From c47188e6c2394c2dbeafb079ecb05a6af46cf63c Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Fri, 16 Nov 2007 12:39:15 -0800 Subject: [PATCH] Use a helper function for executing a found executable --- dlls/shell32/shlexec.c | 44 +++++++++++++++++++++++++++----------------- 1 files changed, 27 insertions(+), 17 deletions(-) diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c index b68c9a2..5b1a625 100644 --- a/dlls/shell32/shlexec.c +++ b/dlls/shell32/shlexec.c @@ -1366,12 +1366,35 @@ static BOOL SHELL_translate_idlist( LPSH return appKnownSingular; } +static UINT_PTR SHELL_quote_and_execute( LPCWSTR wcmd, LPCWSTR wszParameters, LPWSTR lpstrProtocol, LPCWSTR wszApplicationName, LPWSTR env, LPSHELLEXECUTEINFOW psei, LPSHELLEXECUTEINFOW psei_out, SHELL_ExecuteW32 execfunc ) +{ + static const WCHAR wQuote[] = {'"',0}; + static const WCHAR wSpace[] = {' ',0}; + UINT_PTR retval; + WCHAR wszQuotedCmd[MAX_PATH+2]; + /* Must quote to handle case where cmd contains spaces, + * else security hole if malicious user creates executable file "C:\\Program" + */ + strcpyW(wszQuotedCmd, wQuote); + strcatW(wszQuotedCmd, wcmd); + strcatW(wszQuotedCmd, wQuote); + if (wszParameters[0]) { + strcatW(wszQuotedCmd, wSpace); + strcatW(wszQuotedCmd, wszParameters); + } + TRACE("%s/%s => %s/%s\n", debugstr_w(wszApplicationName), debugstr_w(psei->lpVerb), debugstr_w(wszQuotedCmd), debugstr_w(lpstrProtocol)); + if (*lpstrProtocol) + retval = execute_from_key(lpstrProtocol, wszApplicationName, env, psei->lpParameters, wcmd, execfunc, psei, psei_out); + else + retval = execfunc(wszQuotedCmd, env, FALSE, psei, psei_out); + return retval; +} + /************************************************************************* * SHELL_execute [Internal] */ BOOL SHELL_execute( LPSHELLEXECUTEINFOW sei, SHELL_ExecuteW32 execfunc ) { - static const WCHAR wQuote[] = {'"',0}; static const WCHAR wSpace[] = {' ',0}; static const WCHAR wWww[] = {'w','w','w',0}; static const WCHAR wFile[] = {'f','i','l','e',0}; @@ -1666,22 +1689,9 @@ BOOL SHELL_execute( LPSHELLEXECUTEINFOW retval = SHELL_FindExecutable(sei_tmp.lpDirectory, lpFile, sei_tmp.lpVerb, wcmd, 1024, lpstrProtocol, &env, sei_tmp.lpIDList, sei_tmp.lpParameters); if (retval > 32) /* Found */ { - WCHAR wszQuotedCmd[MAX_PATH+2]; - /* Must quote to handle case where cmd contains spaces, - * else security hole if malicious user creates executable file "C:\\Program" - */ - strcpyW(wszQuotedCmd, wQuote); - strcatW(wszQuotedCmd, wcmd); - strcatW(wszQuotedCmd, wQuote); - if (wszParameters[0]) { - strcatW(wszQuotedCmd, wSpace); - strcatW(wszQuotedCmd, wszParameters); - } - TRACE("%s/%s => %s/%s\n", debugstr_w(wszApplicationName), debugstr_w(sei_tmp.lpVerb), debugstr_w(wszQuotedCmd), debugstr_w(lpstrProtocol)); - if (*lpstrProtocol) - retval = execute_from_key(lpstrProtocol, wszApplicationName, env, sei_tmp.lpParameters, wcmd, execfunc, &sei_tmp, sei); - else - retval = execfunc(wszQuotedCmd, env, FALSE, &sei_tmp, sei); + retval = SHELL_quote_and_execute( wcmd, wszParameters, lpstrProtocol, + wszApplicationName, env, &sei_tmp, + sei, execfunc ); HeapFree( GetProcessHeap(), 0, env ); } else if (PathIsURLW(lpFile)) /* File not found, check for URL */ -- 1.4.1