ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

wintrust: Check that the end certificate in the chain isn't disallowed to match native behavior.

This commit is contained in:
Juan Lang 2008-09-22 13:19:59 -07:00 committed by Alexandre Julliard
parent 2844cb5a65
commit 036128842a
1 changed files with 53 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
dlls/wintrust/softpub.c
View File

@ -783,6 +783,38 @@ HRESULT WINAPI SoftpubAuthenticode(CRYPT_PROVIDER_DATA *data)
ret = TRUE;
for (i = 0; ret && i < data->csSigners; i++)
{
BYTE hash[20];
DWORD size = sizeof(hash);
/* First make sure cert isn't disallowed */
if ((ret = CertGetCertificateContextProperty(
data->pasSigners[i].pasCertChain[0].pCert,
CERT_SIGNATURE_HASH_PROP_ID, hash, &size)))
{
static const WCHAR disallowedW[] =
{ 'D','i','s','a','l','l','o','w','e','d',0 };
HCERTSTORE disallowed = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
X509_ASN_ENCODING, 0, CERT_SYSTEM_STORE_CURRENT_USER,
disallowedW);
if (disallowed)
{
PCCERT_CONTEXT found = CertFindCertificateInStore(
disallowed, X509_ASN_ENCODING, 0, CERT_FIND_SIGNATURE_HASH,
hash, NULL);
if (found)
{
/* Disallowed! Can't verify it. */
policyStatus.dwError = TRUST_E_SUBJECT_NOT_TRUSTED;
ret = FALSE;
CertFreeCertificateContext(found);
}
CertCloseStore(disallowed, 0);
}
}
if (ret)
{
CERT_CHAIN_POLICY_PARA policyPara = { sizeof(policyPara), 0 };
@ -807,6 +839,7 @@ HRESULT WINAPI SoftpubAuthenticode(CRYPT_PROVIDER_DATA *data)
ret = FALSE;
}
}
}
if (!ret)
data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV] =
policyStatus.dwError;