[PATCH] krnl386.exe: fix VxD filename format checks in __wine_vxd_open()
Damjan Jovanovic
damjan.jov at gmail.com
Tue Feb 22 21:16:13 CST 2022
__wine_vxd_open() has several bugs. If filenameW doesn't end in
".vxd", it is wrongly
allowed to be over 8 characters long. If it does end in ".vxd", then a
maximum length
filename, eg. "12345678.vxd", always gets misdetected as being too long, as:
"lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4"
becomes 12 >= 12.
Rather do the checks for maximum filename length when we detect the
filename format.
Signed-off-by: Damjan Jovanovic <damjan.jov at gmail.com>
---
dlls/krnl386.exe16/vxd.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
-------------- next part --------------
diff --git a/dlls/krnl386.exe16/vxd.c b/dlls/krnl386.exe16/vxd.c
index 5d280fb2fda..c0f16329027 100644
--- a/dlls/krnl386.exe16/vxd.c
+++ b/dlls/krnl386.exe16/vxd.c
@@ -140,25 +140,28 @@ HANDLE __wine_vxd_open( LPCWSTR filenameW, DWORD access, SECURITY_ATTRIBUTES *sa
int i;
HANDLE handle;
HMODULE module;
- WCHAR *p, name[16];
+ WCHAR *p, name[13];
/* normalize the filename */
- if (lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4 ||
- wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' ))
+ if (wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' ))
{
SetLastError( ERROR_FILE_NOT_FOUND );
return 0;
}
- lstrcpyW( name, filenameW );
- wcslwr( name );
- p = wcschr( name, '.' );
- if (!p) lstrcatW( name, dotVxDW );
- else if (wcsicmp( p, dotVxDW )) /* existing extension has to be .vxd */
+ p = wcschr( filenameW, '.' );
+ if (!p && lstrlenW( filenameW ) <= 8) {
+ lstrcpyW( name, filenameW );
+ lstrcatW( name, dotVxDW );
+ }
+ else if (p && wcsicmp( p, dotVxDW ) == 0 && lstrlenW( filenameW ) <= 12) /* existing extension has to be .vxd */
+ lstrcpyW( name, filenameW );
+ else
{
SetLastError( ERROR_FILE_NOT_FOUND );
return 0;
}
+ wcslwr( name );
/* try to load the module first */
More information about the wine-devel
mailing list