Alexandre Julliard : crypt32: Fix comparison of domain name components.
Alexandre Julliard
julliard at winehq.org
Wed May 1 16:37:06 CDT 2019
Module: wine
Branch: master
Commit: 9e9b28a1797fdb0b221c8c0ee2e6d0ca949f589a
URL: https://source.winehq.org/git/wine.git/?a=commit;h=9e9b28a1797fdb0b221c8c0ee2e6d0ca949f589a
Author: Alexandre Julliard <julliard at winehq.org>
Date: Wed May 1 22:19:18 2019 +0200
crypt32: Fix comparison of domain name components.
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/crypt32/chain.c | 27 +++++++++++----------------
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 41c87b7..396a563 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3214,12 +3214,11 @@ static BOOL match_dns_to_subject_alt_name(const CERT_EXTENSION *ext,
}
static BOOL find_matching_domain_component(const CERT_NAME_INFO *name,
- LPCWSTR component)
+ const WCHAR *component, size_t len)
{
- BOOL matches = FALSE;
DWORD i, j;
- for (i = 0; !matches && i < name->cRDN; i++)
+ for (i = 0; i < name->cRDN; i++)
for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
if (!strcmp(szOID_DOMAIN_COMPONENT,
name->rgRDN[i].rgRDNAttr[j].pszObjId))
@@ -3227,15 +3226,16 @@ static BOOL find_matching_domain_component(const CERT_NAME_INFO *name,
const CERT_RDN_ATTR *attr;
attr = &name->rgRDN[i].rgRDNAttr[j];
- /* Compare with memicmpW rather than strcmpiW in order to avoid
+ /* Compare with strncmpiW rather than strcmpiW in order to avoid
* a match with a string with an embedded NULL. The component
* must match one domain component attribute's entire string
* value with a case-insensitive match.
*/
- matches = !memicmpW(component, (LPCWSTR)attr->Value.pbData,
- attr->Value.cbData / sizeof(WCHAR));
+ if ((len == attr->Value.cbData / sizeof(WCHAR)) &&
+ !strncmpiW(component, (LPCWSTR)attr->Value.pbData, len))
+ return TRUE;
}
- return matches;
+ return FALSE;
}
static BOOL match_domain_component(LPCWSTR allowed_component, DWORD allowed_len,
@@ -3397,23 +3397,18 @@ static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name)
do {
LPCWSTR dot = strchrW(ptr, '.'), end;
/* 254 is the maximum DNS label length, see RFC 1035 */
- WCHAR component[255];
- DWORD len;
+ size_t len;
end = dot ? dot : ptr + strlenW(ptr);
len = end - ptr;
- if (len >= ARRAY_SIZE(component))
+ if (len >= 255)
{
WARN_(chain)("domain component %s too long\n",
debugstr_wn(ptr, len));
matches = FALSE;
}
- else
- {
- memcpy(component, ptr, len * sizeof(WCHAR));
- component[len] = 0;
- matches = find_matching_domain_component(name, component);
- }
+ else matches = find_matching_domain_component(name, ptr, len);
+
ptr = dot ? dot + 1 : end;
} while (matches && ptr && *ptr);
}
More information about the wine-cvs
mailing list