ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cryptui: Validate input file in CryptUIWizImport.

This commit is contained in:
Juan Lang 2008-12-22 19:16:48 -08:00 committed by Alexandre Julliard
parent 183df56c11
commit db91fdfaa8
3 changed files with 86 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dlls/cryptui/cryptui_En.rc
View File

@ -77,6 +77,8 @@ STRINGTABLE DISCARDABLE
IDS_IMPORT_FILTER_CMS "CMS/PKCS #7 Messages (*.spc; *.p7b)"
IDS_IMPORT_FILTER_ALL "All Files (*.*)"
IDS_IMPORT_EMPTY_FILE "Please select a file."
IDS_IMPORT_BAD_FORMAT "The file format is not recognized. Please select another file."
IDS_IMPORT_OPEN_FAILED "Could not open "
IDS_PURPOSE_SERVER_AUTH "Ensures the identify of a remote computer"
IDS_PURPOSE_CLIENT_AUTH "Proves your identity to a remote computer"
IDS_PURPOSE_CODE_SIGNING "Ensures software came from software publisher\nProtects software from alteration after publication"

2
dlls/cryptui/cryptuires.h
View File

@ -74,6 +74,8 @@
#define IDS_IMPORT_FILTER_CMS 1054
#define IDS_IMPORT_FILTER_ALL 1055
#define IDS_IMPORT_EMPTY_FILE 1056
#define IDS_IMPORT_BAD_FORMAT 1057
#define IDS_IMPORT_OPEN_FAILED 1058
#define IDS_PURPOSE_SERVER_AUTH 1100
#define IDS_PURPOSE_CLIENT_AUTH 1101

85
dlls/cryptui/main.c
View File

@ -3785,6 +3785,77 @@ struct ImportWizData
HCERTSTORE hDestCertStore;
};
static BOOL import_validate_filename(HWND hwnd, struct ImportWizData *data,
LPCWSTR fileName)
{
HANDLE file;
BOOL ret = FALSE;
file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, 0, NULL);
if (file != INVALID_HANDLE_VALUE)
{
HCERTSTORE source = open_store_from_file(data->dwFlags, fileName);
int warningID = 0;
if (!source)
warningID = IDS_IMPORT_BAD_FORMAT;
else if (!check_store_context_type(data->dwFlags, source))
warningID = IDS_IMPORT_TYPE_MISMATCH;
else
{
FIXME("save %s for import\n", debugstr_w(fileName));
CertCloseStore(source, 0);
ret = TRUE;
}
if (warningID)
{
import_warning(data->dwFlags, hwnd, data->pwszWizardTitle,
warningID);
}
CloseHandle(file);
}
else
{
WCHAR title[MAX_STRING_LEN], error[MAX_STRING_LEN];
LPCWSTR pTitle;
LPWSTR msgBuf, fullError;
if (data->pwszWizardTitle)
pTitle = data->pwszWizardTitle;
else
{
LoadStringW(hInstance, IDS_IMPORT_WIZARD, title,
sizeof(title) / sizeof(title[0]));
pTitle = title;
}
LoadStringW(hInstance, IDS_IMPORT_OPEN_FAILED, error,
sizeof(error) / sizeof(error[0]));
FormatMessageW(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,
GetLastError(), 0, (LPWSTR) &msgBuf, 0, NULL);
fullError = HeapAlloc(GetProcessHeap(), 0,
(strlenW(error) + strlenW(fileName) + strlenW(msgBuf) + 3)
* sizeof(WCHAR));
if (fullError)
{
LPWSTR ptr = fullError;
strcpyW(ptr, error);
ptr += strlenW(error);
strcpyW(ptr, fileName);
ptr += strlenW(fileName);
*ptr++ = ':';
*ptr++ = '\n';
strcpyW(ptr, msgBuf);
MessageBoxW(hwnd, fullError, pTitle, MB_ICONERROR | MB_OK);
HeapFree(GetProcessHeap(), 0, fullError);
}
LocalFree(msgBuf);
}
return ret;
}
static LRESULT CALLBACK import_file_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
LPARAM lp)
{
@ -3830,9 +3901,17 @@ static LRESULT CALLBACK import_file_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
LPWSTR fileName = HeapAlloc(GetProcessHeap(), 0,
(len + 1) * sizeof(WCHAR));
SendMessageW(fileNameEdit, WM_GETTEXT, len + 1,
(LPARAM)fileName);
FIXME("validate %s\n", debugstr_w(fileName));
if (fileName)
{
SendMessageW(fileNameEdit, WM_GETTEXT, len + 1,
(LPARAM)fileName);
if (!import_validate_filename(hwnd, data, fileName))
{
SetWindowLongPtrW(hwnd, DWLP_MSGRESULT, 1);
ret = 1;
}
HeapFree(GetProcessHeap(), 0, fileName);
}
}
break;
}