Module: wine Branch: master Commit: 34aaabca830018d6a5212e0a91f3a25032601fc3 URL: http://source.winehq.org/git/wine.git/?a=commit;h=34aaabca830018d6a5212e0a91...
Author: Juan Lang juan.lang@gmail.com Date: Mon Sep 17 17:26:51 2007 -0700
crypt32: Allow indefinite-length encoding of sequence items.
---
dlls/crypt32/decode.c | 40 +++++++++++++++++++++++++++++++--------- 1 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c index 7b231ea..0de2e6a 100644 --- a/dlls/crypt32/decode.c +++ b/dlls/crypt32/decode.c @@ -310,8 +310,8 @@ static BOOL CRYPT_AsnDecodeSequenceItems(struct AsnDecodeSequenceItem items[], { DWORD nextItemLen;
- if ((ret = CRYPT_GetLen(ptr, cbEncoded - (ptr - pbEncoded), - &nextItemLen))) + if ((ret = CRYPT_GetLengthIndefinite(ptr, + cbEncoded - (ptr - pbEncoded), &nextItemLen))) { BYTE nextItemLenBytes = GET_LEN_BYTES(ptr[1]);
@@ -326,15 +326,21 @@ static BOOL CRYPT_AsnDecodeSequenceItems(struct AsnDecodeSequenceItem items[], } if (items[i].decodeFunc) { + DWORD nextItemEncodedLen, nextItemDecoded; + + if (nextItemLen == CMSG_INDEFINITE_LENGTH) + nextItemEncodedLen = cbEncoded - (ptr - pbEncoded); + else + nextItemEncodedLen = 1 + nextItemLenBytes + + nextItemLen; if (pvStructInfo) TRACE("decoding item %d\n", i); else TRACE("sizing item %d\n", i); - ret = items[i].decodeFunc(ptr, - 1 + nextItemLenBytes + nextItemLen, + ret = items[i].decodeFunc(ptr, nextItemEncodedLen, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, pvStructInfo ? (BYTE *)pvStructInfo + items[i].offset - : NULL, &items[i].size, NULL); + : NULL, &items[i].size, &nextItemDecoded); if (ret) { /* Account for alignment padding */ @@ -345,10 +351,20 @@ static BOOL CRYPT_AsnDecodeSequenceItems(struct AsnDecodeSequenceItem items[], if (nextData && items[i].hasPointer && items[i].size > items[i].minSize) nextData += items[i].size - items[i].minSize; - ptr += 1 + nextItemLenBytes + nextItemLen; - decoded += 1 + nextItemLenBytes + nextItemLen; - TRACE("item %d: decoded %d bytes\n", i, - 1 + nextItemLenBytes + nextItemLen); + if (nextItemDecoded > nextItemEncodedLen) + { + WARN("decoded length %d exceeds encoded %d\n", + nextItemDecoded, nextItemEncodedLen); + SetLastError(CRYPT_E_ASN1_CORRUPT); + ret = FALSE; + } + else + { + ptr += nextItemDecoded; + decoded += nextItemDecoded; + TRACE("item %d: decoded %d bytes\n", i, + nextItemDecoded); + } } else if (items[i].optional && GetLastError() == CRYPT_E_ASN1_BADTAG) @@ -362,6 +378,12 @@ static BOOL CRYPT_AsnDecodeSequenceItems(struct AsnDecodeSequenceItem items[], TRACE("item %d failed: %08x\n", i, GetLastError()); } + else if (nextItemLen == CMSG_INDEFINITE_LENGTH) + { + ERR("can't use indefinite length encoding without a decoder\n"); + SetLastError(CRYPT_E_ASN1_CORRUPT); + ret = FALSE; + } else { TRACE("item %d: decoded %d bytes\n", i,
-
Alexandre Julliard