From 807b11b3639f2a4089d58f04432bf90b0541e841 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan_lang@yahoo.com>
Date: Mon, 12 Sep 2005 10:08:34 +0000
Subject: [PATCH] When decoding a signed cert, make sure it's really a cert.

---
 dlls/crypt32/cert.c       | 15 ++++++++++++++-
 dlls/crypt32/tests/cert.c | 13 +++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 70b22edc405..abec7f5d132 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1786,6 +1786,7 @@ static PWINE_CERT_CONTEXT CRYPT_CreateCertificateContext(
 {
     PWINE_CERT_CONTEXT cert = NULL;
     BOOL ret;
+    PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
     PCERT_INFO certInfo = NULL;
     DWORD size = 0;
 
@@ -1795,13 +1796,25 @@ static PWINE_CERT_CONTEXT CRYPT_CreateCertificateContext(
     /* First try to decode it as a signed cert. */
     ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, pbCertEncoded,
      cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
-     (BYTE *)&certInfo, &size);
+     (BYTE *)&signedCert, &size);
+    if (ret)
+    {
+        size = 0;
+        ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
+         signedCert->ToBeSigned.pbData, signedCert->ToBeSigned.cbData,
+         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+         (BYTE *)&certInfo, &size);
+        LocalFree(signedCert);
+    }
     /* Failing that, try it as an unsigned cert */
     if (!ret)
+    {
+        size = 0;
         ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
          pbCertEncoded, cbCertEncoded,
          CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
          (BYTE *)&certInfo, &size);
+    }
     if (ret)
     {
         BYTE *data = NULL;
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index 7ff820f2708..64b06de1ad2 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -110,6 +110,12 @@ static const BYTE serializedCert[] = { 0x20, 0x00, 0x00, 0x00,
  0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
  0x01, 0x01 };
+static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
+ 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
+ 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
+ 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
 
 static void testMemStore(void)
 {
@@ -167,6 +173,13 @@ static void testMemStore(void)
         ok(ret, "CertDeleteCertificateFromStore failed: %08lx\n",
          GetLastError());
     }
+    /* try adding a "signed" CRL as a cert */
+    ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
+     signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
+    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG || GetLastError() ==
+     CRYPT_E_ASN1_CORRUPT),
+     "Expected CRYPT_E_ASN1_BADTAG or CRYPT_E_ASN1_CORRUPT, got %08lx\n",
+     GetLastError());
     /* add a cert to store1 */
     ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING, bigCert,
      sizeof(bigCert) - 1, CERT_STORE_ADD_ALWAYS, &context);
-- 
2.11.4.GIT