Hi,
+ DWORD find_type;
> + const void *find_param;
if (!strncmp(cert_prop, "SUBJ:", 5))
> {
+ find_param = cert_prop + 5;
> + find_type = CERT_FIND_SUBJECT_STR_A;
> }
> else if (!strncmp(cert_prop, "THUMB:", 6))
> {
> + find_type = CERT_FIND_HASH;
> + find_param = &blob;
> + }
> + while(true)
> + {
> rv = CertFindCertificateInStore(cert_store, X509_ASN_ENCODING |
> PKCS_7_ASN_ENCODING,
> + 0, find_type, find_param, rv);
>
This explodes if cert_prop doesn't start with either "SUBJ:" or "THUMB:"
since we pass
uninitialized arguments.
This problem didn't exist before, since we looked for certificate inside
above "if" blocks where
both variables are initialized.
Another thing:
+ unsigned char hash[255];
> + CRYPT_HASH_BLOB blob = {.cbData = 0, .pbData = hash};
>
> else if (!strncmp(cert_prop, "THUMB:", 6))
> {
> - unsigned char hash[255];
> - CRYPT_HASH_BLOB blob;
>
Why did you move "hash" and "blob" to the outer scope? I think those
variables should stay where they have been, since they're not used outside
of "if".
-Lev
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
