From 3ab9c8f055aeae05cce4d150e7583b8d851b9bbd Mon Sep 17 00:00:00 2001 From: dkulwin Date: Sat, 31 Oct 2015 12:06:10 -0500 Subject: [PATCH] fix bug in cng cipher keyobject processing KeyObject for cipher symmetric key was being allocated improperly due to an error in getting the key object size. Also added code to free keyobject in the event of a key creation failure. --- contrib/win32/win32compat/cng_cipher.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/contrib/win32/win32compat/cng_cipher.c b/contrib/win32/win32compat/cng_cipher.c index d3d756a..5338b6e 100644 --- a/contrib/win32/win32compat/cng_cipher.c +++ b/contrib/win32/win32compat/cng_cipher.c @@ -286,7 +286,7 @@ unsigned int cng_cipher_init(PSSH_CNG_CIPHER_CTX x, const unsigned char *key, un status = BCryptGetProperty( hAlg, BCRYPT_OBJECT_LENGTH, - (PBYTE)cbKeyObject, + (PBYTE)&cbKeyObject, sizeof(DWORD), &cbData, 0); @@ -305,11 +305,15 @@ unsigned int cng_cipher_init(PSSH_CNG_CIPHER_CTX x, const unsigned char *key, un } BCryptCloseAlgorithmProvider(hAlg, 0); - // if we got an error along the way, free up the iv + // if we got an error along the way, free up the iv and key object if (status != S_OK && x->pbIV) { HeapFree(GetProcessHeap(), 0, x->pbIV); } + if (status != S_OK && x->pKeyObject) + { + HeapFree(GetProcessHeap(), 0, x->pKeyObject); + } } return status; }