rsaenh: Fix crash in RSAENH_CPVerifySignature if pbSignature is set to NULL or if dwSigLen is lesser than the expected value.

This commit is contained in:
Mounir IDRASSI 2007-05-15 00:35:46 +02:00 committed by Alexandre Julliard
parent 2e9fa34d67
commit e61eddd6a5
2 changed files with 27 additions and 0 deletions

View File

@ -3611,6 +3611,21 @@ BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST B
return FALSE;
}
/* in Microsoft implementation, the signature length is checked before
* the signature pointer.
*/
if (dwSigLen != pCryptKey->dwKeyLen)
{
SetLastError(NTE_BAD_SIGNATURE);
return FALSE;
}
if (!hHash || !pbSignature)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (sDescription) {
if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription,
(DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))

View File

@ -1043,6 +1043,18 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError());
if (!result) return;
/*check that a NULL pointer signature is correctly handled*/
result = CryptVerifySignature(hHash, NULL, 128, hPubSignKey, NULL, 0);
ok(!result && ERROR_INVALID_PARAMETER == GetLastError(),
"Expected ERROR_INVALID_PARAMETER error, got %08x\n", GetLastError());
if (result) return;
/* check that we get a bad signature error when the signature is too short*/
result = CryptVerifySignature(hHash, abSignatureMD2, 64, hPubSignKey, NULL, 0);
ok(!result && NTE_BAD_SIGNATURE == GetLastError(),
"Expected NTE_BAD_SIGNATURE error, got %08x\n", GetLastError());
if (result) return;
result = CryptVerifySignature(hHash, abSignatureMD2, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError());
if (!result) return;