Dmitry Timoshkov : crypt32: CryptMsgUpdate should skip broken certificates.
Alexandre Julliard
julliard at winehq.org
Mon Nov 25 09:12:22 CST 2019
Module: wine
Branch: stable
Commit: 70f00e62468b368fcea9f5bb9ccdb62f52fa3b79
URL: https://source.winehq.org/git/wine.git/?a=commit;h=70f00e62468b368fcea9f5bb9ccdb62f52fa3b79
Author: Dmitry Timoshkov <dmitry at baikal.ru>
Date: Tue Apr 30 17:55:24 2019 +0800
crypt32: CryptMsgUpdate should skip broken certificates.
CertOpenStore() already verifies the certificate before adding it
to the memory store from the file, this patch makes CryptMsgUpdate()
behave in a similar way.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=45757
Signed-off-by: Dmitry Timoshkov <dmitry at baikal.ru>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
(cherry picked from commit 1875620466d178faead9d0ccea08bd2eee7c7722)
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>
---
dlls/crypt32/decode.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c
index e70940aa7d..a69743e9b6 100644
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@@ -683,6 +683,13 @@ static BOOL CRYPT_AsnDecodeArray(const struct AsnArrayDescriptor *arrayDesc,
&itemDecoded);
if (ret)
{
+ /* Ignore an item that failed to decode but the decoder doesn't want to fail the whole process */
+ if (!size)
+ {
+ ptr += itemEncoded;
+ continue;
+ }
+
cItems++;
if (itemSizes != &itemSize)
itemSizes = CryptMemRealloc(itemSizes,
@@ -5631,6 +5638,25 @@ static BOOL WINAPI CRYPT_AsnDecodePKCSSignerInfo(DWORD dwCertEncodingType,
return ret;
}
+static BOOL verify_and_copy_certificate(const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
+ void *pvStructInfo, DWORD *pcbStructInfo, DWORD *pcbDecoded)
+{
+ PCCERT_CONTEXT cert;
+
+ cert = CertCreateCertificateContext(X509_ASN_ENCODING, pbEncoded, cbEncoded);
+ if (!cert)
+ {
+ WARN("CertCreateCertificateContext error %#x\n", GetLastError());
+ *pcbStructInfo = 0;
+ *pcbDecoded = 0;
+ return TRUE;
+ }
+
+ CertFreeCertificateContext(cert);
+
+ return CRYPT_AsnDecodeCopyBytes(pbEncoded, cbEncoded, dwFlags, pvStructInfo, pcbStructInfo, pcbDecoded);
+}
+
static BOOL CRYPT_AsnDecodeCMSCertEncoded(const BYTE *pbEncoded,
DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo,
DWORD *pcbDecoded)
@@ -5640,7 +5666,7 @@ static BOOL CRYPT_AsnDecodeCMSCertEncoded(const BYTE *pbEncoded,
offsetof(CRYPT_SIGNED_INFO, cCertEncoded),
offsetof(CRYPT_SIGNED_INFO, rgCertEncoded),
MEMBERSIZE(CRYPT_SIGNED_INFO, cCertEncoded, cCrlEncoded),
- CRYPT_AsnDecodeCopyBytes,
+ verify_and_copy_certificate,
sizeof(CRYPT_DER_BLOB), TRUE, offsetof(CRYPT_DER_BLOB, pbData) };
TRACE("%p, %d, %08x, %p, %d, %p\n", pbEncoded, cbEncoded, dwFlags,
More information about the wine-cvs
mailing list