Thomas Faber : advapi32: Fix uneven length handling in CredUnmarshalCredential.
Alexandre Julliard
julliard at winehq.org
Mon Mar 31 13:32:43 CDT 2014
Module: wine
Branch: master
Commit: 6754c35589709c033d30ca593de90fa55f25b4e4
URL: http://source.winehq.org/git/wine.git/?a=commit;h=6754c35589709c033d30ca593de90fa55f25b4e4
Author: Thomas Faber <thomas.faber at reactos.org>
Date: Fri Mar 28 10:21:06 2014 +0100
advapi32: Fix uneven length handling in CredUnmarshalCredential.
---
dlls/advapi32/cred.c | 2 +-
dlls/advapi32/tests/cred.c | 18 ++++++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/cred.c b/dlls/advapi32/cred.c
index 9ecfaee..fdd5645 100644
--- a/dlls/advapi32/cred.c
+++ b/dlls/advapi32/cred.c
@@ -2100,7 +2100,7 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
DWORD size;
if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
- !size || size % sizeof(WCHAR) || size > INT_MAX)
+ size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
{
SetLastError( ERROR_INVALID_PARAMETER );
return FALSE;
diff --git a/dlls/advapi32/tests/cred.c b/dlls/advapi32/tests/cred.c
index de05e30..0ee08ef 100644
--- a/dlls/advapi32/tests/cred.c
+++ b/dlls/advapi32/tests/cred.c
@@ -566,6 +566,8 @@ static void test_CredUnmarshalCredentialA(void)
static const UCHAR cert_empty[CERT_HASH_LENGTH] = {0};
static const UCHAR cert_wine[CERT_HASH_LENGTH] = {'W','i','n','e',0};
static const WCHAR tW[] = {'t',0};
+ static const WCHAR teW[] = {'t','e',0};
+ static const WCHAR tesW[] = {'t','e','s',0};
static const WCHAR testW[] = {'t','e','s','t',0};
void *p;
CERT_CREDENTIAL_INFO *cert;
@@ -593,6 +595,8 @@ static void test_CredUnmarshalCredentialA(void)
{ "@@-", 63, NULL },
{ "@@B", CertCredential, NULL },
{ "@@BA", CertCredential, NULL },
+ { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, NULL },
+ { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, NULL },
{ "@@BAAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, cert_empty },
{ "@@BXlmblBAAAAAAAAAAAAAAAAAAAAA", CertCredential, cert_wine },
{ "@@C", UsernameTargetCredential, NULL },
@@ -601,6 +605,20 @@ static void test_CredUnmarshalCredentialA(void)
{ "@@CAAAAAA0B", UsernameTargetCredential, NULL },
{ "@@CAAAAAA0BA", UsernameTargetCredential, NULL },
{ "@@CCAAAAA0BA", UsernameTargetCredential, tW },
+ { "@@CEAAAAA0BA", UsernameTargetCredential, NULL },
+ { "@@CEAAAAA0BAd", UsernameTargetCredential, NULL },
+ { "@@CEAAAAA0BAdA", UsernameTargetCredential, NULL },
+ { "@@CEAAAAA0BQZAA", UsernameTargetCredential, teW },
+ { "@@CEAAAAA0BQZAQ", UsernameTargetCredential, teW },
+ { "@@CEAAAAA0BQZAg", UsernameTargetCredential, teW },
+ { "@@CEAAAAA0BQZAw", UsernameTargetCredential, teW },
+ { "@@CEAAAAA0BQZAAA", UsernameTargetCredential, NULL },
+ { "@@CGAAAAA0BQZAMH", UsernameTargetCredential, NULL },
+ { "@@CGAAAAA0BQZAMHA", UsernameTargetCredential, tesW },
+ { "@@CGAAAAA0BQZAMHAA", UsernameTargetCredential, NULL },
+ { "@@CCAAAAA0BAA", UsernameTargetCredential, NULL },
+ { "@@CBAAAAA0BAA", UsernameTargetCredential, NULL },
+ { "@@CAgAAAA0BAA", UsernameTargetCredential, NULL },
{ "@@CIAAAAA0BQZAMHA0BA", UsernameTargetCredential, testW },
{ "@@CA-----0BQZAMHA0BA", UsernameTargetCredential, NULL },
};
More information about the wine-cvs
mailing list