crypt32: Fix potential buffer overruns in CertGetNameStringW.

2025-02-22 22:01:51 +00:00 · 2009-09-09 08:40:44 -07:00 · 2009-09-09 08:40:44 -07:00 · 5cefdb68c5
commit 5cefdb68c5
parent a83f94afa2
1 changed files with 4 additions and 4 deletions
--- a/dlls/crypt32/str.c
+++ b/dlls/crypt32/str.c
@ -1018,7 +1018,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
        {
            if (!pszNameString)
                ret = strlenW(entry->pwszRfc822Name) + 1;
-            else
+            else if (cchNameString)
            {
                ret = min(strlenW(entry->pwszRfc822Name), cchNameString - 1);
                memcpy(pszNameString, entry->pwszRfc822Name,
@ -1103,7 +1103,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
                {
                    if (!pszNameString)
                        ret = strlenW(entry->pwszRfc822Name) + 1;
-                    else
+                    else if (cchNameString)
                    {
                        ret = min(strlenW(entry->pwszRfc822Name),
                         cchNameString - 1);
@ -1140,7 +1140,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
        {
            if (!pszNameString)
                ret = strlenW(entry->pwszDNSName) + 1;
-            else
+            else if (cchNameString)
            {
                ret = min(strlenW(entry->pwszDNSName), cchNameString - 1);
                memcpy(pszNameString, entry->pwszDNSName, ret * sizeof(WCHAR));
@ -1164,7 +1164,7 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
        {
            if (!pszNameString)
                ret = strlenW(entry->pwszURL) + 1;
-            else
+            else if (cchNameString)
            {
                ret = min(strlenW(entry->pwszURL), cchNameString - 1);
                memcpy(pszNameString, entry->pwszURL, ret * sizeof(WCHAR));