From: Michael Green <bsmntoid@gmail.com> This reverts commit d94acc1faea1d954d06a1ac7a320b419a24da655 --- dlls/winhttp/session.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dlls/winhttp/session.c b/dlls/winhttp/session.c index 6e94c252c73..de34e7c862c 100644 --- a/dlls/winhttp/session.c +++ b/dlls/winhttp/session.c @@ -834,6 +834,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void } case WINHTTP_OPTION_SERVER_CERT_CHAIN_CONTEXT: { + const CERT_CONTEXT *cert; const CERT_CHAIN_CONTEXT *cert_chain; char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH; @@ -844,7 +845,10 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void chainPara.RequestedUsage.Usage.cUsageIdentifier = 1; chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = server_auth; - if (!CertGetCertificateChain(NULL, request->server_cert, NULL, NULL, &chainPara, 0, NULL, &cert_chain)) return FALSE; + if (!validate_buffer( buffer, buflen, sizeof(cert) )) return FALSE; + if (!(cert = CertDuplicateCertificateContext( request -> server_cert ))) return FALSE; + + if (!CertGetCertificateChain(NULL, cert, NULL, NULL, &chainPara, 0, NULL, &cert_chain)) return FALSE; *(CERT_CHAIN_CONTEXT **)buffer = (CERT_CHAIN_CONTEXT *)cert_chain; *buflen = sizeof(cert_chain); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10357