Damjan Jovanovic : krnl386.exe: Fix VxD filename format checks in __wine_vxd_open().

Wed Feb 23 16:00:05 CST 2022

Module: wine
Branch: master
Commit: fc4726c22500ae507999ab9f3b0d66bc6d97397d
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=fc4726c22500ae507999ab9f3b0d66bc6d97397d

Author: Damjan Jovanovic <damjan.jov at gmail.com>
Date:   Wed Feb 23 05:16:13 2022 +0200

krnl386.exe: Fix VxD filename format checks in __wine_vxd_open().

__wine_vxd_open() has several bugs. If filenameW doesn't end in
".vxd", it is wrongly
allowed to be over 8 characters long. If it does end in ".vxd", then a
maximum length
filename, eg. "12345678.vxd", always gets misdetected as being too long, as:
"lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4"
becomes 12 >= 12.

Rather do the checks for maximum filename length when we detect the
filename format.

Signed-off-by: Damjan Jovanovic <damjan.jov at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/krnl386.exe16/vxd.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/dlls/krnl386.exe16/vxd.c b/dlls/krnl386.exe16/vxd.c
index c9ce9729ec5..8a1769f23c4 100644
--- a/dlls/krnl386.exe16/vxd.c
+++ b/dlls/krnl386.exe16/vxd.c
@@ -136,29 +136,34 @@ done:
 /* load a VxD and return a file handle to it */
 HANDLE __wine_vxd_open( LPCWSTR filenameW, DWORD access, SECURITY_ATTRIBUTES *sa )
 {
-    static const WCHAR dotVxDW[] = {'.','v','x','d',0};
     int i;
     HANDLE handle;
     HMODULE module;
-    WCHAR *p, name[16];
+    WCHAR *p, name[13];
 
     /* normalize the filename */
 
-    if (lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4 ||
-        wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' ))
+    if (wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' ))
     {
         SetLastError( ERROR_FILE_NOT_FOUND );
         return 0;
     }
-    lstrcpyW( name, filenameW );
-    wcslwr( name );
-    p = wcschr( name, '.' );
-    if (!p) lstrcatW( name, dotVxDW );
-    else if (wcsicmp( p, dotVxDW ))  /* existing extension has to be .vxd */
+    p = wcschr( filenameW, '.' );
+    if (!p && lstrlenW( filenameW ) <= 8)
+    {
+        wcscpy( name, filenameW );
+        wcscat( name, L".vxd" );
+    }
+    else if (p && !wcsicmp( p, L".vxd" ) && lstrlenW( filenameW ) <= 12)  /* existing extension has to be .vxd */
+    {
+        wcscpy( name, filenameW );
+    }
+    else
     {
         SetLastError( ERROR_FILE_NOT_FOUND );
         return 0;
     }
+    wcslwr( name );
 
     /* try to load the module first */
 


