[PATCH 7/7] programs/cmd: detect badly quoted operand in 'if' statement

Eric Pouech eric.pouech at gmail.com
Wed Feb 2 06:20:28 CST 2022 

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52345
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>

---
 programs/cmd/builtins.c                         |   10 ++++++++++
 programs/cmd/tests/interactive_builtins.cmd     |    2 ++
 programs/cmd/tests/interactive_builtins.cmd.exp |    2 ++
 3 files changed, 14 insertions(+)

diff --git a/programs/cmd/builtins.c b/programs/cmd/builtins.c
index 2fc7e07f7aa..84befa9fc43 100644
--- a/programs/cmd/builtins.c
+++ b/programs/cmd/builtins.c
@@ -2704,6 +2704,12 @@ void WCMD_popd (void) {
     LocalFree (temp);
 }
 
+/* check that operand is either unquoted, or with opening and ending quotes */
+static BOOL is_properly_quoted(const WCHAR* str)
+{
+    return str[0] != '"' || (str[1] && str[wcslen(str) - 1] == '"');
+}
+
 /*******************************************************************
  * evaluate_if_comparison
  *
@@ -2729,8 +2735,12 @@ static int evaluate_if_comparison(const WCHAR *leftOperand, const WCHAR *operato
 
     /* == is a special case, as it always compares strings */
     if (!lstrcmpiW(operator, L"=="))
+    {
+        if (!is_properly_quoted(leftOperand) || !is_properly_quoted(rightOperand))
+            return -1;
         return caseInsensitive ? lstrcmpiW(leftOperand, rightOperand) == 0
                                : lstrcmpW (leftOperand, rightOperand) == 0;
+    }
 
     /* Check if we have plain integers (in decimal, octal or hexadecimal notation) */
     leftOperand_int = wcstol(leftOperand, &endptr_leftOp, 0);
diff --git a/programs/cmd/tests/interactive_builtins.cmd b/programs/cmd/tests/interactive_builtins.cmd
index 96d53f371fd..91d62ed6959 100644
--- a/programs/cmd/tests/interactive_builtins.cmd
+++ b/programs/cmd/tests/interactive_builtins.cmd
@@ -36,5 +36,7 @@ if exist c:\windows (
   echo bar
 
 )
+if x == " echo f
+rem "
 echo --------- done
 exit 0
diff --git a/programs/cmd/tests/interactive_builtins.cmd.exp b/programs/cmd/tests/interactive_builtins.cmd.exp
index 81114ccbd86..df4c278ca39 100644
--- a/programs/cmd/tests/interactive_builtins.cmd.exp
+++ b/programs/cmd/tests/interactive_builtins.cmd.exp
@@ -60,6 +60,8 @@ if exist c:\windows (
 @more@
 @more@)
 bar
+if x == " echo f
+rem "
 echo --------- done
 --------- done
 exit 0

More information about the wine-devel mailing list