Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
726acf0f
Commit
726acf0f
authored
Oct 16, 2011
by
Juan Lang
Committed by
Alexandre Julliard
Oct 17, 2011
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
shell32: Check size of input parameters before copying to fixed length buffers.
parent
dbefe8cb
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
33 additions
and
1 deletion
+33
-1
shlexec.c
dlls/shell32/shlexec.c
+33
-1
No files found.
dlls/shell32/shlexec.c
View file @
726acf0f
...
@@ -788,14 +788,25 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
...
@@ -788,14 +788,25 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
WCHAR
*
exec
;
WCHAR
*
exec
;
DWORD
ddeInst
=
0
;
DWORD
ddeInst
=
0
;
DWORD
tid
;
DWORD
tid
;
DWORD
resultLen
;
DWORD
resultLen
,
endkeyLen
;
HSZ
hszApp
,
hszTopic
;
HSZ
hszApp
,
hszTopic
;
HCONV
hConv
;
HCONV
hConv
;
HDDEDATA
hDdeData
;
HDDEDATA
hDdeData
;
unsigned
ret
=
SE_ERR_NOASSOC
;
unsigned
ret
=
SE_ERR_NOASSOC
;
BOOL
unicode
=
!
(
GetVersion
()
&
0x80000000
);
BOOL
unicode
=
!
(
GetVersion
()
&
0x80000000
);
if
(
strlenW
(
key
)
+
1
>
sizeof
(
regkey
)
/
sizeof
(
regkey
[
0
]))
{
FIXME
(
"input parameter %s larger than buffer
\n
"
,
debugstr_w
(
key
));
return
2
;
}
strcpyW
(
regkey
,
key
);
strcpyW
(
regkey
,
key
);
endkeyLen
=
sizeof
(
regkey
)
/
sizeof
(
regkey
[
0
])
-
(
endkey
-
regkey
);
if
(
strlenW
(
wApplication
)
+
1
>
endkeyLen
)
{
FIXME
(
"endkey %s overruns buffer
\n
"
,
debugstr_w
(
wApplication
));
return
2
;
}
strcpyW
(
endkey
,
wApplication
);
strcpyW
(
endkey
,
wApplication
);
applen
=
sizeof
(
app
);
applen
=
sizeof
(
app
);
if
(
RegQueryValueW
(
HKEY_CLASSES_ROOT
,
regkey
,
app
,
&
applen
)
!=
ERROR_SUCCESS
)
if
(
RegQueryValueW
(
HKEY_CLASSES_ROOT
,
regkey
,
app
,
&
applen
)
!=
ERROR_SUCCESS
)
...
@@ -809,6 +820,12 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
...
@@ -809,6 +820,12 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
/* Get application command from start string and find filename of application */
/* Get application command from start string and find filename of application */
if
(
*
start
==
'"'
)
if
(
*
start
==
'"'
)
{
{
if
(
strlenW
(
start
+
1
)
+
1
>
sizeof
(
command
)
/
sizeof
(
command
[
0
]))
{
FIXME
(
"size of input parameter %s larger than buffer
\n
"
,
debugstr_w
(
start
+
1
));
return
2
;
}
strcpyW
(
command
,
start
+
1
);
strcpyW
(
command
,
start
+
1
);
if
((
ptr
=
strchrW
(
command
,
'"'
)))
if
((
ptr
=
strchrW
(
command
,
'"'
)))
*
ptr
=
0
;
*
ptr
=
0
;
...
@@ -835,6 +852,11 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
...
@@ -835,6 +852,11 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
ERR
(
"Unable to find application path for command %s
\n
"
,
debugstr_w
(
start
));
ERR
(
"Unable to find application path for command %s
\n
"
,
debugstr_w
(
start
));
return
ERROR_ACCESS_DENIED
;
return
ERROR_ACCESS_DENIED
;
}
}
if
(
strlenW
(
ptr
)
+
1
>
sizeof
(
app
)
/
sizeof
(
app
[
0
]))
{
FIXME
(
"size of found path %s larger than buffer
\n
"
,
debugstr_w
(
ptr
));
return
2
;
}
strcpyW
(
app
,
ptr
);
strcpyW
(
app
,
ptr
);
/* Remove extensions (including .so) */
/* Remove extensions (including .so) */
...
@@ -848,6 +870,11 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
...
@@ -848,6 +870,11 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
*
ptr
=
0
;
*
ptr
=
0
;
}
}
if
(
strlenW
(
wTopic
)
+
1
>
endkeyLen
)
{
FIXME
(
"endkey %s overruns buffer
\n
"
,
debugstr_w
(
wTopic
));
return
2
;
}
strcpyW
(
endkey
,
wTopic
);
strcpyW
(
endkey
,
wTopic
);
topiclen
=
sizeof
(
topic
);
topiclen
=
sizeof
(
topic
);
if
(
RegQueryValueW
(
HKEY_CLASSES_ROOT
,
regkey
,
topic
,
&
topiclen
)
!=
ERROR_SUCCESS
)
if
(
RegQueryValueW
(
HKEY_CLASSES_ROOT
,
regkey
,
topic
,
&
topiclen
)
!=
ERROR_SUCCESS
)
...
@@ -890,6 +917,11 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
...
@@ -890,6 +917,11 @@ static unsigned dde_connect(const WCHAR* key, const WCHAR* start, WCHAR* ddeexec
SetLastError
(
ERROR_DDE_FAIL
);
SetLastError
(
ERROR_DDE_FAIL
);
return
30
;
/* whatever */
return
30
;
/* whatever */
}
}
if
(
strlenW
(
wIfexec
)
+
1
>
endkeyLen
)
{
FIXME
(
"endkey %s overruns buffer
\n
"
,
debugstr_w
(
wIfexec
));
return
2
;
}
strcpyW
(
endkey
,
wIfexec
);
strcpyW
(
endkey
,
wIfexec
);
ifexeclen
=
sizeof
(
ifexec
);
ifexeclen
=
sizeof
(
ifexec
);
if
(
RegQueryValueW
(
HKEY_CLASSES_ROOT
,
regkey
,
ifexec
,
&
ifexeclen
)
==
ERROR_SUCCESS
)
if
(
RegQueryValueW
(
HKEY_CLASSES_ROOT
,
regkey
,
ifexec
,
&
ifexeclen
)
==
ERROR_SUCCESS
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment