crypt32: Disallow embedded NULLs in alternate names.

25e8f278 · Juan Lang · Alexandre Julliard · ddf78bdb · 25e8f278 · 25e8f278
Commit 25e8f278 authored Nov 09, 2009 by Juan Lang Committed by Alexandre Julliard Nov 10, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

decode.c dlls/crypt32/decode.c +7 -1

encode.c dlls/crypt32/tests/encode.c +0 -2

No files found.
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@@ -2990,7 +2990,13 @@ static BOOL CRYPT_AsnDecodeAltNameEntry(const BYTE *pbEncoded, DWORD cbEncoded,
        case 1: /* rfc822Name */
        case 2: /* dNSName */
        case 6: /* uniformResourceIdentifier */
-            bytesNeeded += (dataLen + 1) * sizeof(WCHAR);
+            if (memchr(pbEncoded + 1 + lenBytes, 0, dataLen))
+            {
+                SetLastError(CRYPT_E_ASN1_RULE);
+                ret = FALSE;
+            }
+            else
+                bytesNeeded += (dataLen + 1) * sizeof(WCHAR);
            break;
        case 4: /* directoryName */
        case 7: /* iPAddress */

--- a/dlls/crypt32/tests/encode.c
+++ b/dlls/crypt32/tests/encode.c
@@ -1691,7 +1691,6 @@ static void test_decodeAltName(DWORD dwEncoding)
    /* Fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned about the
     * particular failure, just that it doesn't decode.
     */
-    todo_wine
    ok(!ret, "expected failure\n");
    /* An embedded bell character is allowed, however. */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
@@ -1715,7 +1714,6 @@ static void test_decodeAltName(DWORD dwEncoding)
    /* Again, fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned
     * about the particular failure, just that it doesn't decode.
     */
-    todo_wine
    ok(!ret, "expected failure\n");
 }