From 3a945c3987a2e488168a4b6f52c5f5609929229e Mon Sep 17 00:00:00 2001
From: Piotr Caban <piotr@codeweavers.com>
Date: Tue, 3 May 2011 18:50:48 +0200
Subject: [PATCH] wintrust: Fix CryptSIPGetSignedMsg (from PE file).

---
 dlls/wintrust/crypt.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/dlls/wintrust/crypt.c b/dlls/wintrust/crypt.c
index 4f4ed2433de..341f45bd59f 100644
--- a/dlls/wintrust/crypt.c
+++ b/dlls/wintrust/crypt.c
@@ -1016,16 +1016,27 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
 {
     BOOL ret;
     WIN_CERTIFICATE *pCert = NULL;
+    HANDLE file;
 
     TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
           pcbSignedDataMsg, pbSignedDataMsg);
+
+    if(pSubjectInfo->hFile && pSubjectInfo->hFile!=INVALID_HANDLE_VALUE)
+        file = pSubjectInfo->hFile;
+    else
+    {
+        file = CreateFileW(pSubjectInfo->pwsFileName, GENERIC_READ,
+                FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+        if(file == INVALID_HANDLE_VALUE)
+            return FALSE;
+    }
  
     if (!pbSignedDataMsg)
     {
         WIN_CERTIFICATE cert;
 
         /* app hasn't passed buffer, just get the length */
-        ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
+        ret = ImageGetCertificateHeader(file, dwIndex, &cert);
         if (ret)
         {
             switch (cert.wCertificateType)
@@ -1044,7 +1055,7 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
     {
         DWORD len = 0;
 
-        ret = ImageGetCertificateData(pSubjectInfo->hFile, dwIndex, NULL, &len);
+        ret = ImageGetCertificateData(file, dwIndex, NULL, &len);
         if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
             goto error;
         pCert = HeapAlloc(GetProcessHeap(), 0, len);
@@ -1053,10 +1064,10 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
             ret = FALSE;
             goto error;
         }
-        ret = ImageGetCertificateData(pSubjectInfo->hFile, dwIndex, pCert,
-         &len);
+        ret = ImageGetCertificateData(file, dwIndex, pCert, &len);
         if (!ret)
             goto error;
+        pCert->dwLength -= FIELD_OFFSET(WIN_CERTIFICATE, bCertificate);
         if (*pcbSignedDataMsg < pCert->dwLength)
         {
             *pcbSignedDataMsg = pCert->dwLength;
@@ -1066,6 +1077,7 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
         else
         {
             memcpy(pbSignedDataMsg, pCert->bCertificate, pCert->dwLength);
+            *pcbSignedDataMsg = pCert->dwLength;
             switch (pCert->wCertificateType)
             {
             case WIN_CERT_TYPE_X509:
@@ -1083,6 +1095,8 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
         }
     }
 error:
+    if(pSubjectInfo->hFile != file)
+        CloseHandle(file);
     HeapFree(GetProcessHeap(), 0, pCert);
     return ret;
 }
@@ -1351,6 +1365,12 @@ BOOL WINAPI CryptSIPGetSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pdwEn
     TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
           pcbSignedDataMsg, pbSignedDataMsg);
 
+    if(!pSubjectInfo)
+    {
+        SetLastError(ERROR_INVALID_PARAMETER);
+        return FALSE;
+    }
+
     if (!memcmp(pSubjectInfo->pgSubjectType, &unknown, sizeof(unknown)))
         ret = WINTRUST_GetSignedMsgFromPEFile(pSubjectInfo, pdwEncodingType,
          dwIndex, pcbSignedDataMsg, pbSignedDataMsg);