VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2024-09-08 17:10:56 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2024-09-08 17:10:56 +0200
commit66ce6998b64388cbf08f780a3b4e35f73526221d (patch)
tree48a2d106e3745c8a1a94782cb63dec79eaf33d98
parentb2e55df00cb7e9569f66c2496d52201cf7934487 (diff)
downloadVeraCrypt-66ce6998b64388cbf08f780a3b4e35f73526221d.tar.gz
VeraCrypt-66ce6998b64388cbf08f780a3b4e35f73526221d.zip
Windows: use wcstok_s instead of wcstok for more secure parsing of directory path
-rw-r--r--src/Setup/Dir.c108
-rw-r--r--src/SetupDLL/Dir.c106
2 files changed, 107 insertions, 107 deletions
diff --git a/src/Setup/Dir.c b/src/Setup/Dir.c
index 3275567f..f0a89ced 100644
--- a/src/Setup/Dir.c
+++ b/src/Setup/Dir.c
@@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
int
-mkfulldir_internal (wchar_t *path)
+mkfulldir_internal(wchar_t* path)
{
- wchar_t *token;
- struct _stat st;
- static wchar_t tokpath[_MAX_PATH];
- static wchar_t trail[_MAX_PATH];
-
- if (wcslen(path) >= _MAX_PATH)
- {
- // directory name will be truncated so return failure to avoid unexepected behavior
- return -1;
- }
-
- StringCbCopyW (tokpath, _MAX_PATH, path);
- trail[0] = L'\0';
-
- token = wcstok (tokpath, L"\\/");
-
- if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
- { /* unc */
- trail[0] = tokpath[0];
- trail[1] = tokpath[1];
- trail[2] = L'\0';
- if (token)
- {
- StringCbCatW (trail, _MAX_PATH, token);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- token = wcstok (NULL, L"\\/");
- if (token)
- { /* get share name */
- StringCbCatW (trail, _MAX_PATH, token);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- }
- token = wcstok (NULL, L"\\/");
- }
- }
-
- if (tokpath[1] == L':')
- { /* drive letter */
- StringCbCatW (trail, _MAX_PATH, tokpath);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- token = wcstok (NULL, L"\\/");
- }
-
- while (token != NULL)
- {
- int x;
- StringCbCatW (trail, _MAX_PATH, token);
- x = _wmkdir (trail);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- token = wcstok (NULL, L"\\/");
- }
-
- return _wstat (path, &st);
-}
+ wchar_t* token;
+ wchar_t* next_token = NULL;
+ struct _stat st;
+ static wchar_t tokpath[_MAX_PATH];
+ static wchar_t trail[_MAX_PATH];
+
+ if (wcslen(path) >= _MAX_PATH)
+ {
+ // directory name will be truncated so return failure to avoid unexpected behavior
+ return -1;
+ }
+
+ StringCbCopyW(tokpath, _MAX_PATH, path);
+ trail[0] = L'\0';
+
+ token = wcstok_s(tokpath, L"\\/", &next_token);
+ if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
+ { /* unc */
+ trail[0] = tokpath[0];
+ trail[1] = tokpath[1];
+ trail[2] = L'\0';
+ if (token)
+ {
+ StringCbCatW(trail, _MAX_PATH, token);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ if (token)
+ { /* get share name */
+ StringCbCatW(trail, _MAX_PATH, token);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ }
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ }
+ }
+
+ if (tokpath[1] == L':')
+ { /* drive letter */
+ StringCbCatW(trail, _MAX_PATH, tokpath);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ }
+
+ while (token != NULL)
+ {
+ int x;
+ StringCbCatW(trail, _MAX_PATH, token);
+ x = _wmkdir(trail);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ }
+
+ return _wstat(path, &st);
+} \ No newline at end of file
diff --git a/src/SetupDLL/Dir.c b/src/SetupDLL/Dir.c
index 3275567f..e6a5f153 100644
--- a/src/SetupDLL/Dir.c
+++ b/src/SetupDLL/Dir.c
@@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
int
-mkfulldir_internal (wchar_t *path)
+mkfulldir_internal(wchar_t* path)
{
- wchar_t *token;
- struct _stat st;
- static wchar_t tokpath[_MAX_PATH];
- static wchar_t trail[_MAX_PATH];
-
- if (wcslen(path) >= _MAX_PATH)
- {
- // directory name will be truncated so return failure to avoid unexepected behavior
- return -1;
- }
-
- StringCbCopyW (tokpath, _MAX_PATH, path);
- trail[0] = L'\0';
-
- token = wcstok (tokpath, L"\\/");
-
- if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
- { /* unc */
- trail[0] = tokpath[0];
- trail[1] = tokpath[1];
- trail[2] = L'\0';
- if (token)
- {
- StringCbCatW (trail, _MAX_PATH, token);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- token = wcstok (NULL, L"\\/");
- if (token)
- { /* get share name */
- StringCbCatW (trail, _MAX_PATH, token);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- }
- token = wcstok (NULL, L"\\/");
- }
- }
-
- if (tokpath[1] == L':')
- { /* drive letter */
- StringCbCatW (trail, _MAX_PATH, tokpath);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- token = wcstok (NULL, L"\\/");
- }
-
- while (token != NULL)
- {
- int x;
- StringCbCatW (trail, _MAX_PATH, token);
- x = _wmkdir (trail);
- StringCbCatW (trail, _MAX_PATH, L"\\");
- token = wcstok (NULL, L"\\/");
- }
-
- return _wstat (path, &st);
+ wchar_t* token;
+ wchar_t* next_token = NULL;
+ struct _stat st;
+ static wchar_t tokpath[_MAX_PATH];
+ static wchar_t trail[_MAX_PATH];
+
+ if (wcslen(path) >= _MAX_PATH)
+ {
+ // directory name will be truncated so return failure to avoid unexpected behavior
+ return -1;
+ }
+
+ StringCbCopyW(tokpath, _MAX_PATH, path);
+ trail[0] = L'\0';
+
+ token = wcstok_s(tokpath, L"\\/", &next_token);
+ if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
+ { /* unc */
+ trail[0] = tokpath[0];
+ trail[1] = tokpath[1];
+ trail[2] = L'\0';
+ if (token)
+ {
+ StringCbCatW(trail, _MAX_PATH, token);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ if (token)
+ { /* get share name */
+ StringCbCatW(trail, _MAX_PATH, token);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ }
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ }
+ }
+
+ if (tokpath[1] == L':')
+ { /* drive letter */
+ StringCbCatW(trail, _MAX_PATH, tokpath);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ }
+
+ while (token != NULL)
+ {
+ int x;
+ StringCbCatW(trail, _MAX_PATH, token);
+ x = _wmkdir(trail);
+ StringCbCatW(trail, _MAX_PATH, L"\\");
+ token = wcstok_s(NULL, L"\\/", &next_token);
+ }
+
+ return _wstat(path, &st);
}