[PATCH] programs/cmd: don't recurse into paths longer than MAX_PATH
Eric Pouech
eric.pouech at gmail.com
Fri Mar 25 05:25:00 CDT 2022
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
---
programs/cmd/builtins.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/programs/cmd/builtins.c b/programs/cmd/builtins.c
index 963a9eaf361..3a09659e1c7 100644
--- a/programs/cmd/builtins.c
+++ b/programs/cmd/builtins.c
@@ -193,7 +193,11 @@ static BOOL WCMD_ask_confirm (const WCHAR *message, BOOL showSureText,
if (showSureText)
WCMD_output_asis (confirm);
WCMD_output_asis (options);
- WCMD_ReadFile(GetStdHandle(STD_INPUT_HANDLE), answer, ARRAY_SIZE(answer), &count);
+ if (!WCMD_ReadFile(GetStdHandle(STD_INPUT_HANDLE), answer, ARRAY_SIZE(answer), &count))
+ {
+ FIXME("Cannot handle %ls as no readable input stream\n", message);
+ return FALSE;
+ }
answer[0] = towupper(answer[0]);
if (answer[0] == Ybuffer[0])
return TRUE;
@@ -1349,6 +1353,11 @@ static BOOL WCMD_delete_one (const WCHAR *thisArg) {
DIRECTORY_STACK *nextDir;
WCHAR subParm[MAX_PATH];
+ if (wcslen(thisDir) + wcslen(fd.cFileName) + 1 + wcslen(fname) + wcslen(ext) + 1 >= MAX_PATH)
+ {
+ FIXME("too long path %ls%ls\\%ls%ls\n", thisDir, fd.cFileName, fname, ext);
+ continue;
+ }
/* Work out search parameter in sub dir */
lstrcpyW (subParm, thisDir);
lstrcatW (subParm, fd.cFileName);
@@ -1743,6 +1752,11 @@ static void WCMD_add_dirstowalk(DIRECTORY_STACK *dirsToWalk) {
WIN32_FIND_DATAW fd;
HANDLE hff;
+ if (wcslen(dirsToWalk->dirName) + 2 + 1 >= MAX_PATH)
+ {
+ WINE_FIXME("Too long path %ls\\*\n", dirsToWalk->dirName);
+ return;
+ }
/* Build a generic search and add all directories on the list of directories
still to walk */
lstrcpyW(fullitem, dirsToWalk->dirName);
@@ -1755,7 +1769,13 @@ static void WCMD_add_dirstowalk(DIRECTORY_STACK *dirsToWalk) {
(lstrcmpW(fd.cFileName, L"..") != 0) && (lstrcmpW(fd.cFileName, L".") != 0))
{
/* Allocate memory, add to list */
- DIRECTORY_STACK *toWalk = heap_xalloc(sizeof(DIRECTORY_STACK));
+ DIRECTORY_STACK *toWalk;
+ if (wcslen(dirsToWalk->dirName) + 2 + wcslen(fd.cFileName) > MAX_PATH)
+ {
+ WINE_FIXME("too long path %ls\\%ls\n", dirsToWalk->dirName, fd.cFileName);
+ continue;
+ }
+ toWalk = heap_xalloc(sizeof(DIRECTORY_STACK));
WINE_TRACE("(%p->%p)\n", remainingDirs, remainingDirs->next);
toWalk->next = remainingDirs->next;
remainingDirs->next = toWalk;
More information about the wine-devel
mailing list