crypt32: CryptMsgUpdate should skip broken certificates.

CertOpenStore() already verifies the certificate before adding it to the memory store from the file, this patch makes CryptMsgUpdate() behave in a similar way. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=45757Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

crypt32: CryptMsgUpdate should skip broken certificates.
18756204 · Dmitry Timoshkov · Alexandre Julliard · 9fcb2c88 · 18756204
Commit 18756204 authored Apr 30, 2019 by Dmitry Timoshkov Committed by Alexandre Julliard Apr 30, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 1 deletion

decode.c dlls/crypt32/decode.c +27 -1

No files found.
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@@ -683,6 +683,13 @@ static BOOL CRYPT_AsnDecodeArray(const struct AsnArrayDescriptor *arrayDesc,
                             &itemDecoded);
                        if (ret)
                        {
+                            /* Ignore an item that failed to decode but the decoder doesn't want to fail the whole process */
+                            if (!size)
+                            {
+                                ptr += itemEncoded;
+                                continue;
+                            }
+
                            cItems++;
                            if (itemSizes != &itemSize)
                                itemSizes = CryptMemRealloc(itemSizes,
@@ -5628,6 +5635,25 @@ static BOOL WINAPI CRYPT_AsnDecodePKCSSignerInfo(DWORD dwCertEncodingType,
    return ret;
 }

+static BOOL verify_and_copy_certificate(const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
+                                        void *pvStructInfo, DWORD *pcbStructInfo, DWORD *pcbDecoded)
+{
+    PCCERT_CONTEXT cert;
+
+    cert = CertCreateCertificateContext(X509_ASN_ENCODING, pbEncoded, cbEncoded);
+    if (!cert)
+    {
+        WARN("CertCreateCertificateContext error %#x\n", GetLastError());
+        *pcbStructInfo = 0;
+        *pcbDecoded = 0;
+        return TRUE;
+    }
+
+    CertFreeCertificateContext(cert);
+
+    return CRYPT_AsnDecodeCopyBytes(pbEncoded, cbEncoded, dwFlags, pvStructInfo, pcbStructInfo, pcbDecoded);
+}
+
 static BOOL CRYPT_AsnDecodeCMSCertEncoded(const BYTE *pbEncoded,
 DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo,
 DWORD *pcbDecoded)
@@ -5637,7 +5663,7 @@ static BOOL CRYPT_AsnDecodeCMSCertEncoded(const BYTE *pbEncoded,
     offsetof(CRYPT_SIGNED_INFO, cCertEncoded),
     offsetof(CRYPT_SIGNED_INFO, rgCertEncoded),
     MEMBERSIZE(CRYPT_SIGNED_INFO, cCertEncoded, cCrlEncoded),
-     CRYPT_AsnDecodeCopyBytes,
+     verify_and_copy_certificate,
     sizeof(CRYPT_DER_BLOB), TRUE, offsetof(CRYPT_DER_BLOB, pbData) };

    TRACE("%p, %d, %08x, %p, %d, %p\n", pbEncoded, cbEncoded, dwFlags,