crypt32: Fix potential buffer overruns in CertGetNameStringW
Juan Lang
juan.lang at gmail.com
Wed Sep 9 10:45:00 CDT 2009
Sorry, I didn't see this until this morning. It's perhaps a bit of a
pathological case, but if CertGetNameStringW were called with a
non-NULL string pointer and with cchNameString = 0, it would write
into the buffer.
--Juan
-------------- next part --------------
From db872c9b64e58e1fe13db97faea12702d347f94d Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Wed, 9 Sep 2009 08:40:44 -0700
Subject: [PATCH 5/5] Fix potential buffer overruns in CertGetNameStringW
---
dlls/crypt32/str.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c
index fa6eed9..b0a3d25 100644
--- a/dlls/crypt32/str.c
+++ b/dlls/crypt32/str.c
@@ -1018,7 +1018,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
{
if (!pszNameString)
ret = strlenW(entry->pwszRfc822Name) + 1;
- else
+ else if (cchNameString)
{
ret = min(strlenW(entry->pwszRfc822Name), cchNameString - 1);
memcpy(pszNameString, entry->pwszRfc822Name,
@@ -1103,7 +1103,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
{
if (!pszNameString)
ret = strlenW(entry->pwszRfc822Name) + 1;
- else
+ else if (cchNameString)
{
ret = min(strlenW(entry->pwszRfc822Name),
cchNameString - 1);
@@ -1140,7 +1140,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
{
if (!pszNameString)
ret = strlenW(entry->pwszDNSName) + 1;
- else
+ else if (cchNameString)
{
ret = min(strlenW(entry->pwszDNSName), cchNameString - 1);
memcpy(pszNameString, entry->pwszDNSName, ret * sizeof(WCHAR));
@@ -1164,7 +1164,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
{
if (!pszNameString)
ret = strlenW(entry->pwszURL) + 1;
- else
+ else if (cchNameString)
{
ret = min(strlenW(entry->pwszURL), cchNameString - 1);
memcpy(pszNameString, entry->pwszURL, ret * sizeof(WCHAR));
--
1.6.3.2
More information about the wine-patches
mailing list