crypt32(12/17): Correct combining trust status of a chain's elements into the chain's trust status

Juan Lang juan.lang at gmail.com
Thu Aug 30 20:17:50 CDT 2007 

--Juan
-------------- next part --------------
From 64172bae3dc0bd0a1f1eb93a5a2e4744cf0a07a9 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Thu, 30 Aug 2007 17:57:15 -0700
Subject: [PATCH] Correct combining trust status of a chain's elements into the chain's trust
status
---
 dlls/crypt32/chain.c |   23 +++++++++++++++--------
 1 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index e6a0df8..f0f3e56 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -262,6 +262,17 @@ static PCCERT_CONTEXT CRYPT_GetIssuerFro
     return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
 }
 
+static inline void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus,
+ CERT_TRUST_STATUS *elementStatus)
+{
+    /* Any error that applies to an element also applies to a chain.. */
+    chainStatus->dwErrorStatus |= elementStatus->dwErrorStatus;
+    /* but the bottom nibble of an element's info status doesn't apply to the
+     * chain.
+     */
+    chainStatus->dwInfoStatus |= (elementStatus->dwInfoStatus & 0xfffffff0);
+}
+
 static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,
  PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD dwFlags)
 {
@@ -307,10 +318,8 @@ static BOOL CRYPT_AddCertToSimpleChain(P
             chain->rgpElement[chain->cElement++] = element;
             if (chain->cElement % engine->CycleDetectionModulus)
                 CRYPT_CheckSimpleChainForCycles(chain);
-            chain->TrustStatus.dwErrorStatus |=
-             element->TrustStatus.dwErrorStatus;
-            chain->TrustStatus.dwInfoStatus |=
-             element->TrustStatus.dwInfoStatus;
+            CRYPT_CombineTrustStatus(&chain->TrustStatus,
+             &element->TrustStatus);
             ret = TRUE;
         }
         else
@@ -412,10 +421,8 @@ static BOOL CRYPT_BuildSimpleChain(HCERT
                 }
                 CRYPT_CheckTrustedStatus(engine->hRoot, rootElement);
             }
-            chain->TrustStatus.dwErrorStatus |=
-             rootElement->TrustStatus.dwErrorStatus;
-            chain->TrustStatus.dwInfoStatus |=
-             rootElement->TrustStatus.dwInfoStatus & ~CERT_TRUST_IS_SELF_SIGNED;
+            CRYPT_CombineTrustStatus(&chain->TrustStatus,
+             &rootElement->TrustStatus);
         }
         if (!ret)
         {
-- 
1.4.1

More information about the wine-patches mailing list