Thomas Faber : advapi32: Fix uneven length handling in CredUnmarshalCredential. - wine-commits

31 Mar 2014

Module: wine
Branch: master
Commit: 6754c35589709c033d30ca593de90fa55f25b4e4
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=6754c35589709c033d30ca593d...
Author: Thomas Faber thomas.faber@reactos.org
Date:   Fri Mar 28 10:21:06 2014 +0100
advapi32: Fix uneven length handling in CredUnmarshalCredential.
---
dlls/advapi32/cred.c       |    2 +-
 dlls/advapi32/tests/cred.c |   18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/dlls/advapi32/cred.c b/dlls/advapi32/cred.c
index 9ecfaee..fdd5645 100644
--- a/dlls/advapi32/cred.c
+++ b/dlls/advapi32/cred.c
@@ -2100,7 +2100,7 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
         DWORD size;
if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
-            !size || size % sizeof(WCHAR) || size > INT_MAX)
+            size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
         {
             SetLastError( ERROR_INVALID_PARAMETER );
             return FALSE;
diff --git a/dlls/advapi32/tests/cred.c b/dlls/advapi32/tests/cred.c
index de05e30..0ee08ef 100644
--- a/dlls/advapi32/tests/cred.c
+++ b/dlls/advapi32/tests/cred.c
@@ -566,6 +566,8 @@ static void test_CredUnmarshalCredentialA(void)
     static const UCHAR cert_empty[CERT_HASH_LENGTH] = {0};
     static const UCHAR cert_wine[CERT_HASH_LENGTH] = {'W','i','n','e',0};
     static const WCHAR tW[] = {'t',0};
+    static const WCHAR teW[] = {'t','e',0};
+    static const WCHAR tesW[] = {'t','e','s',0};
     static const WCHAR testW[] = {'t','e','s','t',0};
     void *p;
     CERT_CREDENTIAL_INFO *cert;
@@ -593,6 +595,8 @@ static void test_CredUnmarshalCredentialA(void)
         { "@@-", 63, NULL },
         { "@@B", CertCredential, NULL },
         { "@@BA", CertCredential, NULL },
+        { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, NULL },
+        { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, NULL },
         { "@@BAAAAAAAAAAAAAAAAAAAAAAAAAAA", CertCredential, cert_empty },
         { "@@BXlmblBAAAAAAAAAAAAAAAAAAAAA", CertCredential, cert_wine },
         { "@@C", UsernameTargetCredential, NULL },
@@ -601,6 +605,20 @@ static void test_CredUnmarshalCredentialA(void)
         { "@@CAAAAAA0B", UsernameTargetCredential, NULL },
         { "@@CAAAAAA0BA", UsernameTargetCredential, NULL },
         { "@@CCAAAAA0BA", UsernameTargetCredential, tW },
+        { "@@CEAAAAA0BA", UsernameTargetCredential, NULL },
+        { "@@CEAAAAA0BAd", UsernameTargetCredential, NULL },
+        { "@@CEAAAAA0BAdA", UsernameTargetCredential, NULL },
+        { "@@CEAAAAA0BQZAA", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAQ", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAg", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAw", UsernameTargetCredential, teW },
+        { "@@CEAAAAA0BQZAAA", UsernameTargetCredential, NULL },
+        { "@@CGAAAAA0BQZAMH", UsernameTargetCredential, NULL },
+        { "@@CGAAAAA0BQZAMHA", UsernameTargetCredential, tesW },
+        { "@@CGAAAAA0BQZAMHAA", UsernameTargetCredential, NULL },
+        { "@@CCAAAAA0BAA", UsernameTargetCredential, NULL },
+        { "@@CBAAAAA0BAA", UsernameTargetCredential, NULL },
+        { "@@CAgAAAA0BAA", UsernameTargetCredential, NULL },
         { "@@CIAAAAA0BQZAMHA0BA", UsernameTargetCredential, testW },
         { "@@CA-----0BQZAMHA0BA", UsernameTargetCredential, NULL },
     };

    