ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.

This commit is contained in:
Juan Lang 2009-11-17 14:01:11 -08:00 committed by Alexandre Julliard
parent a63affe5e0
commit 1db8a6abda
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dlls/crypt32/chain.c
View File

@ -1011,7 +1011,7 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
*/ */
if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName)) if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName))
{ {
BOOL match = FALSE; BOOL match = FALSE, hasDirectoryConstraint = FALSE;
for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++) for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
{ {
@ -1019,10 +1019,13 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
&nameConstraints->rgPermittedSubtree[i].Base; &nameConstraints->rgPermittedSubtree[i].Base;
if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME) if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
{
hasDirectoryConstraint = TRUE;
match = directory_name_matches(&constraint->u.DirectoryName, match = directory_name_matches(&constraint->u.DirectoryName,
subjectName); subjectName);
}
} }
if (!match) if (hasDirectoryConstraint && !match)
*trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
} }
} }