Bugs item #1879305, was opened at 2008-01-24 23:57 Message generated for change (Comment added) made by tmeckel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1879305&group_id=105970
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: extensions Group: v3.0 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Luke Bakken (lb008d) Assigned to: Scott Kurtzeborn (scotk) Summary: CompareStringW() incorrect usage. Initial Comment: src/ca/serverca/scasched/scahttpheader.cpp src/ca/serverca/scaexec/scacertexec.cpp Both of these files have usages of CompareStringW() in which 0 is passed as the "string length parameter" for both strings to be compared. I noticed the side effect of this in uninstalling a program that had installed several certificates - it deleted all certificates in the store that had a friendly name (since the comparison always returned 2)! Yikes, my root cert store is a lot smaller now! Attached are patches to fix this. Hopefully it's in the correct diff format for you. I tested the fix in scacertexec.cpp and assumed that the same fix applies to the other file. http://msdn2.microsoft.com/en-us/library/ms647476(VS.85).aspx ---------------------------------------------------------------------- Comment By: Thomas Meckel (tmeckel) Date: 2008-01-29 17:27 Message: Logged In: YES user_id=627487 Originator: NO Find additional place where CompareStringW is incorrectly used: scacert.cpp/674 if (::CertGetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, reinterpret_cast<BYTE*>(wzFriendlyName), &cbFriendlyName) && CSTR_EQUAL == ::CompareStringW(LOCALE_SYSTEM_DEFAULT, 0, wzName, 0, wzFriendlyName, 0)) { ... } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1879305&group_id=105970 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ WiX-devs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-devs
