Cred bug for Unicode builds

May 8, 2013 at 7:24 AM
Edited May 8, 2013 at 11:29 AM
There is one line of code that doesn't look quite right in "cred.h" that was causing me trouble when using wide characters in my XLL.

I changed line 50 to read
_tcsncpy_s(user, _countof(user), pcred->UserName, _TRUNCATE);" 
and that solved my issue with stack corruption after calling the Cred constructor.

Best regards!

// Magnus

I added CREDUI_FLAGS_ALWAYS_SHOW_UI to the flags variable too to avoid ending up in an eternal loop in the odd event of the user entering the same credentials that can be read through CredRead() while these credentials can't be authenticated.
May 15, 2013 at 10:37 PM
Thanks Magnus. I've checked in the fix to the repository. The fix is
    _tcsncpy_s(user, CREDUI_MAX_USERNAME_LENGTH + 1, pcred->UserName, CREDUI_MAX
I did not understand your comment. Can you give me more details on how to reproduce that?

May 16, 2013 at 12:25 PM
Edited May 16, 2013 at 1:00 PM
Sorry for the messy explanation, I have a hard time understanding it myself...

Anyway, this is the text (link) describing the "CREDUI_FLAGS_ALWAYS_SHOW_UI" flag:

"Specifies that a user interface will be shown even if the credentials can be returned from an existing credential in credential manager. This flag is permitted only if CREDUI_FLAGS_GENERIC_CREDENTIALS is also specified."

This means that if the user has stored credentials "u" and "p1" in the Credential Manager but the correct password is "p" the first authentication attempt will fail and the if(!cred) condition will be triggered.

Now, if the user enters an incorrect password again ("p2") this password will be stored even it is incorrect but since it will not authenticate the jump to "reprompt" will be made.

Next time through the loop, since there are credentials stored, the dialog will not be shown but since the credentials still won't authenticate another jump to "reprompt" is made.

This results in an eternal loop!

I kind of like the way the credentials are stored even if authentication fails (there might be other reasons for authentication to fail than bad credentials) so I added the flag to always show the dialog to give the user the opportunity to break the loop.

Hope this makes more sense!

// Magnus