This field was not unitilized so it got a random value from the stack causing a later crash when it was dereferenced in Wintrust (SoftPubloadSignature).
-- v3: Sends the correct pointer to memset
From: "Philip K. Gisslow" ripxorip@gmail.com
This field was not unitilized so it got a random value from the stack causing a later crash when it was dereferenced in Wintrust (SoftPubloadSignature). --- dlls/msi/msi.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/msi/msi.c b/dlls/msi/msi.c index db04babb899..886c5d3ba6f 100644 --- a/dlls/msi/msi.c +++ b/dlls/msi/msi.c @@ -2556,6 +2556,7 @@ HRESULT WINAPI MsiGetFileSignatureInformationW( const WCHAR *path, DWORD flags, data.pwszURLReference = NULL; data.dwProvFlags = 0; data.dwUIContext = WTD_UICONTEXT_INSTALL; + data.pSignatureSettings = NULL; hr = WinVerifyTrustEx( INVALID_HANDLE_VALUE, &generic_verify_v2, &data ); *cert = NULL; if (FAILED(hr)) goto done;
From: "Philip K. Gisslow" ripxorip@gmail.com
As suggested by Nikolay and Zebediah --- dlls/msi/msi.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/dlls/msi/msi.c b/dlls/msi/msi.c index 886c5d3ba6f..29a50625a57 100644 --- a/dlls/msi/msi.c +++ b/dlls/msi/msi.c @@ -2544,19 +2544,15 @@ HRESULT WINAPI MsiGetFileSignatureInformationW( const WCHAR *path, DWORD flags, info.hFile = NULL; info.pgKnownSubject = NULL;
+ memset( data, 0, sizeof(data) ); data.cbStruct = sizeof(data); - data.pPolicyCallbackData = NULL; - data.pSIPClientData = NULL; data.dwUIChoice = WTD_UI_NONE; data.fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN; data.dwUnionChoice = WTD_CHOICE_FILE; data.u.pFile = &info; data.dwStateAction = WTD_STATEACTION_VERIFY; - data.hWVTStateData = NULL; - data.pwszURLReference = NULL; - data.dwProvFlags = 0; data.dwUIContext = WTD_UICONTEXT_INSTALL; - data.pSignatureSettings = NULL; + hr = WinVerifyTrustEx( INVALID_HANDLE_VALUE, &generic_verify_v2, &data ); *cert = NULL; if (FAILED(hr)) goto done;
From: "Philip K. Gisslow" ripxorip@gmail.com
--- dlls/msi/msi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/msi/msi.c b/dlls/msi/msi.c index 29a50625a57..3ebfd94a9f0 100644 --- a/dlls/msi/msi.c +++ b/dlls/msi/msi.c @@ -2544,7 +2544,7 @@ HRESULT WINAPI MsiGetFileSignatureInformationW( const WCHAR *path, DWORD flags, info.hFile = NULL; info.pgKnownSubject = NULL;
- memset( data, 0, sizeof(data) ); + memset( &data, 0, sizeof(data) ); data.cbStruct = sizeof(data); data.dwUIChoice = WTD_UI_NONE; data.fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN;
@ripxorip please squash these commits locally and then force push to have a single commit.
-
Nikolay Sivov (@nsivov) -
Philip K. Gisslow
-
Philip Karlsson Gisslow (@ripxorip)