diff options
| author | Rémi Verschelde <rverschelde@gmail.com> | 2020-03-09 19:06:57 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-09 19:06:57 +0100 |
| commit | 640169da5b20538c2d5c1106957461a3c988e2bc (patch) | |
| tree | 4d95c1195013c7d865be5fde8719344b2d22d5b4 /thirdparty/mbedtls/library/x509_crt.c | |
| parent | 65e0a2fb529b6ca83bfd64bec3848a16d4692659 (diff) | |
| parent | 9a727714eec2b0e535087bce84556232dea3c5e3 (diff) | |
| download | redot-engine-640169da5b20538c2d5c1106957461a3c988e2bc.tar.gz | |
Merge pull request #36943 from akien-mga/mbedtls-reapply-pr1453
mbedtls: Re-apply upstream PR 1453 after #36823
Diffstat (limited to 'thirdparty/mbedtls/library/x509_crt.c')
| -rw-r--r-- | thirdparty/mbedtls/library/x509_crt.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c index 9c2e36547e..a3697f13f9 100644 --- a/thirdparty/mbedtls/library/x509_crt.c +++ b/thirdparty/mbedtls/library/x509_crt.c @@ -65,6 +65,19 @@ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include <windows.h> +#if defined(_MSC_VER) && _MSC_VER <= 1600 +/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and + * <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants. + * These constants are guaranteed to be the same, though, so we suppress the + * warning when including intsafe.h. + */ +#pragma warning( push ) +#pragma warning( disable : 4005 ) +#endif +#include <intsafe.h> +#if defined(_MSC_VER) && _MSC_VER <= 1600 +#pragma warning( pop ) +#endif #else #include <time.h> #endif @@ -1277,6 +1290,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) char filename[MAX_PATH]; char *p; size_t len = strlen( path ); + int lengthAsInt = 0; WIN32_FIND_DATAW file_data; HANDLE hFind; @@ -1291,7 +1305,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, + if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) ) + return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + + /* + * Note this function uses the code page CP_ACP, and assumes the incoming + * string is encoded in ANSI, before translating it into Unicode. If the + * incoming string were changed to be UTF-8, then the length check needs to + * change to check the number of characters, not the number of bytes, in the + * incoming string are less than MAX_PATH to avoid a buffer overrun with + * MultiByteToWideChar(). + */ + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); @@ -1308,8 +1333,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) continue; + if ( FAILED( SizeTToInt( wcslen( file_data.cFileName ), &lengthAsInt ) ) ) + return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, - lstrlenW( file_data.cFileName ), + lengthAsInt, p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) |