cryptui: Validate password in export wizard.

0eefd4fb · Juan Lang · Alexandre Julliard · 6209459b · 0eefd4fb · 0eefd4fb
Commit 0eefd4fb authored Feb 01, 2009 by Juan Lang Committed by Alexandre Julliard Feb 09, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 79 additions and 0 deletions

cryptui_En.rc dlls/cryptui/cryptui_En.rc +1 -0

cryptuires.h dlls/cryptui/cryptuires.h +1 -0

main.c dlls/cryptui/main.c +77 -0

No files found.
--- a/dlls/cryptui/cryptui_En.rc
+++ b/dlls/cryptui/cryptui_En.rc
@@ -165,6 +165,7 @@ STRINGTABLE DISCARDABLE
    IDS_EXPORT_PRIVATE_KEY_SUBTITLE "The certificate contains a private key which may be exported along with the certificate."
    IDS_EXPORT_PASSWORD_TITLE "Enter Password"
    IDS_EXPORT_PASSWORD_SUBTITLE "You may password-protect a private key."
+    IDS_EXPORT_PASSWORD_MISMATCH "The passwords do not match."
 }

 IDD_GENERAL DIALOG DISCARDABLE 0, 0, 255, 236

--- a/dlls/cryptui/cryptuires.h
+++ b/dlls/cryptui/cryptuires.h
@@ -164,6 +164,7 @@
 #define IDS_EXPORT_PRIVATE_KEY_SUBTITLE 1221
 #define IDS_EXPORT_PASSWORD_TITLE 1222
 #define IDS_EXPORT_PASSWORD_SUBTITLE 1223
+#define IDS_EXPORT_PASSWORD_MISMATCH 1224

 #define IDD_GENERAL 100
 #define IDD_DETAIL 101

--- a/dlls/cryptui/main.c
+++ b/dlls/cryptui/main.c
@@ -5517,6 +5517,7 @@ struct ExportWizData
    LPCWSTR pwszWizardTitle;
    CRYPTUI_WIZ_EXPORT_INFO exportInfo;
    CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO contextInfo;
+    BOOL freePassword;
    LPWSTR fileName;
    HANDLE file;
    BOOL success;
@@ -5776,6 +5777,25 @@ static LRESULT CALLBACK export_format_dlg_proc(HWND hwnd, UINT msg, WPARAM wp,
    return ret;
 }

+static void export_password_mismatch(HWND hwnd, struct ExportWizData *data)
+{
+    WCHAR title[MAX_STRING_LEN], error[MAX_STRING_LEN];
+    LPCWSTR pTitle;
+
+    if (data->pwszWizardTitle)
+        pTitle = data->pwszWizardTitle;
+    else
+    {
+        LoadStringW(hInstance, IDS_EXPORT_WIZARD, title,
+         sizeof(title) / sizeof(title[0]));
+        pTitle = title;
+    }
+    LoadStringW(hInstance, IDS_EXPORT_PASSWORD_MISMATCH, error,
+     sizeof(error) / sizeof(error[0]));
+    MessageBoxW(hwnd, error, pTitle, MB_ICONERROR | MB_OK);
+    SetFocus(GetDlgItem(hwnd, IDC_EXPORT_PASSWORD));
+}
+
 static LRESULT CALLBACK export_password_dlg_proc(HWND hwnd, UINT msg,
 WPARAM wp, LPARAM lp)
 {
@@ -5803,6 +5823,58 @@ static LRESULT CALLBACK export_password_dlg_proc(HWND hwnd, UINT msg,
             PSWIZB_BACK | PSWIZB_NEXT);
            ret = TRUE;
            break;
+        case PSN_WIZNEXT:
+        {
+            HWND passwordEdit = GetDlgItem(hwnd, IDC_EXPORT_PASSWORD);
+            HWND passwordConfirmEdit = GetDlgItem(hwnd,
+             IDC_EXPORT_PASSWORD_CONFIRM);
+            DWORD passwordLen = SendMessageW(passwordEdit, WM_GETTEXTLENGTH,
+             0, 0);
+            DWORD passwordConfirmLen = SendMessageW(passwordConfirmEdit,
+             WM_GETTEXTLENGTH, 0, 0);
+
+            data = (struct ExportWizData *)GetWindowLongPtrW(hwnd, DWLP_USER);
+            if (!passwordLen && !passwordConfirmLen)
+                data->contextInfo.pwszPassword = NULL;
+            else if (passwordLen != passwordConfirmLen)
+            {
+                export_password_mismatch(hwnd, data);
+                SetWindowLongPtrW(hwnd, DWLP_MSGRESULT, 1);
+                ret = 1;
+            }
+            else
+            {
+                LPWSTR password = HeapAlloc(GetProcessHeap(), 0,
+                 (passwordLen + 1) * sizeof(WCHAR));
+                LPWSTR passwordConfirm = HeapAlloc(GetProcessHeap(), 0,
+                 (passwordConfirmLen + 1) * sizeof(WCHAR));
+                BOOL freePassword = TRUE;
+
+                if (password && passwordConfirm)
+                {
+                    SendMessageW(passwordEdit, WM_GETTEXT, passwordLen + 1,
+                     (LPARAM)password);
+                    SendMessageW(passwordConfirmEdit, WM_GETTEXT,
+                     passwordConfirmLen + 1, (LPARAM)passwordConfirm);
+                    if (strcmpW(password, passwordConfirm))
+                    {
+                        export_password_mismatch(hwnd, data);
+                        SetWindowLongPtrW(hwnd, DWLP_MSGRESULT, 1);
+                        ret = 1;
+                    }
+                    else
+                    {
+                        data->contextInfo.pwszPassword = password;
+                        freePassword = FALSE;
+                        data->freePassword = TRUE;
+                    }
+                }
+                if (freePassword)
+                    HeapFree(GetProcessHeap(), 0, password);
+                HeapFree(GetProcessHeap(), 0, passwordConfirm);
+            }
+            break;
+        }
        }
        break;
    }
@@ -6493,6 +6565,8 @@ static BOOL show_export_ui(DWORD dwFlags, HWND hwndParent,
    data.contextInfo.fExportChain = FALSE;
    data.contextInfo.fStrongEncryption = FALSE;
    data.contextInfo.fExportPrivateKeys = FALSE;
+    data.contextInfo.pwszPassword = NULL;
+    data.freePassword = FALSE;
    if (pExportInfo->dwSubjectChoice == CRYPTUI_WIZ_EXPORT_CERT_CONTEXT &&
     pvoid)
        memcpy(&data.contextInfo, pvoid,
@@ -6609,6 +6683,9 @@ static BOOL show_export_ui(DWORD dwFlags, HWND hwndParent,
    hdr.u5.pszbmHeader = MAKEINTRESOURCEW(IDB_CERT_HEADER);
    PropertySheetW(&hdr);
    DeleteObject(data.titleFont);
+    if (data.freePassword)
+        HeapFree(GetProcessHeap(), 0,
+         (LPWSTR)data.contextInfo.pwszPassword);
    CloseHandle(data.file);
    HeapFree(GetProcessHeap(), 0, data.fileName);
    return data.success;