Juan Lang : crypt32: Don' t leak buffer when a unicode string contains an invalid character.
Module: wine Branch: master Commit: f64d6004944d57076e4231008829dbab3c043445 URL: http://source.winehq.org/git/wine.git/?a=commit;h=f64d6004944d57076e42310088...
Author: Juan Lang juan.lang@gmail.com Date: Thu Nov 1 10:07:11 2007 -0700
crypt32: Don't leak buffer when a unicode string contains an invalid character.
---
dlls/crypt32/encode.c | 45 ++++++++++++++++++++++++++++++--------------- 1 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/dlls/crypt32/encode.c b/dlls/crypt32/encode.c index c3d7209..6d5d152 100644 --- a/dlls/crypt32/encode.c +++ b/dlls/crypt32/encode.c @@ -1579,16 +1579,19 @@ static BOOL CRYPT_AsnEncodeNumericString(const CERT_NAME_VALUE *value, pbEncoded, pcbEncoded, bytesNeeded))) { DWORD i; + BYTE *ptr;
if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) - pbEncoded = *(BYTE **)pbEncoded; - *pbEncoded++ = ASN_NUMERICSTRING; - CRYPT_EncodeLen(encodedLen, pbEncoded, &lenBytes); - pbEncoded += lenBytes; + ptr = *(BYTE **)pbEncoded; + else + ptr = pbEncoded; + *ptr++ = ASN_NUMERICSTRING; + CRYPT_EncodeLen(encodedLen, ptr, &lenBytes); + ptr += lenBytes; for (i = 0; ret && i < encodedLen; i++) { if (isdigitW(str[i])) - *pbEncoded++ = (BYTE)str[i]; + *ptr++ = (BYTE)str[i]; else { *pcbEncoded = i; @@ -1596,6 +1599,8 @@ static BOOL CRYPT_AsnEncodeNumericString(const CERT_NAME_VALUE *value, ret = FALSE; } } + if (!ret && (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)) + CryptMemFree(*(BYTE **)pbEncoded); } } return ret; @@ -1628,16 +1633,19 @@ static BOOL CRYPT_AsnEncodePrintableString(const CERT_NAME_VALUE *value, pbEncoded, pcbEncoded, bytesNeeded))) { DWORD i; + BYTE *ptr;
if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) - pbEncoded = *(BYTE **)pbEncoded; - *pbEncoded++ = ASN_PRINTABLESTRING; - CRYPT_EncodeLen(encodedLen, pbEncoded, &lenBytes); - pbEncoded += lenBytes; + ptr = *(BYTE **)pbEncoded; + else + ptr = pbEncoded; + *ptr++ = ASN_PRINTABLESTRING; + CRYPT_EncodeLen(encodedLen, ptr, &lenBytes); + ptr += lenBytes; for (i = 0; ret && i < encodedLen; i++) { if (isprintableW(str[i])) - *pbEncoded++ = (BYTE)str[i]; + *ptr++ = (BYTE)str[i]; else { *pcbEncoded = i; @@ -1645,6 +1653,8 @@ static BOOL CRYPT_AsnEncodePrintableString(const CERT_NAME_VALUE *value, ret = FALSE; } } + if (!ret && (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)) + CryptMemFree(*(BYTE **)pbEncoded); } } return ret; @@ -1670,16 +1680,19 @@ static BOOL CRYPT_AsnEncodeIA5String(const CERT_NAME_VALUE *value, pbEncoded, pcbEncoded, bytesNeeded))) { DWORD i; + BYTE *ptr;
if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) - pbEncoded = *(BYTE **)pbEncoded; - *pbEncoded++ = ASN_IA5STRING; - CRYPT_EncodeLen(encodedLen, pbEncoded, &lenBytes); - pbEncoded += lenBytes; + ptr = *(BYTE **)pbEncoded; + else + ptr = pbEncoded; + *ptr++ = ASN_IA5STRING; + CRYPT_EncodeLen(encodedLen, ptr, &lenBytes); + ptr += lenBytes; for (i = 0; ret && i < encodedLen; i++) { if (str[i] <= 0x7f) - *pbEncoded++ = (BYTE)str[i]; + *ptr++ = (BYTE)str[i]; else { *pcbEncoded = i; @@ -1687,6 +1700,8 @@ static BOOL CRYPT_AsnEncodeIA5String(const CERT_NAME_VALUE *value, ret = FALSE; } } + if (!ret && (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)) + CryptMemFree(*(BYTE **)pbEncoded); } } return ret;
-
Alexandre Julliard