Fix a stack overflow with key > 2048 bits (not a security vulnerability)

OpenPGPCsp/OpenPGPCardv2.cpp

@@ -1042,7 +1042,8 @@ BOOL OpenPGPCardv2::DecryptOperation(__in PBYTE pbEncryptedData, __in DWORD cbEn
 	DWORD dwError = 0;
 	PBYTE pbTempDecryptedData = NULL;
 	DWORD dwCmdSize = 0, dwResponseSize;
-	BYTE pbCmd[6 + 256 + 256] = {0x00, 
+	PBYTE pbCmd = NULL;
+	BYTE pbCmdInit[] = {0x00, 
 		0x2A,
 		0x80,
 		0x86,
@@ -1051,6 +1052,21 @@ BOOL OpenPGPCardv2::DecryptOperation(__in PBYTE pbEncryptedData, __in DWORD cbEn
 	DWORD dwI;
 	__try
 	{
+		if (cbEncryptedData >= 256 && !m_fExtentedLeLcFields)
+		{
+			//TODO - implemented command chaining
+			Trace(TRACE_LEVEL_ERROR, L"Chaining not implemented");
+			dwError = SCARD_E_UNSUPPORTED_FEATURE;
+			__leave;
+		}
+		pbCmd = (PBYTE) malloc( 6 + 256 + cbEncryptedData);
+		if (!pbCmd)
+		{
+			Trace(TRACE_LEVEL_ERROR, L"SCARD_E_NO_MEMORY");
+			dwError = SCARD_E_NO_MEMORY;
+			__leave;
+		}
+		memcpy(pbCmd, pbCmdInit, sizeof(pbCmdInit));
 		// check the buffer size
 		dwCmdSize = 5;
 		if (m_fExtentedLeLcFields)
@@ -1103,6 +1119,10 @@ BOOL OpenPGPCardv2::DecryptOperation(__in PBYTE pbEncryptedData, __in DWORD cbEn
 			SecureZeroMemory(pbTempDecryptedData, dwResponseSize);
 			free(pbTempDecryptedData);
 		}
+		if (pbCmd)
+		{
+			free(pbCmd);
+		}
 	}
 	Trace(TRACE_LEVEL_VERBOSE, L"dwError = 0x%08X",dwError);
 	SetLastError(dwError);

OpenPGPCsp/OpenPGPCsp.vcxproj

@@ -32,7 +32,7 @@
     <PlatformToolset Condition="'$(VCTargetsPath11)' != ''">v110</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath12)' != ''">v120</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath14)' != ''">v140</PlatformToolset>
-	<PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
+    <PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
@@ -42,7 +42,7 @@
     <PlatformToolset Condition="'$(VCTargetsPath11)' != ''">v110</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath12)' != ''">v120</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath14)' != ''">v140</PlatformToolset>
-	<PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
+    <PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
@@ -52,7 +52,7 @@
     <PlatformToolset Condition="'$(VCTargetsPath11)' != ''">v110</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath12)' != ''">v120</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath14)' != ''">v140</PlatformToolset>
-	<PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
+    <PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
@@ -63,7 +63,7 @@
     <PlatformToolset Condition="'$(VCTargetsPath11)' != ''">v110</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath12)' != ''">v120</PlatformToolset>
     <PlatformToolset Condition="'$(VCTargetsPath14)' != ''">v140</PlatformToolset>
-	<PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
+    <PlatformToolset Condition="'$(VCTargetsPath15)' != ''">v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
@@ -118,16 +118,11 @@
       <ModuleDefinitionFile>OpenPGPCsp.def</ModuleDefinitionFile>
     </Link>
     <PostBuildEvent>
-      <Command>if not exist $(SolutionDir)\CodeSigning\certificate.pfx goto :exit
-
-@echo ================
+      <Command>@echo ================
 @echo sign binaries
 @echo ================
 
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /t http://timestamp.comodoca.com "$(TargetPath)"
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256  /as "$(TargetPath)"
+"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac "$(SolutionDir)\CodeSigning\DigiCert High Assurance EV Root CA.crt" /tr http://timestamp.digicert.com /td sha256 /fd sha256 /n "Ping Castle SAS" "$(TargetPath)"
 
 @echo Done signing
 :exit
@@ -149,16 +144,11 @@ IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0
       <ModuleDefinitionFile>OpenPGPCsp.def</ModuleDefinitionFile>
     </Link>
     <PostBuildEvent>
-      <Command>if not exist $(SolutionDir)\CodeSigning\certificate.pfx goto :exit
-
-@echo ================
+      <Command>@echo ================
 @echo sign binaries
 @echo ================
 
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /t http://timestamp.comodoca.com "$(TargetPath)"
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256  /as "$(TargetPath)"
+"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac "$(SolutionDir)\CodeSigning\DigiCert High Assurance EV Root CA.crt" /tr http://timestamp.digicert.com /td sha256 /fd sha256 /n "Ping Castle SAS" "$(TargetPath)"
 
 @echo Done signing
 :exit
@@ -184,16 +174,11 @@ IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0
       <ModuleDefinitionFile>OpenPGPCsp.def</ModuleDefinitionFile>
     </Link>
     <PostBuildEvent>
-      <Command>if not exist $(SolutionDir)\CodeSigning\certificate.pfx goto :exit
-
-@echo ================
+      <Command>@echo ================
 @echo sign binaries
 @echo ================
 
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /t http://timestamp.comodoca.com "$(TargetPath)"
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\addtrustexternalcaroot_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256  /as "$(TargetPath)"
+"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac "$(SolutionDir)\CodeSigning\DigiCert High Assurance EV Root CA.crt" /tr http://timestamp.digicert.com /td sha256 /fd sha256 /n "Ping Castle SAS" "$(TargetPath)"
 
 @echo Done signing
 :exit
@@ -219,16 +204,11 @@ IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0
       <ModuleDefinitionFile>OpenPGPCsp.def</ModuleDefinitionFile>
     </Link>
     <PostBuildEvent>
-      <Command>if not exist $(SolutionDir)\CodeSigning\certificate.pfx goto :exit
-
-@echo ================
+      <Command>@echo ================
 @echo sign binaries
 @echo ================
 
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\comodorsacertificationauthority_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /t http://timestamp.comodoca.com "$(TargetPath)"
-IF "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\comodorsacertificationauthority_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\comodorsacertificationauthority_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux "$(TargetPath)"
-IF "$(ConfigurationName)" NEQ "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac $(SolutionDir)\CodeSigning\comodorsacertificationauthority_kmod.crt /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux /fd sha256  /as "$(TargetPath)"
+"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac "$(SolutionDir)\CodeSigning\DigiCert High Assurance EV Root CA.crt" /tr http://timestamp.digicert.com /td sha256 /fd sha256 /n "Ping Castle SAS" "$(TargetPath)"
 
 @echo Done signing
 :exit

SetupOpenPGPCsp/SetupOpenPGPCsp.wixproj

@@ -61,7 +61,7 @@
   </ItemGroup>
   <Import Project="$(WixTargetsPath)" />
   <PropertyGroup>
-    <PostBuildEvent>IF /I "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /f $(SolutionDir)\CodeSigning\certificate.pfx /p vletoux  /t  http://timestamp.comodoca.com/authenticode "$(TargetDir)SetupOpenPGPCsp.msi"</PostBuildEvent>
+    <PostBuildEvent>IF /I "$(ConfigurationName)" == "Release" "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign  /d "OpenPGP CSP" /ac "$(SolutionDir)\CodeSigning\DigiCert High Assurance EV Root CA.crt" /tr http://timestamp.digicert.com /td sha256 /fd sha256 /n "Ping Castle SAS" "$(TargetDir)SetupOpenPGPCsp.msi"</PostBuildEvent>
   </PropertyGroup>
   <!--
 	To modify your build process, add your task inside one of the targets below and uncomment it.