Bugs item #1879305, was opened at 2008-01-24 14:57 Message generated for change (Comment added) made by robmen You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1879305&group_id=105970
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: extensions Group: v3.0 >Status: Pending Resolution: Fixed Priority: 7 Private: No Submitted By: Luke Bakken (lb008d) Assigned to: Rob Mensching (robmen) Summary: CompareStringW() incorrect usage. Initial Comment: src/ca/serverca/scasched/scahttpheader.cpp src/ca/serverca/scaexec/scacertexec.cpp Both of these files have usages of CompareStringW() in which 0 is passed as the "string length parameter" for both strings to be compared. I noticed the side effect of this in uninstalling a program that had installed several certificates - it deleted all certificates in the store that had a friendly name (since the comparison always returned 2)! Yikes, my root cert store is a lot smaller now! Attached are patches to fix this. Hopefully it's in the correct diff format for you. I tested the fix in scacertexec.cpp and assumed that the same fix applies to the other file. http://msdn2.microsoft.com/en-us/library/ms647476(VS.85).aspx ---------------------------------------------------------------------- >Comment By: Rob Mensching (robmen) Date: 2008-05-02 15:27 Message: Logged In: YES user_id=991639 Originator: NO Re-resolving pending since this will be fixed in the next push. ---------------------------------------------------------------------- Comment By: Luke Bakken (lb008d) Date: 2008-05-02 07:38 Message: Logged In: YES user_id=1349505 Originator: YES Thanks Rob! ---------------------------------------------------------------------- Comment By: Rob Mensching (robmen) Date: 2008-05-02 02:48 Message: Logged In: YES user_id=991639 Originator: NO Indeed. Fixed in next build. ---------------------------------------------------------------------- Comment By: Luke Bakken (lb008d) Date: 2008-01-30 08:48 Message: Logged In: YES user_id=1349505 Originator: YES Moving this to a priority 7 since someone who uses the existing code to install a root certificate and then uninstalls it will delete the majority of the certs in the root store. ---------------------------------------------------------------------- Comment By: Thomas Meckel (tmeckel) Date: 2008-01-29 08:27 Message: Logged In: YES user_id=627487 Originator: NO Find additional place where CompareStringW is incorrectly used: scacert.cpp/674 if (::CertGetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, reinterpret_cast<BYTE*>(wzFriendlyName), &cbFriendlyName) && CSTR_EQUAL == ::CompareStringW(LOCALE_SYSTEM_DEFAULT, 0, wzName, 0, wzFriendlyName, 0)) { ... } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1879305&group_id=105970 ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ WiX-devs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-devs
