[PATCH 3/4] [programs/cmd] Expand the storage space for qualifiers

Jason Edmeades us at edmeades.me.uk
Sun Jul 15 17:15:28 CDT 2018 

Fixes bug#40742

When parsing a command, after the first '/' we store the characters away
in quals. The command itself can be MAXSTRING in bytes, but the quals was
limited to MAX_PATH. This is incorrect, as you can provide very long
qualifiers as well. Expand the space to allow the maximum size possible.

According to the bug, this can be triggered causing a trap - I tried hard
to get a trap, unsuccessfully, but I was able to prove that the quals was
being filled to a size far greater than the allocated space, verifying this
problem was valid.

The patch itself was originally attached to bug 40742 by 'Brian' but was
never submitted. I've remade the patch (not that you can tell, as it ends up
identical) and verified it is valid. Not sure how to give credit to the
original author in this case, but adding my sign-off.

Signed-off-by: Jason Edmeades <us at edmeades.me.uk>
---
 programs/cmd/wcmd.h     | 2 +-
 programs/cmd/wcmdmain.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/cmd/wcmd.h b/programs/cmd/wcmd.h
index d4d97a0067..8d6eb6b48e 100644
--- a/programs/cmd/wcmd.h
+++ b/programs/cmd/wcmd.h
@@ -204,7 +204,7 @@ typedef struct _FOR_CONTEXT {
  * (uppercased and concatenated) and parameters entered, with environment
  * variables and batch parameters substitution already done.
  */
-extern WCHAR quals[MAX_PATH], param1[MAXSTRING], param2[MAXSTRING];
+extern WCHAR quals[MAXSTRING], param1[MAXSTRING], param2[MAXSTRING];
 extern DWORD errorlevel;
 extern BATCH_CONTEXT *context;
 extern FOR_CONTEXT forloopcontext;
diff --git a/programs/cmd/wcmdmain.c b/programs/cmd/wcmdmain.c
index 0d02f1f388..8fe2d574e5 100644
--- a/programs/cmd/wcmdmain.c
+++ b/programs/cmd/wcmdmain.c
@@ -38,7 +38,7 @@ extern struct env_stack *pushd_directories;
 
 BATCH_CONTEXT *context = NULL;
 DWORD errorlevel;
-WCHAR quals[MAX_PATH], param1[MAXSTRING], param2[MAXSTRING];
+WCHAR quals[MAXSTRING], param1[MAXSTRING], param2[MAXSTRING];
 BOOL  interactive;
 FOR_CONTEXT forloopcontext; /* The 'for' loop context */
 BOOL delayedsubst = FALSE; /* The current delayed substitution setting */
-- 
2.17.1

More information about the wine-devel mailing list