advapi32: Fix uneven length handling in CredUnmarshalCredential.

6754c355 · Thomas Faber · Alexandre Julliard · 309b5366 · 6754c355 · 6754c355
Commit 6754c355 authored Mar 28, 2014 by Thomas Faber Committed by Alexandre Julliard Mar 31, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletion

cred.c dlls/advapi32/cred.c +1 -1

cred.c dlls/advapi32/tests/cred.c +18 -0

No files found.
--- a/dlls/advapi32/cred.c
+++ b/dlls/advapi32/cred.c
@@ -2100,7 +2100,7 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
        DWORD size;

        if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
-            !size || size % sizeof(WCHAR) || size > INT_MAX)
+            size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
        {
            SetLastError( ERROR_INVALID_PARAMETER );
            return FALSE;

--- a/dlls/advapi32/tests/cred.c
+++ b/dlls/advapi32/tests/cred.c
@@ -566,6 +566,8 @@ static void test_CredUnmarshalCredentialA(void)
    static const UCHAR cert_empty[CERT_HASH_LENGTH] = {0};
    static const UCHAR cert_wine[CERT_HASH_LENGTH] = {'W','i','n','e',0};
    static const WCHAR tW[] = {'t',0};
+    static const WCHAR teW[] = {'t','e',0};
+    static const WCHAR tesW[] = {'t','e','s',0};
    static const WCHAR testW[] = {'t','e','s','t',0};
    void *p;
    CERT_CREDENTIAL_INFO *cert;
@@ -593,6 +595,8 @@ static void test_CredUnmarshalCredentialA(void)
        { "@@-", 63, NULL },
        { "@@B", CertCredential, NULL },
        { "@@BA", CertCredential, NULL },
+        { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, NULL },
+        { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, NULL },
        { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, cert_empty },
        { "@@BXlmblBAAAAAAAAAAAAAAAAAAAAA", CertCredential, cert_wine },
        { "@@C", UsernameTargetCredential, NULL },
@@ -601,6 +605,20 @@ static void test_CredUnmarshalCredentialA(void)
        { "@@CAAAAAA0B", UsernameTargetCredential, NULL },
        { "@@CAAAAAA0BA", UsernameTargetCredential, NULL },
        { "@@CCAAAAA0BA", UsernameTargetCredential, tW },
+        { "@@CEAAAAA0BA", UsernameTargetCredential, NULL },
+        { "@@CEAAAAA0BAd", UsernameTargetCredential, NULL },
+        { "@@CEAAAAA0BAdA", UsernameTargetCredential, NULL },
+        { "@@CEAAAAA0BQZAA", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAQ", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAg", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAw", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAAA", UsernameTargetCredential, NULL },
+        { "@@CGAAAAA0BQZAMH", UsernameTargetCredential, NULL },
+        { "@@CGAAAAA0BQZAMHA", UsernameTargetCredential, tesW },
+        { "@@CGAAAAA0BQZAMHAA", UsernameTargetCredential, NULL },
+        { "@@CCAAAAA0BAA", UsernameTargetCredential, NULL },
+        { "@@CBAAAAA0BAA", UsernameTargetCredential, NULL },
+        { "@@CAgAAAA0BAA", UsernameTargetCredential, NULL },
        { "@@CIAAAAA0BQZAMHA0BA", UsernameTargetCredential, testW },
        { "@@CA-----0BQZAMHA0BA", UsernameTargetCredential, NULL },
    };