When decoding a signed cert, make sure it's really a cert.
This commit is contained in:
Juan Lang
Alexandre Julliard
parent
e4b2a0bbbc
commit
807b11b363
|
|
@ -1786,6 +1786,7 @@ static PWINE_CERT_CONTEXT CRYPT_CreateCertificateContext(
|
|||
{
|
||||
PWINE_CERT_CONTEXT cert = NULL;
|
||||
BOOL ret;
|
||||
PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
|
||||
PCERT_INFO certInfo = NULL;
|
||||
DWORD size = 0;
|
||||
|
||||
|
|
@ -1795,13 +1796,25 @@ static PWINE_CERT_CONTEXT CRYPT_CreateCertificateContext(
|
|||
/* First try to decode it as a signed cert. */
|
||||
ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, pbCertEncoded,
|
||||
cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
|
||||
(BYTE *)&certInfo, &size);
|
||||
(BYTE *)&signedCert, &size);
|
||||
if (ret)
|
||||
{
|
||||
size = 0;
|
||||
ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
|
||||
signedCert->ToBeSigned.pbData, signedCert->ToBeSigned.cbData,
|
||||
CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
|
||||
(BYTE *)&certInfo, &size);
|
||||
LocalFree(signedCert);
|
||||
}
|
||||
/* Failing that, try it as an unsigned cert */
|
||||
if (!ret)
|
||||
{
|
||||
size = 0;
|
||||
ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
|
||||
pbCertEncoded, cbCertEncoded,
|
||||
CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
|
||||
(BYTE *)&certInfo, &size);
|
||||
}
|
||||
if (ret)
|
||||
{
|
||||
BYTE *data = NULL;
|
||||
|
|
|
|||
|
|
@ -110,6 +110,12 @@ static const BYTE serializedCert[] = { 0x20, 0x00, 0x00, 0x00,
|
|||
0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
|
||||
0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
|
||||
0x01, 0x01 };
|
||||
static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
|
||||
0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
|
||||
0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
|
||||
0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
|
||||
0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
|
||||
0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
|
||||
|
||||
static void testMemStore(void)
|
||||
{
|
||||
|
|
@ -167,6 +173,13 @@ static void testMemStore(void)
|
|||
ok(ret, "CertDeleteCertificateFromStore failed: %08lx\n",
|
||||
GetLastError());
|
||||
}
|
||||
/* try adding a "signed" CRL as a cert */
|
||||
ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
|
||||
signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
|
||||
ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG || GetLastError() ==
|
||||
CRYPT_E_ASN1_CORRUPT),
|
||||
"Expected CRYPT_E_ASN1_BADTAG or CRYPT_E_ASN1_CORRUPT, got %08lx\n",
|
||||
GetLastError());
|
||||
/* add a cert to store1 */
|
||||
ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING, bigCert,
|
||||
sizeof(bigCert) - 1, CERT_STORE_ADD_ALWAYS, &context);
|
||||
|
|
|
|||
Loading…
Reference in New Issue