ReceiveTempSMS/Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Fix error handling for cyclic chains.

Browse Source
This commit is contained in:
Juan Lang 2008-10-08 14:18:55 -07:00 committed by Alexandre Julliard
parent 742c1a37f3
commit cb341f3717
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
dlls/crypt32/chain.c
View File

@ -251,7 +251,7 @@ static void CRYPT_CheckSimpleChainForCycles(PCERT_SIMPLE_CHAIN chain)
if (cyclicCertIndex) if (cyclicCertIndex)
{ {
chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
|= CERT_TRUST_IS_CYCLIC; |= CERT_TRUST_IS_CYCLIC | CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
/* Release remaining certs */ /* Release remaining certs */
for (i = cyclicCertIndex + 1; i < chain->cElement; i++) for (i = cyclicCertIndex + 1; i < chain->cElement; i++)
CRYPT_FreeChainElement(chain->rgpElement[i]); CRYPT_FreeChainElement(chain->rgpElement[i]);
@ -766,6 +766,15 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
constraints.dwPathLenConstraint--; constraints.dwPathLenConstraint--;
} }
} }
if (CRYPT_IsSimpleChainCyclic(chain))
{
/* If the chain is cyclic, then the path length constraints
* are violated, because the chain is infinitely long.
*/
pathLengthConstraintViolated = TRUE;
chain->TrustStatus.dwErrorStatus |=
CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
}
/* FIXME: check valid usages */ /* FIXME: check valid usages */
CRYPT_CombineTrustStatus(&chain->TrustStatus, CRYPT_CombineTrustStatus(&chain->TrustStatus,
&chain->rgpElement[i]->TrustStatus); &chain->rgpElement[i]->TrustStatus);

5
dlls/crypt32/tests/chain.c
View File

@ -1521,7 +1521,7 @@ static ChainCheck chainCheck[] = {
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT | { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 }, CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
1, simpleStatus9 }, 1, simpleStatus9 },
TODO_ERROR | TODO_INFO }, TODO_INFO },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 }, { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 }, { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 },
@ -1743,8 +1743,7 @@ static ChainPolicyCheck basicConstraintsPolicyCheck[] = {
{ 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS }, TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 }, { { sizeof(chain9) / sizeof(chain9[0]), chain9 },
{ 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 },
TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 }, { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ 0, 0, -1, -1, NULL }, 0 }, { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain11) / sizeof(chain11[0]), chain11 }, { { sizeof(chain11) / sizeof(chain11[0]), chain11 },