diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-09-08 17:10:56 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-09-08 17:10:56 +0200 |
commit | 66ce6998b64388cbf08f780a3b4e35f73526221d (patch) | |
tree | 48a2d106e3745c8a1a94782cb63dec79eaf33d98 | |
parent | b2e55df00cb7e9569f66c2496d52201cf7934487 (diff) | |
download | VeraCrypt-66ce6998b64388cbf08f780a3b4e35f73526221d.tar.gz VeraCrypt-66ce6998b64388cbf08f780a3b4e35f73526221d.zip |
Windows: use wcstok_s instead of wcstok for more secure parsing of directory path
-rw-r--r-- | src/Setup/Dir.c | 108 | ||||
-rw-r--r-- | src/SetupDLL/Dir.c | 106 |
2 files changed, 107 insertions, 107 deletions
diff --git a/src/Setup/Dir.c b/src/Setup/Dir.c index 3275567f..f0a89ced 100644 --- a/src/Setup/Dir.c +++ b/src/Setup/Dir.c @@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly) int -mkfulldir_internal (wchar_t *path) +mkfulldir_internal(wchar_t* path) { - wchar_t *token; - struct _stat st; - static wchar_t tokpath[_MAX_PATH]; - static wchar_t trail[_MAX_PATH]; - - if (wcslen(path) >= _MAX_PATH) - { - // directory name will be truncated so return failure to avoid unexepected behavior - return -1; - } - - StringCbCopyW (tokpath, _MAX_PATH, path); - trail[0] = L'\0'; - - token = wcstok (tokpath, L"\\/"); - - if (tokpath[0] == L'\\' && tokpath[1] == L'\\') - { /* unc */ - trail[0] = tokpath[0]; - trail[1] = tokpath[1]; - trail[2] = L'\0'; - if (token) - { - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - if (token) - { /* get share name */ - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - } - token = wcstok (NULL, L"\\/"); - } - } - - if (tokpath[1] == L':') - { /* drive letter */ - StringCbCatW (trail, _MAX_PATH, tokpath); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - while (token != NULL) - { - int x; - StringCbCatW (trail, _MAX_PATH, token); - x = _wmkdir (trail); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - return _wstat (path, &st); -} + wchar_t* token; + wchar_t* next_token = NULL; + struct _stat st; + static wchar_t tokpath[_MAX_PATH]; + static wchar_t trail[_MAX_PATH]; + + if (wcslen(path) >= _MAX_PATH) + { + // directory name will be truncated so return failure to avoid unexpected behavior + return -1; + } + + StringCbCopyW(tokpath, _MAX_PATH, path); + trail[0] = L'\0'; + + token = wcstok_s(tokpath, L"\\/", &next_token); + if (tokpath[0] == L'\\' && tokpath[1] == L'\\') + { /* unc */ + trail[0] = tokpath[0]; + trail[1] = tokpath[1]; + trail[2] = L'\0'; + if (token) + { + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + if (token) + { /* get share name */ + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + } + token = wcstok_s(NULL, L"\\/", &next_token); + } + } + + if (tokpath[1] == L':') + { /* drive letter */ + StringCbCatW(trail, _MAX_PATH, tokpath); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + while (token != NULL) + { + int x; + StringCbCatW(trail, _MAX_PATH, token); + x = _wmkdir(trail); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + return _wstat(path, &st); +}
\ No newline at end of file diff --git a/src/SetupDLL/Dir.c b/src/SetupDLL/Dir.c index 3275567f..e6a5f153 100644 --- a/src/SetupDLL/Dir.c +++ b/src/SetupDLL/Dir.c @@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly) int -mkfulldir_internal (wchar_t *path) +mkfulldir_internal(wchar_t* path) { - wchar_t *token; - struct _stat st; - static wchar_t tokpath[_MAX_PATH]; - static wchar_t trail[_MAX_PATH]; - - if (wcslen(path) >= _MAX_PATH) - { - // directory name will be truncated so return failure to avoid unexepected behavior - return -1; - } - - StringCbCopyW (tokpath, _MAX_PATH, path); - trail[0] = L'\0'; - - token = wcstok (tokpath, L"\\/"); - - if (tokpath[0] == L'\\' && tokpath[1] == L'\\') - { /* unc */ - trail[0] = tokpath[0]; - trail[1] = tokpath[1]; - trail[2] = L'\0'; - if (token) - { - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - if (token) - { /* get share name */ - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - } - token = wcstok (NULL, L"\\/"); - } - } - - if (tokpath[1] == L':') - { /* drive letter */ - StringCbCatW (trail, _MAX_PATH, tokpath); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - while (token != NULL) - { - int x; - StringCbCatW (trail, _MAX_PATH, token); - x = _wmkdir (trail); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - return _wstat (path, &st); + wchar_t* token; + wchar_t* next_token = NULL; + struct _stat st; + static wchar_t tokpath[_MAX_PATH]; + static wchar_t trail[_MAX_PATH]; + + if (wcslen(path) >= _MAX_PATH) + { + // directory name will be truncated so return failure to avoid unexpected behavior + return -1; + } + + StringCbCopyW(tokpath, _MAX_PATH, path); + trail[0] = L'\0'; + + token = wcstok_s(tokpath, L"\\/", &next_token); + if (tokpath[0] == L'\\' && tokpath[1] == L'\\') + { /* unc */ + trail[0] = tokpath[0]; + trail[1] = tokpath[1]; + trail[2] = L'\0'; + if (token) + { + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + if (token) + { /* get share name */ + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + } + token = wcstok_s(NULL, L"\\/", &next_token); + } + } + + if (tokpath[1] == L':') + { /* drive letter */ + StringCbCatW(trail, _MAX_PATH, tokpath); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + while (token != NULL) + { + int x; + StringCbCatW(trail, _MAX_PATH, token); + x = _wmkdir(trail); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + return _wstat(path, &st); } |