Juan Lang : cryptui: Validate input file in CryptUIWizImport. - wine-commits

23 Dec 2008

Module: wine
Branch: master
Commit: db91fdfaa8204fd77d5f4667c5342d60183f6062
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=db91fdfaa8204fd77d5f4667c5...
Author: Juan Lang juan.lang@gmail.com
Date:   Mon Dec 22 19:16:48 2008 -0800
cryptui: Validate input file in CryptUIWizImport.
---
dlls/cryptui/cryptui_En.rc |    2 +
 dlls/cryptui/cryptuires.h  |    2 +
 dlls/cryptui/main.c        |   85 ++++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 86 insertions(+), 3 deletions(-)

diff --git a/dlls/cryptui/cryptui_En.rc b/dlls/cryptui/cryptui_En.rc
index 9f42d2e..7557cf0 100644
--- a/dlls/cryptui/cryptui_En.rc
+++ b/dlls/cryptui/cryptui_En.rc
@@ -77,6 +77,8 @@ STRINGTABLE DISCARDABLE
     IDS_IMPORT_FILTER_CMS "CMS/PKCS #7 Messages (*.spc; *.p7b)"
     IDS_IMPORT_FILTER_ALL "All Files (*.*)"
     IDS_IMPORT_EMPTY_FILE "Please select a file."
+    IDS_IMPORT_BAD_FORMAT "The file format is not recognized.  Please select another file."
+    IDS_IMPORT_OPEN_FAILED "Could not open "
     IDS_PURPOSE_SERVER_AUTH "Ensures the identify of a remote computer"
     IDS_PURPOSE_CLIENT_AUTH "Proves your identity to a remote computer"
     IDS_PURPOSE_CODE_SIGNING "Ensures software came from software publisher\nProtects software from alteration after publication"
diff --git a/dlls/cryptui/cryptuires.h b/dlls/cryptui/cryptuires.h
index b5883a6..9004dc7 100644
--- a/dlls/cryptui/cryptuires.h
+++ b/dlls/cryptui/cryptuires.h
@@ -74,6 +74,8 @@
 #define IDS_IMPORT_FILTER_CMS 1054
 #define IDS_IMPORT_FILTER_ALL 1055
 #define IDS_IMPORT_EMPTY_FILE 1056
+#define IDS_IMPORT_BAD_FORMAT 1057
+#define IDS_IMPORT_OPEN_FAILED 1058
#define IDS_PURPOSE_SERVER_AUTH 1100
 #define IDS_PURPOSE_CLIENT_AUTH 1101
diff --git a/dlls/cryptui/main.c b/dlls/cryptui/main.c
index 4c53d88..f8450cc 100644
--- a/dlls/cryptui/main.c
+++ b/dlls/cryptui/main.c
@@ -3785,6 +3785,77 @@ struct ImportWizData
     HCERTSTORE hDestCertStore;
 };
+static BOOL import_validate_filename(HWND hwnd, struct ImportWizData *data,
+ LPCWSTR fileName)
+{
+    HANDLE file;
+    BOOL ret = FALSE;
+
+    file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
+     OPEN_EXISTING, 0, NULL);
+    if (file != INVALID_HANDLE_VALUE)
+    {
+        HCERTSTORE source = open_store_from_file(data->dwFlags, fileName);
+        int warningID = 0;
+
+        if (!source)
+            warningID = IDS_IMPORT_BAD_FORMAT;
+        else if (!check_store_context_type(data->dwFlags, source))
+            warningID = IDS_IMPORT_TYPE_MISMATCH;
+        else
+        {
+            FIXME("save %s for import\n", debugstr_w(fileName));
+            CertCloseStore(source, 0);
+            ret = TRUE;
+        }
+        if (warningID)
+        {
+            import_warning(data->dwFlags, hwnd, data->pwszWizardTitle,
+             warningID);
+        }
+        CloseHandle(file);
+    }
+    else
+    {
+        WCHAR title[MAX_STRING_LEN], error[MAX_STRING_LEN];
+        LPCWSTR pTitle;
+        LPWSTR msgBuf, fullError;
+
+        if (data->pwszWizardTitle)
+            pTitle = data->pwszWizardTitle;
+        else
+        {
+            LoadStringW(hInstance, IDS_IMPORT_WIZARD, title,
+             sizeof(title) / sizeof(title[0]));
+            pTitle = title;
+        }
+        LoadStringW(hInstance, IDS_IMPORT_OPEN_FAILED, error,
+         sizeof(error) / sizeof(error[0]));
+        FormatMessageW(
+         FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,
+         GetLastError(), 0, (LPWSTR) &msgBuf, 0, NULL);
+        fullError = HeapAlloc(GetProcessHeap(), 0,
+         (strlenW(error) + strlenW(fileName) + strlenW(msgBuf) + 3)
+         * sizeof(WCHAR));
+        if (fullError)
+        {
+            LPWSTR ptr = fullError;
+
+            strcpyW(ptr, error);
+            ptr += strlenW(error);
+            strcpyW(ptr, fileName);
+            ptr += strlenW(fileName);
+            *ptr++ = ':';
+            *ptr++ = '\n';
+            strcpyW(ptr, msgBuf);
+            MessageBoxW(hwnd, fullError, pTitle, MB_ICONERROR | MB_OK);
+            HeapFree(GetProcessHeap(), 0, fullError);
+        }
+        LocalFree(msgBuf);
+    }
+    return ret;
+}
+
 static LRESULT CALLBACK import_file_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
  LPARAM lp)
 {
@@ -3830,9 +3901,17 @@ static LRESULT CALLBACK import_file_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
                 LPWSTR fileName = HeapAlloc(GetProcessHeap(), 0,
                  (len + 1) * sizeof(WCHAR));
-                SendMessageW(fileNameEdit, WM_GETTEXT, len + 1,
-                 (LPARAM)fileName);
-                FIXME("validate %s\n", debugstr_w(fileName));
+                if (fileName)
+                {
+                    SendMessageW(fileNameEdit, WM_GETTEXT, len + 1,
+                     (LPARAM)fileName);
+                    if (!import_validate_filename(hwnd, data, fileName))
+                    {
+                        SetWindowLongPtrW(hwnd, DWLP_MSGRESULT, 1);
+                        ret = 1;
+                    }
+                    HeapFree(GetProcessHeap(), 0, fileName);
+                }
             }
             break;
         }

    