crypt32: Disallow embedded NULLs in alternate names.

2009-11-09 16:06:02 -08:00 · 2009-11-09 16:06:02 -08:00 · 25e8f27817
parent ddf78bdb38
commit 25e8f27817
2 changed files with 7 additions and 3 deletions
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@ -2990,7 +2990,13 @@ static BOOL CRYPT_AsnDecodeAltNameEntry(const BYTE *pbEncoded, DWORD cbEncoded,
        case 1: /* rfc822Name */
        case 2: /* dNSName */
        case 6: /* uniformResourceIdentifier */
-            bytesNeeded += (dataLen + 1) * sizeof(WCHAR);
+            if (memchr(pbEncoded + 1 + lenBytes, 0, dataLen))
+            {
+                SetLastError(CRYPT_E_ASN1_RULE);
+                ret = FALSE;
+            }
+            else
+                bytesNeeded += (dataLen + 1) * sizeof(WCHAR);
            break;
        case 4: /* directoryName */
        case 7: /* iPAddress */
--- a/dlls/crypt32/tests/encode.c
+++ b/dlls/crypt32/tests/encode.c
@ -1691,7 +1691,6 @@ static void test_decodeAltName(DWORD dwEncoding)
    /* Fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned about the
     * particular failure, just that it doesn't decode.
     */
-    todo_wine
    ok(!ret, "expected failure\n");
    /* An embedded bell character is allowed, however. */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
@ -1715,7 +1714,6 @@ static void test_decodeAltName(DWORD dwEncoding)
    /* Again, fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned
     * about the particular failure, just that it doesn't decode.
     */
-    todo_wine
    ok(!ret, "expected failure\n");
 }