Juan Lang : cryptui: Validate input file in CryptUIWizImport.
Alexandre Julliard
julliard at winehq.org
Tue Dec 23 13:41:26 CST 2008
Module: wine
Branch: master
Commit: db91fdfaa8204fd77d5f4667c5342d60183f6062
URL: http://source.winehq.org/git/wine.git/?a=commit;h=db91fdfaa8204fd77d5f4667c5342d60183f6062
Author: Juan Lang <juan.lang at gmail.com>
Date: Mon Dec 22 19:16:48 2008 -0800
cryptui: Validate input file in CryptUIWizImport.
---
dlls/cryptui/cryptui_En.rc | 2 +
dlls/cryptui/cryptuires.h | 2 +
dlls/cryptui/main.c | 85 ++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 86 insertions(+), 3 deletions(-)
diff --git a/dlls/cryptui/cryptui_En.rc b/dlls/cryptui/cryptui_En.rc
index 9f42d2e..7557cf0 100644
--- a/dlls/cryptui/cryptui_En.rc
+++ b/dlls/cryptui/cryptui_En.rc
@@ -77,6 +77,8 @@ STRINGTABLE DISCARDABLE
IDS_IMPORT_FILTER_CMS "CMS/PKCS #7 Messages (*.spc; *.p7b)"
IDS_IMPORT_FILTER_ALL "All Files (*.*)"
IDS_IMPORT_EMPTY_FILE "Please select a file."
+ IDS_IMPORT_BAD_FORMAT "The file format is not recognized. Please select another file."
+ IDS_IMPORT_OPEN_FAILED "Could not open "
IDS_PURPOSE_SERVER_AUTH "Ensures the identify of a remote computer"
IDS_PURPOSE_CLIENT_AUTH "Proves your identity to a remote computer"
IDS_PURPOSE_CODE_SIGNING "Ensures software came from software publisher\nProtects software from alteration after publication"
diff --git a/dlls/cryptui/cryptuires.h b/dlls/cryptui/cryptuires.h
index b5883a6..9004dc7 100644
--- a/dlls/cryptui/cryptuires.h
+++ b/dlls/cryptui/cryptuires.h
@@ -74,6 +74,8 @@
#define IDS_IMPORT_FILTER_CMS 1054
#define IDS_IMPORT_FILTER_ALL 1055
#define IDS_IMPORT_EMPTY_FILE 1056
+#define IDS_IMPORT_BAD_FORMAT 1057
+#define IDS_IMPORT_OPEN_FAILED 1058
#define IDS_PURPOSE_SERVER_AUTH 1100
#define IDS_PURPOSE_CLIENT_AUTH 1101
diff --git a/dlls/cryptui/main.c b/dlls/cryptui/main.c
index 4c53d88..f8450cc 100644
--- a/dlls/cryptui/main.c
+++ b/dlls/cryptui/main.c
@@ -3785,6 +3785,77 @@ struct ImportWizData
HCERTSTORE hDestCertStore;
};
+static BOOL import_validate_filename(HWND hwnd, struct ImportWizData *data,
+ LPCWSTR fileName)
+{
+ HANDLE file;
+ BOOL ret = FALSE;
+
+ file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
+ OPEN_EXISTING, 0, NULL);
+ if (file != INVALID_HANDLE_VALUE)
+ {
+ HCERTSTORE source = open_store_from_file(data->dwFlags, fileName);
+ int warningID = 0;
+
+ if (!source)
+ warningID = IDS_IMPORT_BAD_FORMAT;
+ else if (!check_store_context_type(data->dwFlags, source))
+ warningID = IDS_IMPORT_TYPE_MISMATCH;
+ else
+ {
+ FIXME("save %s for import\n", debugstr_w(fileName));
+ CertCloseStore(source, 0);
+ ret = TRUE;
+ }
+ if (warningID)
+ {
+ import_warning(data->dwFlags, hwnd, data->pwszWizardTitle,
+ warningID);
+ }
+ CloseHandle(file);
+ }
+ else
+ {
+ WCHAR title[MAX_STRING_LEN], error[MAX_STRING_LEN];
+ LPCWSTR pTitle;
+ LPWSTR msgBuf, fullError;
+
+ if (data->pwszWizardTitle)
+ pTitle = data->pwszWizardTitle;
+ else
+ {
+ LoadStringW(hInstance, IDS_IMPORT_WIZARD, title,
+ sizeof(title) / sizeof(title[0]));
+ pTitle = title;
+ }
+ LoadStringW(hInstance, IDS_IMPORT_OPEN_FAILED, error,
+ sizeof(error) / sizeof(error[0]));
+ FormatMessageW(
+ FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,
+ GetLastError(), 0, (LPWSTR) &msgBuf, 0, NULL);
+ fullError = HeapAlloc(GetProcessHeap(), 0,
+ (strlenW(error) + strlenW(fileName) + strlenW(msgBuf) + 3)
+ * sizeof(WCHAR));
+ if (fullError)
+ {
+ LPWSTR ptr = fullError;
+
+ strcpyW(ptr, error);
+ ptr += strlenW(error);
+ strcpyW(ptr, fileName);
+ ptr += strlenW(fileName);
+ *ptr++ = ':';
+ *ptr++ = '\n';
+ strcpyW(ptr, msgBuf);
+ MessageBoxW(hwnd, fullError, pTitle, MB_ICONERROR | MB_OK);
+ HeapFree(GetProcessHeap(), 0, fullError);
+ }
+ LocalFree(msgBuf);
+ }
+ return ret;
+}
+
static LRESULT CALLBACK import_file_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
LPARAM lp)
{
@@ -3830,9 +3901,17 @@ static LRESULT CALLBACK import_file_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
LPWSTR fileName = HeapAlloc(GetProcessHeap(), 0,
(len + 1) * sizeof(WCHAR));
- SendMessageW(fileNameEdit, WM_GETTEXT, len + 1,
- (LPARAM)fileName);
- FIXME("validate %s\n", debugstr_w(fileName));
+ if (fileName)
+ {
+ SendMessageW(fileNameEdit, WM_GETTEXT, len + 1,
+ (LPARAM)fileName);
+ if (!import_validate_filename(hwnd, data, fileName))
+ {
+ SetWindowLongPtrW(hwnd, DWLP_MSGRESULT, 1);
+ ret = 1;
+ }
+ HeapFree(GetProcessHeap(), 0, fileName);
+ }
}
break;
}
More information about the wine-cvs
mailing list