crypt32: fix crash in CertGetCertificateContextProperty when querying length of a hash property

Mounir IDRASSI mounir.idrassi at idrix.fr
Sun May 13 17:25:04 CDT 2007


Hi,
This patch corrects a crash that occur when we call
CertGetCertificateContextProperty with a pvData set to NULL in order to
get the length of hash property. The bug is located in the internal
function CertContext_GetHashProp.
It also adds in the tests a call to this function with a NULL pvData
parameter.

Mounir IDRASSI
IDRIX - Cryptography and IT Security Experts
http://www.idrix.fr

-------------- next part --------------
>From 2accaeff71801b49f35da4cb8f4f991506429d05 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi at idrix.fr>
Date: Sun, 13 May 2007 23:38:46 +0200
Subject: crypt32: fix crash in CertGetCertificateContextProperty when querying length of a hash property

---
 dlls/crypt32/cert.c       |    2 +-
 dlls/crypt32/tests/cert.c |    7 +++++++
 2 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 884c2da..3912447 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -158,7 +158,7 @@ static BOOL CertContext_GetHashProp(void *context, DWORD dwPropId,
 {
     BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
      pcbData);
-    if (ret)
+    if (ret && pvData)
     {
         CRYPT_DATA_BLOB blob = { *pcbData, pvData };
 
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index cdc6cfb..5c17e94 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -294,18 +294,25 @@ static void checkHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
     BYTE hash[20] = { 0 }, hashProperty[20];
     BOOL ret;
     DWORD size;
+    DWORD dwSizeWithNull;
 
     memset(hash, 0, sizeof(hash));
     memset(hashProperty, 0, sizeof(hashProperty));
     size = sizeof(hash);
     ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
     ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
+    ret = CertGetCertificateContextProperty(context, propID, NULL,
+     &dwSizeWithNull);
+    ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
+     GetLastError());   
     ret = CertGetCertificateContextProperty(context, propID, hashProperty,
      &size);
     ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
      GetLastError());
     ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
      propID);
+    ok(size == dwSizeWithNull, "Unexpected length of hash for property: received %d instead of %d\n",
+     dwSizeWithNull,size);  
 }
 
 static WCHAR cspNameW[] = { 'W','i','n','e','C','r','y','p','t','T','e','m','p',0 };
-- 
1.4.4.2



More information about the wine-patches mailing list