Bad cast from SanExtensionImpl to CertificateExtension_XmlSecImpl

...both ultimately derive from css::security::XCertificateExtension, but that is
all they have in common.  The special handling of 2.5.29.17 (and thus the bad
casts) was introduced with d5feca7dcd9b2de4332c6b53657f6f5acbeb7b9a
"tkr38: #i112307# Support for x509 v3 Subject Alternative Name extension added".
Lets assume that it was an oversight there that setCertExtn (which is a function
of CertificateExtension_XmlSecImpl, not inherited from a---common---base class)
should not be called on such special-case SanExtensionImpl instances.

Change-Id: I96cfd42f606c79920d1548f323b68f17ff4e9081

1 files changed, 26 insertions, 20 deletions

diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 392d1b9bc600..86f256b4120a 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -28,6 +28,7 @@
 
 #include <sal/config.h>
 #include <comphelper/servicehelper.hxx>
+#include <rtl/ref.hxx>
 #include "x509certificate_nssimpl.hxx"
 
 #include "certificateextension_xmlsecimpl.hxx"
@@ -178,8 +179,6 @@ css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectUniqu
 css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl::getExtensions() throw ( css::uno::RuntimeException, std::exception) {
     if( m_pCert != nullptr && m_pCert->extensions != nullptr ) {
         CERTCertExtension** extns ;
-        CertificateExtension_XmlSecImpl* pExtn ;
-        bool crit ;
         int len ;
 
         for( len = 0, extns = m_pCert->extensions; *extns != nullptr; len ++, extns ++ ) ;
@@ -198,17 +197,21 @@ css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension >
                 objID = oidString;
 
             if ( objID.equals("2.5.29.17") )
-                pExtn = reinterpret_cast<CertificateExtension_XmlSecImpl*>(new SanExtensionImpl());
+                xExtns[len] = reinterpret_cast<CertificateExtension_XmlSecImpl*>(new SanExtensionImpl());
             else
-                pExtn = new CertificateExtension_XmlSecImpl() ;
+            {
+                CertificateExtension_XmlSecImpl* pExtn
+                    = new CertificateExtension_XmlSecImpl() ;
 
-            if( (*extns)->critical.data == nullptr )
-                crit = false ;
-            else
-                crit = (*extns)->critical.data[0] == 0xFF;
-            pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, reinterpret_cast<unsigned char *>(const_cast<char *>(objID.getStr())), objID.getLength(), crit ) ;
+                bool crit ;
+                if( (*extns)->critical.data == nullptr )
+                    crit = false ;
+                else
+                    crit = (*extns)->critical.data[0] == 0xFF;
+                pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, reinterpret_cast<unsigned char *>(const_cast<char *>(objID.getStr())), objID.getLength(), crit ) ;
 
-            xExtns[len] = pExtn ;
+                xExtns[len] = pExtn ;
+            }
         }
 
         return xExtns ;
@@ -219,28 +222,31 @@ css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension >
 
 css::uno::Reference< css::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl::findCertificateExtension( const css::uno::Sequence< sal_Int8 >& oid ) throw (css::uno::RuntimeException, std::exception) {
     if( m_pCert != nullptr && m_pCert->extensions != nullptr ) {
-        CertificateExtension_XmlSecImpl* pExtn ;
         CERTCertExtension** extns ;
         SECItem idItem ;
-        bool crit ;
 
         idItem.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(oid.getConstArray()));
         idItem.len = oid.getLength() ;
 
-        pExtn = nullptr ;
+        css::uno::Reference<css::security::XCertificateExtension> pExtn;
         for( extns = m_pCert->extensions; *extns != nullptr; extns ++ ) {
             if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
                 const SECItem id = (*extns)->id;
                 OString objId(CERT_GetOidString(&id));
                 if ( objId.equals("OID.2.5.29.17") )
-                    pExtn = reinterpret_cast<CertificateExtension_XmlSecImpl*>(new SanExtensionImpl());
+                    pExtn = new SanExtensionImpl();
                 else
-                    pExtn = new CertificateExtension_XmlSecImpl() ;
-                if( (*extns)->critical.data == nullptr )
-                    crit = false ;
-                else
-                    crit = (*extns)->critical.data[0] == 0xFF;
-                pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+                {
+                    rtl::Reference<CertificateExtension_XmlSecImpl> x(
+                        new CertificateExtension_XmlSecImpl());
+                    bool crit ;
+                    if( (*extns)->critical.data == nullptr )
+                        crit = false ;
+                    else
+                        crit = (*extns)->critical.data[0] == 0xFF;
+                    x->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+                    pExtn = x.get();
+                }
                 break;
             }
         }