[PATCH] programs/cmd: detect badly quoted operand in 'if' statement
Eric Pouech
eric.pouech at gmail.com
Wed Jan 5 11:10:51 CST 2022
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52345
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
---
programs/cmd/builtins.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/programs/cmd/builtins.c b/programs/cmd/builtins.c
index 6966a4229b3..60bf3194a15 100644
--- a/programs/cmd/builtins.c
+++ b/programs/cmd/builtins.c
@@ -2713,6 +2713,12 @@ void WCMD_popd (void) {
LocalFree (temp);
}
+/* check that operand is either unquoted, or with opening and ending quotes */
+static BOOL is_properly_quoted(const WCHAR* str)
+{
+ return str[0] != '"' || (str[1] && str[wcslen(str) - 1] == '"');
+}
+
/*******************************************************************
* evaluate_if_comparison
*
@@ -2738,8 +2744,12 @@ static int evaluate_if_comparison(const WCHAR *leftOperand, const WCHAR *operato
/* == is a special case, as it always compares strings */
if (!lstrcmpiW(operator, L"=="))
+ {
+ if (!is_properly_quoted(leftOperand) || !is_properly_quoted(rightOperand))
+ return -1;
return caseInsensitive ? lstrcmpiW(leftOperand, rightOperand) == 0
: lstrcmpW (leftOperand, rightOperand) == 0;
+ }
/* Check if we have plain integers (in decimal, octal or hexadecimal notation) */
leftOperand_int = wcstol(leftOperand, &endptr_leftOp, 0);
More information about the wine-devel
mailing list