[PATCH 07/11] programs/cmd: detect badly quoted operand in 'if' statement
Eric Pouech
eric.pouech at gmail.com
Wed Feb 9 09:44:12 CST 2022
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52345
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
---
programs/cmd/builtins.c | 10 ++++++++++
programs/cmd/tests/interactive_builtins.cmd | 2 ++
programs/cmd/tests/interactive_builtins.cmd.exp | 2 ++
3 files changed, 14 insertions(+)
diff --git a/programs/cmd/builtins.c b/programs/cmd/builtins.c
index 2fc7e07f7aa..84befa9fc43 100644
--- a/programs/cmd/builtins.c
+++ b/programs/cmd/builtins.c
@@ -2704,6 +2704,12 @@ void WCMD_popd (void) {
LocalFree (temp);
}
+/* check that operand is either unquoted, or with opening and ending quotes */
+static BOOL is_properly_quoted(const WCHAR* str)
+{
+ return str[0] != '"' || (str[1] && str[wcslen(str) - 1] == '"');
+}
+
/*******************************************************************
* evaluate_if_comparison
*
@@ -2729,8 +2735,12 @@ static int evaluate_if_comparison(const WCHAR *leftOperand, const WCHAR *operato
/* == is a special case, as it always compares strings */
if (!lstrcmpiW(operator, L"=="))
+ {
+ if (!is_properly_quoted(leftOperand) || !is_properly_quoted(rightOperand))
+ return -1;
return caseInsensitive ? lstrcmpiW(leftOperand, rightOperand) == 0
: lstrcmpW (leftOperand, rightOperand) == 0;
+ }
/* Check if we have plain integers (in decimal, octal or hexadecimal notation) */
leftOperand_int = wcstol(leftOperand, &endptr_leftOp, 0);
diff --git a/programs/cmd/tests/interactive_builtins.cmd b/programs/cmd/tests/interactive_builtins.cmd
index 96d53f371fd..91d62ed6959 100644
--- a/programs/cmd/tests/interactive_builtins.cmd
+++ b/programs/cmd/tests/interactive_builtins.cmd
@@ -36,5 +36,7 @@ if exist c:\windows (
echo bar
)
+if x == " echo f
+rem "
echo --------- done
exit 0
diff --git a/programs/cmd/tests/interactive_builtins.cmd.exp b/programs/cmd/tests/interactive_builtins.cmd.exp
index 81114ccbd86..df4c278ca39 100644
--- a/programs/cmd/tests/interactive_builtins.cmd.exp
+++ b/programs/cmd/tests/interactive_builtins.cmd.exp
@@ -60,6 +60,8 @@ if exist c:\windows (
@more@
@more@)
bar
+if x == " echo f
+rem "
echo --------- done
--------- done
exit 0
More information about the wine-devel
mailing list