crypt32: Fix integer overflow [security]
Michael Karcher
karcher at physik.fu-berlin.de
Sun May 25 07:32:22 CDT 2008
This patch should *definitively* go into Wine 1.0, as the overflowing
integer is used to calculate the size of a buffer needed to store the
integer, so it can cause buffer overflows.
The bug fixed makes makecert crash for keys of more than 2008 bits.
---
dlls/crypt32/encode.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/dlls/crypt32/encode.c b/dlls/crypt32/encode.c
index 9071e5c..a274f44 100644
--- a/dlls/crypt32/encode.c
+++ b/dlls/crypt32/encode.c
@@ -2540,8 +2540,8 @@ static BOOL WINAPI CRYPT_AsnEncodeInteger(DWORD dwCertEncodingType,
__TRY
{
- DWORD significantBytes, lenBytes;
- BYTE padByte = 0, bytesNeeded;
+ DWORD significantBytes, lenBytes, bytesNeeded;
+ BYTE padByte = 0;
BOOL pad = FALSE;
const CRYPT_INTEGER_BLOB *blob =
(const CRYPT_INTEGER_BLOB *)pvStructInfo;
@@ -2629,8 +2629,7 @@ static BOOL WINAPI CRYPT_AsnEncodeUnsignedInteger(DWORD dwCertEncodingType,
__TRY
{
- DWORD significantBytes, lenBytes;
- BYTE bytesNeeded;
+ DWORD significantBytes, lenBytes, bytesNeeded;
BOOL pad = FALSE;
const CRYPT_INTEGER_BLOB *blob =
(const CRYPT_INTEGER_BLOB *)pvStructInfo;
--
1.5.5.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20080525/0c767c76/attachment-0001.pgp
More information about the wine-patches
mailing list