[PATCH 2/5] bcrypt: Fix buffer size query in BCryptExportKey.

Hans Leidekker hans at codeweavers.com
Tue Oct 6 05:27:11 CDT 2020 

Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
 dlls/bcrypt/bcrypt_main.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 16c68ed691..7f8b08869d 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -968,11 +968,13 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
 
         *size = req_size;
         if (output_len < req_size) return STATUS_BUFFER_TOO_SMALL;
-
-        header->dwMagic   = BCRYPT_KEY_DATA_BLOB_MAGIC;
-        header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
-        header->cbKeyData = key->u.s.secret_len;
-        memcpy( &header[1], key->u.s.secret, key->u.s.secret_len );
+        if (output)
+        {
+            header->dwMagic   = BCRYPT_KEY_DATA_BLOB_MAGIC;
+            header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
+            header->cbKeyData = key->u.s.secret_len;
+            memcpy( &header[1], key->u.s.secret, key->u.s.secret_len );
+        }
         return STATUS_SUCCESS;
     }
     else if (!wcscmp( type, BCRYPT_OPAQUE_KEY_BLOB ))
@@ -981,9 +983,11 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
 
         *size = req_size;
         if (output_len < req_size) return STATUS_BUFFER_TOO_SMALL;
-
-        *(ULONG *)output = key->u.s.secret_len;
-        memcpy( output + sizeof(len), key->u.s.secret, key->u.s.secret_len );
+        if (output)
+        {
+            *(ULONG *)output = key->u.s.secret_len;
+            memcpy( output + sizeof(len), key->u.s.secret, key->u.s.secret_len );
+        }
         return STATUS_SUCCESS;
     }
     else if (!wcscmp( type, BCRYPT_RSAPUBLIC_BLOB ) || !wcscmp( type, BCRYPT_DSA_PUBLIC_BLOB ) ||
@@ -991,8 +995,7 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
     {
         *size = key->u.a.pubkey_len;
         if (output_len < key->u.a.pubkey_len) return STATUS_SUCCESS;
-
-        memcpy( output, key->u.a.pubkey, key->u.a.pubkey_len );
+        if (output) memcpy( output, key->u.a.pubkey, key->u.a.pubkey_len );
         return STATUS_SUCCESS;
     }
     else if (!wcscmp( type, BCRYPT_ECCPRIVATE_BLOB ))
-- 
2.28.0

More information about the wine-devel mailing list