diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-29 13:33:37 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-12-05 12:36:42 +0000 |
commit | be9379f8a8e2bfd924966020d177552d01833fdb (patch) | |
tree | db23482d49a7ea01f4436d97d13f9bb4fc0c5c77 /src/syscall | |
parent | 4de4480dc34fbe4f7b0ed97eada26aef7a7e2337 (diff) | |
download | go-be9379f8a8e2bfd924966020d177552d01833fdb.tar.gz go-be9379f8a8e2bfd924966020d177552d01833fdb.zip |
syscall: correct CertOpenStore to expect a 0 return value on failure
According to [1], this function returns NULL when it errors, rather than
INVALID_HANDLE_VALUE, which other Win32 functions return. This was
pointed out in CL 273446 for the x/sys package, and this patch here
cleans it up for the syscall package and updates the vendored x/sys
package using the usual `go get/go mod vendor` dance. The function is
currently in use by crypto/x509/root_windows.go, which calls
CertOpenStore(CERT_STORE_PROV_MEMORY), which I assume can fail under OOM
or other weird conditions. Quick reversing indicates that [1] is
correct, as there's a `xor eax, eax` in the error paths of the function
just before jumping to the epilogue.
[1] https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore#return-value
Change-Id: I77c0b0319c13313212f8710785252c494da56ed5
Reviewed-on: https://go-review.googlesource.com/c/go/+/273827
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
Trust: Alex Brainman <alex.brainman@gmail.com>
Diffstat (limited to 'src/syscall')
-rw-r--r-- | src/syscall/syscall_windows.go | 2 | ||||
-rw-r--r-- | src/syscall/zsyscall_windows.go | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/syscall/syscall_windows.go b/src/syscall/syscall_windows.go index 0eea2b87a9..c1a12ccba3 100644 --- a/src/syscall/syscall_windows.go +++ b/src/syscall/syscall_windows.go @@ -260,7 +260,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile //sys ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW //sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW -//sys CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) [failretval==InvalidHandle] = crypt32.CertOpenStore +//sys CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) = crypt32.CertOpenStore //sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore //sys CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore //sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore diff --git a/src/syscall/zsyscall_windows.go b/src/syscall/zsyscall_windows.go index 5d03ca9de9..86c4cac2ad 100644 --- a/src/syscall/zsyscall_windows.go +++ b/src/syscall/zsyscall_windows.go @@ -399,7 +399,7 @@ func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, a func CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) { r0, _, e1 := Syscall6(procCertOpenStore.Addr(), 5, uintptr(storeProvider), uintptr(msgAndCertEncodingType), uintptr(cryptProv), uintptr(flags), uintptr(para), 0) handle = Handle(r0) - if handle == InvalidHandle { + if handle == 0 { err = errnoErr(e1) } return |