NULL, -1);
     xmlSecAssert2(oaepParams != NULL, -1);
 
     oaepParams->hashAlg = ctx->oaepHashAlg;
     oaepParams->mgf     = ctx->oaepMgf ;
     oaepParams->source  = CKZ_DATA_SPECIFIED;
     oaepParams->pSourceData      = xmlSecBufferGetData(&(ctx->oaepParams));
-    oaepParams->ulSourceDataLen  = xmlSecBufferGetSize(&(ctx->oaepParams));
+
+    size = xmlSecBufferGetSize(&(ctx->oaepParams));
+    XMLSEC_SAFE_CAST_SIZE_TO_ULONG(size, oaepParams->ulSourceDataLen, return(-1), NULL);
 
     return(0);
 }

diff --git a/src/nss/signatures.c b/src/nss/signatures.c
@@ -49,7 +49,7 @@ struct _xmlSecNssSignatureCtx {
     PLArenaPool*        arena;
     SECOidTag           pssHashAlgTag;
     SECOidTag           pssMaskAlgTag;
-    long                pssSaltLength;
+    unsigned int        pssSaltLength;
 
     union {
         struct {
@@ -424,6 +424,7 @@ xmlSecNssSignatureCreatePssParams(xmlSecNssSignatureCtxPtr ctx) {
     SECAlgorithmID maskHashAlg;
     SECItem *maskHashAlgItem;
     SECItem *saltLengthItem;
+    long saltLength;
     SECStatus rv;
     SECItem* res;
 
@@ -470,7 +471,8 @@ xmlSecNssSignatureCreatePssParams(xmlSecNssSignatureCtxPtr ctx) {
     }
 
     /* salt length */
-    saltLengthItem = SEC_ASN1EncodeInteger(ctx->arena, &(params.saltLength), ctx->pssSaltLength);
+    XMLSEC_SAFE_CAST_UINT_TO_LONG(ctx->pssSaltLength, saltLength, return(NULL), NULL);
+    saltLengthItem = SEC_ASN1EncodeInteger(ctx->arena, &(params.saltLength), saltLength);
     if(saltLengthItem != &(params.saltLength)) {
         xmlSecNssError("SEC_ASN1EncodeInteger(saltLength)", NULL);
         return(NULL);