From f64d6004944d57076e4231008829dbab3c043445 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Thu, 1 Nov 2007 10:07:11 -0700 Subject: [PATCH] crypt32: Don't leak buffer when a unicode string contains an invalid character. --- dlls/crypt32/encode.c | 45 ++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/dlls/crypt32/encode.c b/dlls/crypt32/encode.c index c3d7209409c..6d5d152147e 100644 --- a/dlls/crypt32/encode.c +++ b/dlls/crypt32/encode.c @@ -1579,16 +1579,19 @@ static BOOL CRYPT_AsnEncodeNumericString(const CERT_NAME_VALUE *value, pbEncoded, pcbEncoded, bytesNeeded))) { DWORD i; + BYTE *ptr; if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) - pbEncoded = *(BYTE **)pbEncoded; - *pbEncoded++ = ASN_NUMERICSTRING; - CRYPT_EncodeLen(encodedLen, pbEncoded, &lenBytes); - pbEncoded += lenBytes; + ptr = *(BYTE **)pbEncoded; + else + ptr = pbEncoded; + *ptr++ = ASN_NUMERICSTRING; + CRYPT_EncodeLen(encodedLen, ptr, &lenBytes); + ptr += lenBytes; for (i = 0; ret && i < encodedLen; i++) { if (isdigitW(str[i])) - *pbEncoded++ = (BYTE)str[i]; + *ptr++ = (BYTE)str[i]; else { *pcbEncoded = i; @@ -1596,6 +1599,8 @@ static BOOL CRYPT_AsnEncodeNumericString(const CERT_NAME_VALUE *value, ret = FALSE; } } + if (!ret && (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)) + CryptMemFree(*(BYTE **)pbEncoded); } } return ret; @@ -1628,16 +1633,19 @@ static BOOL CRYPT_AsnEncodePrintableString(const CERT_NAME_VALUE *value, pbEncoded, pcbEncoded, bytesNeeded))) { DWORD i; + BYTE *ptr; if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) - pbEncoded = *(BYTE **)pbEncoded; - *pbEncoded++ = ASN_PRINTABLESTRING; - CRYPT_EncodeLen(encodedLen, pbEncoded, &lenBytes); - pbEncoded += lenBytes; + ptr = *(BYTE **)pbEncoded; + else + ptr = pbEncoded; + *ptr++ = ASN_PRINTABLESTRING; + CRYPT_EncodeLen(encodedLen, ptr, &lenBytes); + ptr += lenBytes; for (i = 0; ret && i < encodedLen; i++) { if (isprintableW(str[i])) - *pbEncoded++ = (BYTE)str[i]; + *ptr++ = (BYTE)str[i]; else { *pcbEncoded = i; @@ -1645,6 +1653,8 @@ static BOOL CRYPT_AsnEncodePrintableString(const CERT_NAME_VALUE *value, ret = FALSE; } } + if (!ret && (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)) + CryptMemFree(*(BYTE **)pbEncoded); } } return ret; @@ -1670,16 +1680,19 @@ static BOOL CRYPT_AsnEncodeIA5String(const CERT_NAME_VALUE *value, pbEncoded, pcbEncoded, bytesNeeded))) { DWORD i; + BYTE *ptr; if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) - pbEncoded = *(BYTE **)pbEncoded; - *pbEncoded++ = ASN_IA5STRING; - CRYPT_EncodeLen(encodedLen, pbEncoded, &lenBytes); - pbEncoded += lenBytes; + ptr = *(BYTE **)pbEncoded; + else + ptr = pbEncoded; + *ptr++ = ASN_IA5STRING; + CRYPT_EncodeLen(encodedLen, ptr, &lenBytes); + ptr += lenBytes; for (i = 0; ret && i < encodedLen; i++) { if (str[i] <= 0x7f) - *pbEncoded++ = (BYTE)str[i]; + *ptr++ = (BYTE)str[i]; else { *pcbEncoded = i; @@ -1687,6 +1700,8 @@ static BOOL CRYPT_AsnEncodeIA5String(const CERT_NAME_VALUE *value, ret = FALSE; } } + if (!ret && (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)) + CryptMemFree(*(BYTE **)pbEncoded); } } return ret;