[prev in list] [next in list] [prev in thread] [next in thread]
List: wine-devel
Subject: [PATCH] crypt32: CryptMsgUpdate should skip broken certificates.
From: Dmitry Timoshkov <dmitry () baikal ! ru>
Date: 2019-04-30 9:55:24
Message-ID: 20190430175524.26d442ae0e9ee69d2a96cc95 () baikal ! ru
[Download RAW message or body]
CertOpenStore() already verifies the certificate before adding it
to the memory store from the file, this patch makes CryptMsgUpdate()
behave in a similar way.
This patch fixes signature verification reported in the bug 45757.
Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru>
---
dlls/crypt32/decode.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c
index ce068f3c47..aa697e3bfa 100644
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@@ -683,6 +683,13 @@ static BOOL CRYPT_AsnDecodeArray(const struct AsnArrayDescriptor \
*arrayDesc, &itemDecoded);
if (ret)
{
+ /* Ignore an item that failed to decode but the decoder \
doesn't want to fail the whole process */ + if (!size)
+ {
+ ptr += itemEncoded;
+ continue;
+ }
+
cItems++;
if (itemSizes != &itemSize)
itemSizes = CryptMemRealloc(itemSizes,
@@ -5628,6 +5635,25 @@ static BOOL WINAPI CRYPT_AsnDecodePKCSSignerInfo(DWORD \
dwCertEncodingType, return ret;
}
+static BOOL verify_and_copy_certificate(const BYTE *pbEncoded, DWORD cbEncoded, \
DWORD dwFlags, + void *pvStructInfo, DWORD \
*pcbStructInfo, DWORD *pcbDecoded) +{
+ PCCERT_CONTEXT cert;
+
+ cert = CertCreateCertificateContext(X509_ASN_ENCODING, pbEncoded, cbEncoded);
+ if (!cert)
+ {
+ WARN("CertCreateCertificateContext error %#x\n", GetLastError());
+ *pcbStructInfo = 0;
+ *pcbDecoded = 0;
+ return TRUE;
+ }
+
+ CertFreeCertificateContext(cert);
+
+ return CRYPT_AsnDecodeCopyBytes(pbEncoded, cbEncoded, dwFlags, pvStructInfo, \
pcbStructInfo, pcbDecoded); +}
+
static BOOL CRYPT_AsnDecodeCMSCertEncoded(const BYTE *pbEncoded,
DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo,
DWORD *pcbDecoded)
@@ -5637,7 +5663,7 @@ static BOOL CRYPT_AsnDecodeCMSCertEncoded(const BYTE \
*pbEncoded, offsetof(CRYPT_SIGNED_INFO, cCertEncoded),
offsetof(CRYPT_SIGNED_INFO, rgCertEncoded),
MEMBERSIZE(CRYPT_SIGNED_INFO, cCertEncoded, cCrlEncoded),
- CRYPT_AsnDecodeCopyBytes,
+ verify_and_copy_certificate,
sizeof(CRYPT_DER_BLOB), TRUE, offsetof(CRYPT_DER_BLOB, pbData) };
TRACE("%p, %d, %08x, %p, %d, %p\n", pbEncoded, cbEncoded, dwFlags,
--
2.20.1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic