[rsaenh]: Correction for buffer size detection
Kees Cook
kees at outflux.net
Sun May 15 23:56:51 CDT 2005
rsaenh.c accidentally tries to write into the output buffer before
checking the available size. This patch fixes a crash when you call
CryptDecrypt with a buffer size smaller than needed instead of correctly
failing with ERROR_MORE_DATA.
ChangeLog:
avoid segfault when detecting decryption buffer size.
--
Kees Cook @outflux.net
-------------- next part --------------
Index: dlls/rsaenh/rsaenh.c
===================================================================
RCS file: /home/wine/wine/dlls/rsaenh/rsaenh.c,v
retrieving revision 1.26
diff -u -p -4 -r1.26 rsaenh.c
--- dlls/rsaenh/rsaenh.c 18 Apr 2005 15:36:21 -0000 1.26
+++ dlls/rsaenh/rsaenh.c 16 May 2005 04:54:27 -0000
@@ -1833,16 +1833,16 @@ BOOL WINAPI RSAENH_CPEncrypt(HCRYPTPROV
return FALSE;
}
dwEncryptedLen = (*pdwDataLen/pCryptKey->dwBlockLen+(Final?1:0))*pCryptKey->dwBlockLen;
- for (i=*pdwDataLen; i<dwEncryptedLen; i++) pbData[i] = dwEncryptedLen - *pdwDataLen;
*pdwDataLen = dwEncryptedLen;
if (*pdwDataLen > dwBufLen)
{
SetLastError(ERROR_MORE_DATA);
return FALSE;
}
+ for (i=*pdwDataLen; i<dwEncryptedLen; i++) pbData[i] = dwEncryptedLen - *pdwDataLen;
for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
switch (pCryptKey->dwMode) {
case CRYPT_MODE_ECB:
More information about the wine-patches
mailing list