Juan Lang : crypt32: Fix error handling for cyclic chains.
Alexandre Julliard
julliard at winehq.org
Thu Oct 9 07:43:01 CDT 2008
Module: wine
Branch: master
Commit: cb341f37175b4a79d3a2f3fc5709a43d11d08d07
URL: http://source.winehq.org/git/wine.git/?a=commit;h=cb341f37175b4a79d3a2f3fc5709a43d11d08d07
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Oct 8 14:18:55 2008 -0700
crypt32: Fix error handling for cyclic chains.
---
dlls/crypt32/chain.c | 11 ++++++++++-
dlls/crypt32/tests/chain.c | 5 ++---
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 534d6ae..d086fe6 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -251,7 +251,7 @@ static void CRYPT_CheckSimpleChainForCycles(PCERT_SIMPLE_CHAIN chain)
if (cyclicCertIndex)
{
chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
- |= CERT_TRUST_IS_CYCLIC;
+ |= CERT_TRUST_IS_CYCLIC | CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
/* Release remaining certs */
for (i = cyclicCertIndex + 1; i < chain->cElement; i++)
CRYPT_FreeChainElement(chain->rgpElement[i]);
@@ -766,6 +766,15 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
constraints.dwPathLenConstraint--;
}
}
+ if (CRYPT_IsSimpleChainCyclic(chain))
+ {
+ /* If the chain is cyclic, then the path length constraints
+ * are violated, because the chain is infinitely long.
+ */
+ pathLengthConstraintViolated = TRUE;
+ chain->TrustStatus.dwErrorStatus |=
+ CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
+ }
/* FIXME: check valid usages */
CRYPT_CombineTrustStatus(&chain->TrustStatus,
&chain->rgpElement[i]->TrustStatus);
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 1a10702..eb8db2c 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1521,7 +1521,7 @@ static ChainCheck chainCheck[] = {
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
1, simpleStatus9 },
- TODO_ERROR | TODO_INFO },
+ TODO_INFO },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 },
@@ -1743,8 +1743,7 @@ static ChainPolicyCheck basicConstraintsPolicyCheck[] = {
{ 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
- { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
- TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
+ { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain11) / sizeof(chain11[0]), chain11 },
More information about the wine-cvs
mailing list