Ensure key/cert pointer validity before accessing the DER

In many cases the getDER() function is called on a shared_ptr to a key or
certficiate without checking the pointer validity which may lead to segfaults.
Add proper checks before calling the getDER() function.

Change-Id: Ifb209737f14a13f6e7946e21c9d7c1cf5791973e

1 files changed, 10 insertions, 4 deletions

diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index f1b68bb1..fa4f5a9f 100644
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -143,7 +143,7 @@ int Manager::Impl::saveBinaryData(
 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
 						   const Policy &policy)
 {
-	if (key.get() == NULL)
+	if (key.get() == NULL || key->empty())
 		return CKM_API_ERROR_INPUT_PARAM;
 
 	try {
@@ -159,7 +159,7 @@ int Manager::Impl::saveCertificate(
 	const CertificateShPtr &cert,
 	const Policy &policy)
 {
-	if (cert.get() == NULL)
+	if (cert.get() == NULL || cert->empty())
 		return CKM_API_ERROR_INPUT_PARAM;
 
 	return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
@@ -626,11 +626,17 @@ int Manager::Impl::getCertificateChain(
 	if (!certificate || certificate->empty())
 		return CKM_API_ERROR_INPUT_PARAM;
 
-	for (auto &e : untrustedCertificates)
+	for (auto &e : untrustedCertificates) {
+		if (!e || e->empty())
+			return CKM_API_ERROR_INPUT_PARAM;
 		untrustedVector.push_back(e->getDER());
+	}
 
-	for (auto &e : trustedCertificates)
+	for (auto &e : trustedCertificates) {
+		if (!e || e->empty())
+			return CKM_API_ERROR_INPUT_PARAM;
 		trustedVector.push_back(e->getDER());
+	}
 
 	return getCertChain(
 			   m_storageConnection,