[Libreoffice-commits] core.git: xmlsecurity/source

Tor Lillqvist tml at collabora.com
Thu May 19 16:18:10 UTC 2016


 xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx |   33 +++++++---
 1 file changed, 26 insertions(+), 7 deletions(-)

New commits:
commit 5e0bdb52e9411dda2cd1086005b469fd833dca9f
Author: Tor Lillqvist <tml at collabora.com>
Date:   Thu May 19 18:59:56 2016 +0300

    Make X509Certificate_MSCryptImpl::getCertificateUsage() actually work
    
    According to MSDN, calling CryptDecodeObject() with X509_KEY_USAGE
    fills in a CRYPT_BIT_BLOB struct, not a CERT_KEY_USAGE_RESTRICTION_INFO
    one.
    
    Avoid potential complications of using CRYPT_DECODE_NOCOPY_FLAG.
    Instead, just follow the normal pattern of first finding out the size
    of buffer needed, allocate a such buffer, and then call the API again,
    passing that buffer. When called without CRYPT_DECODE_NOCOPY_FLAG, at
    least, it's what pbData points to that contains the usage bits, not
    the pointer value itself.
    
    Add SAL_WARNs for cleartext error messages in all error cases.
    
    Change-Id: I9b9f7d08d6013753d127c723dedd959109a85c97

diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
index 797cf9a..4c975a2 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -21,6 +21,7 @@
 
 #include <sal/config.h>
 #include <comphelper/servicehelper.hxx>
+#include <comphelper/windowserrorstring.hxx>
 #include "x509certificate_mscryptimpl.hxx"
 #include "certificateextension_xmlsecimpl.hxx"
 #include "sanextension_mscryptimpl.hxx"
@@ -31,6 +32,7 @@
 #include <osl/nlsupport.h>
 #include <osl/process.h>
 #include <utility>
+#include <vector>
 #include <tools/time.hxx>
 
 // Needed only for Windows XP.
@@ -622,21 +624,38 @@ sal_Int32 SAL_CALL X509Certificate_MSCryptImpl::getCertificateUsage(  )
 
         if (pExtn != NULL)
         {
-            CERT_KEY_USAGE_RESTRICTION_INFO keyUsage;
-            DWORD length = sizeof(CERT_KEY_USAGE_RESTRICTION_INFO);
-
+            DWORD length = 0;
             bool rc = CryptDecodeObject(
                 X509_ASN_ENCODING,
                 X509_KEY_USAGE,
                 pExtn->Value.pbData,
                 pExtn->Value.cbData,
-                CRYPT_DECODE_NOCOPY_FLAG,
-                (void *)&keyUsage,
+                0,
+                NULL,
                 &length);
 
-            if (rc && keyUsage.RestrictedKeyUsage.cbData!=0)
+            if (!rc)
+                SAL_WARN("xmlsecurity.xmlsec", "CryptDecodeObject failed: " << WindowsErrorString(GetLastError()));
+            else
             {
-                usage = (sal_Int32)keyUsage.RestrictedKeyUsage.pbData;
+                std::vector<char>buffer(length);
+
+                rc = CryptDecodeObject(
+                    X509_ASN_ENCODING,
+                    X509_KEY_USAGE,
+                    pExtn->Value.pbData,
+                    pExtn->Value.cbData,
+                    0,
+                    (void *)buffer.data(),
+                    &length);
+
+                CRYPT_BIT_BLOB *blob = (CRYPT_BIT_BLOB*)buffer.data();
+                if (!rc)
+                    SAL_WARN("xmlsecurity.xmlsec", "CryptDecodeObject failed: " << WindowsErrorString(GetLastError()));
+                else if (blob->cbData == 1)
+                    usage = blob->pbData[0];
+                else
+                    SAL_WARN("xmlsecurity.xmlsec", "CryptDecodeObject(X509_KEY_USAGE) returned unexpected amount of data: " << blob->cbData);
             }
         }
     }


More information about the Libreoffice-commits mailing list