From: Jakub Petrzilka kubapet@gmail.com
Some applications apparently attempts to decrypt empty strings in some edge cases which currently lead to page fault.
Wine-Bug https://bugs.winehq.org/show_bug.cgi?id=57042 --- dlls/advapi32/tests/crypt.c | 4 ++++ dlls/rsaenh/rsaenh.c | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/tests/crypt.c b/dlls/advapi32/tests/crypt.c index 8b25cb24f16..dfdcd0ce5ad 100644 --- a/dlls/advapi32/tests/crypt.c +++ b/dlls/advapi32/tests/crypt.c @@ -315,6 +315,10 @@ static void test_incorrect_api_usage(void) result = CryptGenKey(0, CALG_RC4, 0, &hKey); ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%ld\n", GetLastError());
+ dwLen = 0; + SetLastError(0xdeadbeef); + result = CryptDecrypt(hKey, 0, TRUE, 0, &temp, &dwLen); + ok (!result && GetLastError() == NTE_BAD_LEN, "%lx\n", GetLastError()); dwLen = 1; result = CryptDecrypt(hKey, 0, TRUE, 0, &temp, &dwLen); ok (result, "%ld\n", GetLastError()); diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c index 25aba026152..f091f0f098b 100644 --- a/dlls/rsaenh/rsaenh.c +++ b/dlls/rsaenh/rsaenh.c @@ -2763,6 +2763,12 @@ BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, return FALSE; }
+ if (!*pdwDataLen) + { + SetLastError(NTE_BAD_LEN); + return FALSE; + } + dwMax=*pdwDataLen;
if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) { @@ -2798,7 +2804,7 @@ BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, memcpy(in, out, pCryptKey->dwBlockLen); } if (Final) { - if (*pdwDataLen >=1 && + if ( pbData[*pdwDataLen-1] && pbData[*pdwDataLen-1] <= pCryptKey->dwBlockLen && pbData[*pdwDataLen-1] <= *pdwDataLen) {