From 32db5a08393413b4765a7149806a19956ce2f120 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Mon, 17 Sep 2007 17:26:51 -0700 Subject: [PATCH] Allow indefinite-length encoding of sequence items --- dlls/crypt32/decode.c | 40 +++++++++++++++++++++++++++++++--------- 1 files changed, 31 insertions(+), 9 deletions(-) diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c index 7b231ea..0de2e6a 100644 --- a/dlls/crypt32/decode.c +++ b/dlls/crypt32/decode.c @@ -310,8 +310,8 @@ static BOOL CRYPT_AsnDecodeSequenceItems { DWORD nextItemLen; - if ((ret = CRYPT_GetLen(ptr, cbEncoded - (ptr - pbEncoded), - &nextItemLen))) + if ((ret = CRYPT_GetLengthIndefinite(ptr, + cbEncoded - (ptr - pbEncoded), &nextItemLen))) { BYTE nextItemLenBytes = GET_LEN_BYTES(ptr[1]); @@ -326,15 +326,21 @@ static BOOL CRYPT_AsnDecodeSequenceItems } if (items[i].decodeFunc) { + DWORD nextItemEncodedLen, nextItemDecoded; + + if (nextItemLen == CMSG_INDEFINITE_LENGTH) + nextItemEncodedLen = cbEncoded - (ptr - pbEncoded); + else + nextItemEncodedLen = 1 + nextItemLenBytes + + nextItemLen; if (pvStructInfo) TRACE("decoding item %d\n", i); else TRACE("sizing item %d\n", i); - ret = items[i].decodeFunc(ptr, - 1 + nextItemLenBytes + nextItemLen, + ret = items[i].decodeFunc(ptr, nextItemEncodedLen, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, pvStructInfo ? (BYTE *)pvStructInfo + items[i].offset - : NULL, &items[i].size, NULL); + : NULL, &items[i].size, &nextItemDecoded); if (ret) { /* Account for alignment padding */ @@ -345,10 +351,20 @@ static BOOL CRYPT_AsnDecodeSequenceItems if (nextData && items[i].hasPointer && items[i].size > items[i].minSize) nextData += items[i].size - items[i].minSize; - ptr += 1 + nextItemLenBytes + nextItemLen; - decoded += 1 + nextItemLenBytes + nextItemLen; - TRACE("item %d: decoded %d bytes\n", i, - 1 + nextItemLenBytes + nextItemLen); + if (nextItemDecoded > nextItemEncodedLen) + { + WARN("decoded length %d exceeds encoded %d\n", + nextItemDecoded, nextItemEncodedLen); + SetLastError(CRYPT_E_ASN1_CORRUPT); + ret = FALSE; + } + else + { + ptr += nextItemDecoded; + decoded += nextItemDecoded; + TRACE("item %d: decoded %d bytes\n", i, + nextItemDecoded); + } } else if (items[i].optional && GetLastError() == CRYPT_E_ASN1_BADTAG) @@ -362,6 +378,12 @@ static BOOL CRYPT_AsnDecodeSequenceItems TRACE("item %d failed: %08x\n", i, GetLastError()); } + else if (nextItemLen == CMSG_INDEFINITE_LENGTH) + { + ERR("can't use indefinite length encoding without a decoder\n"); + SetLastError(CRYPT_E_ASN1_CORRUPT); + ret = FALSE; + } else { TRACE("item %d: decoded %d bytes\n", i, -- 1.4.1