<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 7/2/20 1:53 PM, Zhipeng Zhao wrote:<br>
</div>
<blockquote type="cite"
cite="mid:460f781b.5f2c.1730e164288.Coremail.near2see@163.com">
<pre class="moz-quote-pre" wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"><legend
class="mimeAttachmentHeaderName">0001-crypt32-Add-parameter-validation.patch</legend></fieldset>
<pre class="moz-quote-pre" wrap="">From 63c44d4282ecdbb233bf3c26463336d08ca04ea3 Mon Sep 17 00:00:00 2001
From: Zhipeng Zhao <a class="moz-txt-link-rfc2396E" href="mailto:zhaozhipeng@uniontech.com"><zhaozhipeng@uniontech.com></a>
Date: Thu, 2 Jul 2020 13:47:26 +0800
Subject: [PATCH] crypt32: Add parameter validation.
Signed-off-by: Zhipeng Zhao <a class="moz-txt-link-rfc2396E" href="mailto:zhaozhipeng@uniontech.com"><zhaozhipeng@uniontech.com></a>
---
dlls/crypt32/msg.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/dlls/crypt32/msg.c b/dlls/crypt32/msg.c
index f591a5e72e..42cb9d0e31 100644
--- a/dlls/crypt32/msg.c
+++ b/dlls/crypt32/msg.c
@@ -3660,6 +3660,12 @@ BOOL WINAPI CryptMsgClose(HCRYPTMSG hCryptMsg)
BOOL WINAPI CryptMsgUpdate(HCRYPTMSG hCryptMsg, const BYTE *pbData,
DWORD cbData, BOOL fFinal)
{
+ if (!hCryptMsg)
+ {
+ SetLastError(E_INVALIDARG);
+ return FALSE;
+ }
+
CryptMsgBase *msg = hCryptMsg;</pre>
</blockquote>
This makes the msg declaration<span style="color: rgb(0, 0, 0);
font-family: "Helvetica Neue", Helvetica, Arial,
sans-serif; font-size: 14px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2; text-align:
left; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;"> no longer at the beginning of a block.<br>
See </span><span style="color: rgb(0, 0, 0); font-family:
"Helvetica Neue", Helvetica, Arial, sans-serif;
font-size: 14px; font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400;
letter-spacing: normal; orphans: 2; text-align: left; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;"><a
href="https://wiki.winehq.org/Developer_Hints#Using_only_C89-compliant_code">https://wiki.winehq.org/Developer_Hints#Using_only_C89-compliant_code</a><br>
<br>
What application needs this change? If hCryptMsg really needs to
be checked<br>
against NULL, there are many more functions that make use of the
handle.<br>
Maybe you should add a helper for it.<br>
<br>
And </span><span style="color: rgb(0, 0, 0); font-family:
"Helvetica Neue", Helvetica, Arial, sans-serif;
font-size: 14px; font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400;
letter-spacing: normal; orphans: 2; text-align: left; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;"><span style="color: rgb(0, 0, 0);
font-family: "Helvetica Neue", Helvetica, Arial,
sans-serif; font-size: 14px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); text-decoration-style: initial; text-decoration-color:
initial; display: inline !important; float: none;">please add </span>tests
for this change.<br>
<br>
Thanks,<br>
Zhiyi<br>
</span>
<blockquote type="cite"
cite="mid:460f781b.5f2c.1730e164288.Coremail.near2see@163.com">
<pre class="moz-quote-pre" wrap="">
TRACE("(%p, %p, %d, %d)\n", hCryptMsg, pbData, cbData, fFinal);
@@ -3670,6 +3676,12 @@ BOOL WINAPI CryptMsgUpdate(HCRYPTMSG hCryptMsg, const BYTE *pbData,
BOOL WINAPI CryptMsgGetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
DWORD dwIndex, void *pvData, DWORD *pcbData)
{
+ if (!hCryptMsg)
+ {
+ SetLastError(E_INVALIDARG);
+ return FALSE;
+ }
+
CryptMsgBase *msg = hCryptMsg;
TRACE("(%p, %d, %d, %p, %p)\n", hCryptMsg, dwParamType, dwIndex,
@@ -3680,6 +3692,12 @@ BOOL WINAPI CryptMsgGetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
BOOL WINAPI CryptMsgControl(HCRYPTMSG hCryptMsg, DWORD dwFlags,
DWORD dwCtrlType, const void *pvCtrlPara)
{
+ if (!hCryptMsg)
+ {
+ SetLastError(E_INVALIDARG);
+ return FALSE;
+ }
+
CryptMsgBase *msg = hCryptMsg;
TRACE("(%p, %08x, %d, %p)\n", hCryptMsg, dwFlags, dwCtrlType,
</pre>
</blockquote>
<br>
</body>
</html>