wintrust: Fail to load a certificate from a PE file if the certificate entry isn't a known type.
This commit is contained in:
parent
d69b00d630
commit
497b67dbf6
|
@ -1028,7 +1028,18 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
|
||||||
/* app hasn't passed buffer, just get the length */
|
/* app hasn't passed buffer, just get the length */
|
||||||
ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
|
ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
|
||||||
if (ret)
|
if (ret)
|
||||||
*pcbSignedDataMsg = cert.dwLength;
|
{
|
||||||
|
switch (cert.wCertificateType)
|
||||||
|
{
|
||||||
|
case WIN_CERT_TYPE_X509:
|
||||||
|
case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
|
||||||
|
*pcbSignedDataMsg = cert.dwLength;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
WARN("unknown certificate type %d\n", cert.wCertificateType);
|
||||||
|
ret = FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -1065,9 +1076,10 @@ static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
|
||||||
*pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
|
*pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
FIXME("don't know what to do for encoding type %d\n",
|
WARN("don't know what to do for encoding type %d\n",
|
||||||
pCert->wCertificateType);
|
pCert->wCertificateType);
|
||||||
*pdwEncodingType = 0;
|
*pdwEncodingType = 0;
|
||||||
|
ret = FALSE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue