rsaenh: Fix crash in RSAENH_CPVerifySignature if pbSignature is set to NULL or…

rsaenh: Fix crash in RSAENH_CPVerifySignature if pbSignature is set to NULL or if dwSigLen is lesser than the expected value.

rsaenh: Fix crash in RSAENH_CPVerifySignature if pbSignature is set to NULL or…
e61eddd6 · Mounir IDRASSI · Alexandre Julliard · 2e9fa34d · e61eddd6 · e61eddd6
Commit e61eddd6 authored May 15, 2007 by Mounir IDRASSI Committed by Alexandre Julliard May 15, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 0 deletions

rsaenh.c dlls/rsaenh/rsaenh.c +15 -0

rsaenh.c dlls/rsaenh/tests/rsaenh.c +12 -0

No files found.
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@@ -3611,6 +3611,21 @@ BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST B
        return FALSE;
    }

+    /* in Microsoft implementation, the signature length is checked before
+     * the signature pointer.
+     */
+    if (dwSigLen != pCryptKey->dwKeyLen)
+    {
+        SetLastError(NTE_BAD_SIGNATURE);
+        return FALSE;
+    }
+
+    if (!hHash || !pbSignature)
+    {
+        SetLastError(ERROR_INVALID_PARAMETER);
+        return FALSE;
+    }
+
    if (sDescription) {
        if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription, 
                                (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))

--- a/dlls/rsaenh/tests/rsaenh.c
+++ b/dlls/rsaenh/tests/rsaenh.c
@@ -1043,6 +1043,18 @@ static void test_verify_signature(void) {
    ok(result, "%08x\n", GetLastError());
    if (!result) return;

+    /*check that a NULL pointer signature is correctly handled*/
+    result = CryptVerifySignature(hHash, NULL, 128, hPubSignKey, NULL, 0);
+    ok(!result && ERROR_INVALID_PARAMETER == GetLastError(),
+     "Expected ERROR_INVALID_PARAMETER error, got %08x\n", GetLastError());
+    if (result) return;
+
+    /* check that we get a bad signature error when the signature is too short*/
+    result = CryptVerifySignature(hHash, abSignatureMD2, 64, hPubSignKey, NULL, 0);
+    ok(!result && NTE_BAD_SIGNATURE == GetLastError(),
+     "Expected NTE_BAD_SIGNATURE error, got %08x\n", GetLastError());
+    if (result) return;
+
    result = CryptVerifySignature(hHash, abSignatureMD2, 128, hPubSignKey, NULL, 0);
    ok(result, "%08x\n", GetLastError());
    if (!result) return;