crypt32: Don't crash when asked to verify a signature before the content has been finalized.

b7d26dc9 · Juan Lang · Alexandre Julliard · f98eb4a8 · b7d26dc9
Commit b7d26dc9 authored Sep 08, 2008 by Juan Lang Committed by Alexandre Julliard Sep 09, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

msg.c dlls/crypt32/msg.c +7 -0

No files found.
--- a/dlls/crypt32/msg.c
+++ b/dlls/crypt32/msg.c
@@ -2554,6 +2554,11 @@ static BOOL CDecodeSignedMsg_VerifySignature(CDecodeMsg *msg, PCERT_INFO info)
    BOOL ret = FALSE;
    DWORD i;

+    if (!msg->u.signed_data.signerHandles)
+    {
+        SetLastError(NTE_BAD_SIGNATURE);
+        return FALSE;
+    }
    for (i = 0; !ret && i < msg->u.signed_data.info->cSignerInfo; i++)
    {
        PCMSG_CMS_SIGNER_INFO signerInfo =
@@ -2596,6 +2601,8 @@ static BOOL CDecodeSignedMsg_VerifySignatureEx(CDecodeMsg *msg,
        SetLastError(ERROR_INVALID_PARAMETER);
    else if (para->dwSignerIndex >= msg->u.signed_data.info->cSignerInfo)
        SetLastError(CRYPT_E_SIGNER_NOT_FOUND);
+    else if (!msg->u.signed_data.signerHandles)
+        SetLastError(NTE_BAD_SIGNATURE);
    else
    {
        switch (para->dwSignerType)