Catch processing exceptions and add to list#690
Conversation
IB-8568 Signed-off-by: Raul Metsma <raul@metsma.ee>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| { | ||
| for(auto data = sdop/"DataObjectFormat"; data; data++) | ||
| cb_doc = bdoc; | ||
| cb_exception = &exception; |
Check warning
Code scanning / CodeQL
Local variable address stored in non-local memory Warning
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix this problem, we need to ensure that the address of a local variable is not stored in a non-local variable that may outlive the local variable's scope. The best way to do this is to allocate the exception object on the heap, so its lifetime is not tied to the function's stack frame. This can be done by replacing the local stack allocation of Exception exception(...) with a heap allocation (auto exception = std::make_unique<Exception>(...)), and then assigning cb_exception to point to this heap-allocated object. After the function is done, we must ensure the memory is properly released, either by deleting the object or letting a smart pointer handle it. Since the rest of the code expects an Exception& or Exception*, we may need to dereference or pass the pointer as needed.
Steps:
- Change the declaration of
exceptionfrom a stack variable to a heap-allocated one (usingneworstd::unique_ptr). - Assign
cb_exceptionto point to this heap-allocated object. - After use, reset
cb_exceptionand ensure the heap memory is released (if not using a smart pointer, calldelete). - Update all uses of
exceptionin this function to use the pointer (i.e.,exception->instead ofexception.). - If the rest of the code expects a reference, dereference the pointer as needed.
Required changes:
- In
src/SignatureXAdES_B.cpp, lines around the declaration and use ofexceptionand the assignment tocb_exception. - No new imports are needed if using
new/delete. If usingstd::unique_ptr, include<memory>.
| @@ -407,7 +407,7 @@ | ||
| DEBUG("SignatureXAdES_B::validate(%s)", policy.c_str()); | ||
| // A "master" exception containing all problems (causes) with this signature. | ||
| // It'll be only thrown in case we have a reason (cause). | ||
| Exception exception(EXCEPTION_PARAMS("Signature validation")); | ||
| auto exception = new Exception(EXCEPTION_PARAMS("Signature validation")); | ||
|
|
||
| try { | ||
| if(!Exception::hasWarningIgnore(Exception::SignatureDigestWeak) && | ||
| @@ -415,7 +415,7 @@ | ||
| { | ||
| Exception e(EXCEPTION_PARAMS("Signature digest weak")); | ||
| e.setCode(Exception::SignatureDigestWeak); | ||
| exception.addCause(e); | ||
| exception->addCause(e); | ||
| } | ||
|
|
||
| if(profile().find(ASiC_E::ASIC_TM_PROFILE) != string::npos) | ||
| @@ -451,12 +451,12 @@ | ||
| } | ||
|
|
||
| cb_doc = bdoc; | ||
| cb_exception = &exception; | ||
| bool result = XMLDocument::verifySignature(signature, &exception); | ||
| cb_exception = exception; | ||
| bool result = XMLDocument::verifySignature(signature, exception); | ||
| cb_doc = {}; | ||
| cb_exception = {}; | ||
| if(!result) | ||
| EXCEPTION_ADD(exception, "Failed to validate signature"); | ||
| EXCEPTION_ADD((*exception), "Failed to validate signature"); | ||
|
|
||
| auto sp = qualifyingProperties()/"SignedProperties"; | ||
| auto sdop = sp/"SignedDataObjectProperties"; | ||
| @@ -556,6 +553,8 @@ | ||
|
|
||
| if(!exception.causes().empty()) | ||
| throw exception; | ||
| } | ||
| delete exception; | ||
| } | ||
|
|
||
| vector<unsigned char> SignatureXAdES_B::dataToSign() const |
3 participants
IB-8568
Signed-off-by: Raul Metsma raul@metsma.ee