crypt32: CertGetCertificateChain does not validate the size of the CERT_CHAIN_PARA structure.

2009-09-22 12:04:56 +02:00 · 2009-09-22 12:04:56 +02:00 · 2f112cf5ee
parent 4086ff6248
commit 2f112cf5ee
2 changed files with 46 additions and 6 deletions
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@ -1567,12 +1567,7 @@ BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine,
        SetLastError(ERROR_INVALID_DATA);
        return FALSE;
    }
-    if (pChainPara->cbSize != sizeof(CERT_CHAIN_PARA_NO_EXTRA_FIELDS) &&
-     pChainPara->cbSize != sizeof(CERT_CHAIN_PARA))
-    {
-        SetLastError(E_INVALIDARG);
-        return FALSE;
-    }
+
    if (!hChainEngine)
        hChainEngine = CRYPT_GetDefaultChainEngine();
    /* FIXME: what about HCCE_LOCAL_MACHINE? */
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@ -1680,6 +1680,15 @@ static void testGetCertChain(void)
    ok(GetLastError() == ERROR_INVALID_DATA ||
     GetLastError() == CRYPT_E_ASN1_BADTAG /* Vista */,
     "Expected ERROR_INVALID_DATA or CRYPT_E_ASN1_BADTAG, got %d\n", GetLastError());
+
+    para.cbSize = 0;
+    SetLastError(0xdeadbeef);
+    ret = pCertGetCertificateChain(NULL, cert, NULL, NULL, &para, 0, NULL,
+     &chain);
+    ok(!ret, "Expected failure\n");
+    ok(GetLastError() == ERROR_INVALID_DATA,
+     "Expected ERROR_INVALID_DATA, got %u\n", GetLastError());
+
    CertFreeCertificateContext(cert);

    for (i = 0; i < sizeof(chainCheck) / sizeof(chainCheck[0]); i++)
@ -1707,6 +1716,41 @@ static void testGetCertChain(void)
    }
 }

+static void test_CERT_CHAIN_PARA_cbSize(void)
+{
+    BOOL ret;
+    PCCERT_CONTEXT cert;
+    CERT_CHAIN_PARA para = { 0 };
+    PCCERT_CHAIN_CONTEXT chain;
+    HCERTSTORE store;
+    DWORD i;
+
+    store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+     CERT_STORE_CREATE_NEW_FLAG, NULL);
+
+    ret = CertAddEncodedCertificateToStore(store,
+     X509_ASN_ENCODING, chain0_0, sizeof(chain0_0),
+     CERT_STORE_ADD_ALWAYS, NULL);
+    ret = CertAddEncodedCertificateToStore(store,
+     X509_ASN_ENCODING, chain0_1, sizeof(chain0_1),
+     CERT_STORE_ADD_ALWAYS, &cert);
+
+    for (i = 0; i < sizeof(CERT_CHAIN_PARA) + 2; i++)
+    {
+        FILETIME fileTime;
+
+        SystemTimeToFileTime(&oct2007, &fileTime);
+
+        para.cbSize = i;
+        ret = pCertGetCertificateChain(NULL, cert, &fileTime,
+         NULL, &para, 0, NULL, &chain);
+        ok(ret, "CertGetCertificateChain failed %u\n", GetLastError());
+        pCertFreeCertificateChain(chain);
+    }
+
+    CertCloseStore(store, 0);
+}
+
 typedef struct _ChainPolicyCheck
 {
    CONST_BLOB_ARRAY                certs;
@ -2016,5 +2060,6 @@ START_TEST(chain)
    {
        testVerifyCertChainPolicy();
        testGetCertChain();
+        test_CERT_CHAIN_PARA_cbSize();
    }
 }