rsaenh: fix crash in RSAENH_CPVerifySignature if pbSignature is set
to NULL or if dwSigLen is lesser than the expected value
Mounir IDRASSI
mounir.idrassi at idrix.fr
Mon May 14 17:35:46 CDT 2007
Hi,
This patch corrects a crash that occur in RSAENH_CPVerifySignature when
a NULL pointer pbSignature is passed to it or if the input signature is
shorter than the correct length.
Mounir IDRASSI
IDRIX - Cryptography and IT Security Experts
http://www.idrix.fr
-------------- next part --------------
>From b4d2206cba0b3ea98bea2e9ba374a95e64e7c305 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi at idrix.fr>
Date: Tue, 15 May 2007 00:27:41 +0200
Subject: rsaenh: fix crash in RSAENH_CPVerifySignature if pbSignature is set to NULL or if dwSigLen is lesser than the expected value
---
dlls/rsaenh/rsaenh.c | 15 +++++++++++++++
dlls/rsaenh/tests/rsaenh.c | 12 ++++++++++++
2 files changed, 27 insertions(+), 0 deletions(-)
diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c
index 3e7ac8e..ca9e4a9 100644
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@@ -3611,6 +3611,21 @@ BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST B
return FALSE;
}
+ /* in Microsoft implementation, the signature length is checked before
+ * the signature pointer.
+ */
+ if (dwSigLen != pCryptKey->dwKeyLen)
+ {
+ SetLastError(NTE_BAD_SIGNATURE);
+ return FALSE;
+ }
+
+ if (!hHash || !pbSignature)
+ {
+ SetLastError(ERROR_INVALID_PARAMETER);
+ return FALSE;
+ }
+
if (sDescription) {
if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription,
(DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
diff --git a/dlls/rsaenh/tests/rsaenh.c b/dlls/rsaenh/tests/rsaenh.c
index 466a43c..5d17be2 100644
--- a/dlls/rsaenh/tests/rsaenh.c
+++ b/dlls/rsaenh/tests/rsaenh.c
@@ -1043,6 +1043,18 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError());
if (!result) return;
+ /*check that a NULL pointer signature is correctly handled*/
+ result = CryptVerifySignature(hHash, NULL, 128, hPubSignKey, NULL, 0);
+ ok(!result && ERROR_INVALID_PARAMETER == GetLastError(),
+ "Expected ERROR_INVALID_PARAMETER error, got %08x\n", GetLastError());
+ if (result) return;
+
+ /* check that we get a bad signature error when the signature is too short*/
+ result = CryptVerifySignature(hHash, abSignatureMD2, 64, hPubSignKey, NULL, 0);
+ ok(!result && NTE_BAD_SIGNATURE == GetLastError(),
+ "Expected NTE_BAD_SIGNATURE error, got %08x\n", GetLastError());
+ if (result) return;
+
result = CryptVerifySignature(hHash, abSignatureMD2, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError());
if (!result) return;
--
1.4.4.2
More information about the wine-patches
mailing list