[PATCH v3 1/1] rsaenh: Don't crash when decrypting empty strings

7 Aug 2024

From: Jakub Petrzilka kubapet@gmail.com
Some applications apparently attempts to decrypt empty strings in some edge cases which currently lead to page fault.
Wine-Bug https://bugs.winehq.org/show_bug.cgi?id=57042
---
 dlls/advapi32/tests/crypt.c | 4 ++++
 dlls/rsaenh/rsaenh.c        | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/dlls/advapi32/tests/crypt.c b/dlls/advapi32/tests/crypt.c
index 8b25cb24f16..dfdcd0ce5ad 100644
--- a/dlls/advapi32/tests/crypt.c
+++ b/dlls/advapi32/tests/crypt.c
@@ -315,6 +315,10 @@ static void test_incorrect_api_usage(void)
     result = CryptGenKey(0, CALG_RC4, 0, &hKey);
     ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%ld\n", GetLastError());
+    dwLen = 0;
+    SetLastError(0xdeadbeef);
+    result = CryptDecrypt(hKey, 0, TRUE, 0, &temp, &dwLen);
+    ok (!result && GetLastError() == NTE_BAD_LEN, "%lx\n", GetLastError());
     dwLen = 1;
     result = CryptDecrypt(hKey, 0, TRUE, 0, &temp, &dwLen);
     ok (result, "%ld\n", GetLastError());
diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c
index f854e35dfdf..7440aba7200 100644
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@@ -2763,6 +2763,12 @@ BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash,
         return FALSE;
     }
+    if (!*pdwDataLen)
+    {
+        SetLastError(NTE_BAD_LEN);
+        return FALSE;
+    }
+
     dwMax=*pdwDataLen;
if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/6221

    

2025

2024

2023

2022

[PATCH v3 1/1] rsaenh: Don't crash when decrypting empty strings