When decoding a signed cert, make sure it's really a cert.

807b11b3 · Juan Lang · Alexandre Julliard · e4b2a0bb · 807b11b3 · 807b11b3
Commit 807b11b3 authored Sep 12, 2005 by Juan Lang Committed by Alexandre Julliard Sep 12, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 1 deletion

cert.c dlls/crypt32/cert.c +14 -1

cert.c dlls/crypt32/tests/cert.c +13 -0

No files found.
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1786,6 +1786,7 @@ static PWINE_CERT_CONTEXT CRYPT_CreateCertificateContext(
 {
    PWINE_CERT_CONTEXT cert = NULL;
    BOOL ret;
+    PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
    PCERT_INFO certInfo = NULL;
    DWORD size = 0;

@@ -1795,13 +1796,25 @@ static PWINE_CERT_CONTEXT CRYPT_CreateCertificateContext(
    /* First try to decode it as a signed cert. */
    ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, pbCertEncoded,
     cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
-     (BYTE *)&certInfo, &size);
+     (BYTE *)&signedCert, &size);
+    if (ret)
+    {
+        size = 0;
+        ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
+         signedCert->ToBeSigned.pbData, signedCert->ToBeSigned.cbData,
+         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+         (BYTE *)&certInfo, &size);
+        LocalFree(signedCert);
+    }
    /* Failing that, try it as an unsigned cert */
    if (!ret)
+    {
+        size = 0;
        ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
         pbCertEncoded, cbCertEncoded,
         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
         (BYTE *)&certInfo, &size);
+    }
    if (ret)
    {
        BYTE *data = NULL;

--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -110,6 +110,12 @@ static const BYTE serializedCert[] = { 0x20, 0x00, 0x00, 0x00,
 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
 0x01, 0x01 };
+static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
+ 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
+ 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
+ 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };

 static void testMemStore(void)
 {
@@ -167,6 +173,13 @@ static void testMemStore(void)
        ok(ret, "CertDeleteCertificateFromStore failed: %08lx\n",
         GetLastError());
    }
+    /* try adding a "signed" CRL as a cert */
+    ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
+     signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
+    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG || GetLastError() ==
+     CRYPT_E_ASN1_CORRUPT),
+     "Expected CRYPT_E_ASN1_BADTAG or CRYPT_E_ASN1_CORRUPT, got %08lx\n",
+     GetLastError());
    /* add a cert to store1 */
    ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING, bigCert,
     sizeof(bigCert) - 1, CERT_STORE_ADD_ALWAYS, &context);