From 497b67dbf623e8aacb2eaaaa326a5782eb3c06d8 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Sat, 5 Dec 2009 19:17:25 -0800
Subject: [PATCH] wintrust: Fail to load a certificate from a PE file if the
 certificate entry isn't a known type.

---
 dlls/wintrust/crypt.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/dlls/wintrust/crypt.c b/dlls/wintrust/crypt.c
index d9fa5633562..c41a56b1d1a 100644
--- a/dlls/wintrust/crypt.c
+++ b/dlls/wintrust/crypt.c
@@ -1028,7 +1028,18 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
         /* app hasn't passed buffer, just get the length */
         ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
         if (ret)
-            *pcbSignedDataMsg = cert.dwLength;
+        {
+            switch (cert.wCertificateType)
+            {
+            case WIN_CERT_TYPE_X509:
+            case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
+                *pcbSignedDataMsg = cert.dwLength;
+                break;
+            default:
+                WARN("unknown certificate type %d\n", cert.wCertificateType);
+                ret = FALSE;
+            }
+        }
     }
     else
     {
@@ -1065,9 +1076,10 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
                 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
                 break;
             default:
-                FIXME("don't know what to do for encoding type %d\n",
+                WARN("don't know what to do for encoding type %d\n",
                  pCert->wCertificateType);
                 *pdwEncodingType = 0;
+                ret = FALSE;
             }
         }
     }