From 66ce6998b64388cbf08f780a3b4e35f73526221d Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 8 Sep 2024 17:10:56 +0200 Subject: Windows: use wcstok_s instead of wcstok for more secure parsing of directory path --- src/Setup/Dir.c | 108 ++++++++++++++++++++++++++--------------------------- src/SetupDLL/Dir.c | 106 ++++++++++++++++++++++++++-------------------------- 2 files changed, 107 insertions(+), 107 deletions(-) diff --git a/src/Setup/Dir.c b/src/Setup/Dir.c index 3275567f..f0a89ced 100644 --- a/src/Setup/Dir.c +++ b/src/Setup/Dir.c @@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly) int -mkfulldir_internal (wchar_t *path) +mkfulldir_internal(wchar_t* path) { - wchar_t *token; - struct _stat st; - static wchar_t tokpath[_MAX_PATH]; - static wchar_t trail[_MAX_PATH]; - - if (wcslen(path) >= _MAX_PATH) - { - // directory name will be truncated so return failure to avoid unexepected behavior - return -1; - } - - StringCbCopyW (tokpath, _MAX_PATH, path); - trail[0] = L'\0'; - - token = wcstok (tokpath, L"\\/"); - - if (tokpath[0] == L'\\' && tokpath[1] == L'\\') - { /* unc */ - trail[0] = tokpath[0]; - trail[1] = tokpath[1]; - trail[2] = L'\0'; - if (token) - { - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - if (token) - { /* get share name */ - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - } - token = wcstok (NULL, L"\\/"); - } - } - - if (tokpath[1] == L':') - { /* drive letter */ - StringCbCatW (trail, _MAX_PATH, tokpath); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - while (token != NULL) - { - int x; - StringCbCatW (trail, _MAX_PATH, token); - x = _wmkdir (trail); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - return _wstat (path, &st); -} + wchar_t* token; + wchar_t* next_token = NULL; + struct _stat st; + static wchar_t tokpath[_MAX_PATH]; + static wchar_t trail[_MAX_PATH]; + + if (wcslen(path) >= _MAX_PATH) + { + // directory name will be truncated so return failure to avoid unexpected behavior + return -1; + } + + StringCbCopyW(tokpath, _MAX_PATH, path); + trail[0] = L'\0'; + + token = wcstok_s(tokpath, L"\\/", &next_token); + if (tokpath[0] == L'\\' && tokpath[1] == L'\\') + { /* unc */ + trail[0] = tokpath[0]; + trail[1] = tokpath[1]; + trail[2] = L'\0'; + if (token) + { + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + if (token) + { /* get share name */ + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + } + token = wcstok_s(NULL, L"\\/", &next_token); + } + } + + if (tokpath[1] == L':') + { /* drive letter */ + StringCbCatW(trail, _MAX_PATH, tokpath); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + while (token != NULL) + { + int x; + StringCbCatW(trail, _MAX_PATH, token); + x = _wmkdir(trail); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + return _wstat(path, &st); +} \ No newline at end of file diff --git a/src/SetupDLL/Dir.c b/src/SetupDLL/Dir.c index 3275567f..e6a5f153 100644 --- a/src/SetupDLL/Dir.c +++ b/src/SetupDLL/Dir.c @@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly) int -mkfulldir_internal (wchar_t *path) +mkfulldir_internal(wchar_t* path) { - wchar_t *token; - struct _stat st; - static wchar_t tokpath[_MAX_PATH]; - static wchar_t trail[_MAX_PATH]; - - if (wcslen(path) >= _MAX_PATH) - { - // directory name will be truncated so return failure to avoid unexepected behavior - return -1; - } - - StringCbCopyW (tokpath, _MAX_PATH, path); - trail[0] = L'\0'; - - token = wcstok (tokpath, L"\\/"); - - if (tokpath[0] == L'\\' && tokpath[1] == L'\\') - { /* unc */ - trail[0] = tokpath[0]; - trail[1] = tokpath[1]; - trail[2] = L'\0'; - if (token) - { - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - if (token) - { /* get share name */ - StringCbCatW (trail, _MAX_PATH, token); - StringCbCatW (trail, _MAX_PATH, L"\\"); - } - token = wcstok (NULL, L"\\/"); - } - } - - if (tokpath[1] == L':') - { /* drive letter */ - StringCbCatW (trail, _MAX_PATH, tokpath); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - while (token != NULL) - { - int x; - StringCbCatW (trail, _MAX_PATH, token); - x = _wmkdir (trail); - StringCbCatW (trail, _MAX_PATH, L"\\"); - token = wcstok (NULL, L"\\/"); - } - - return _wstat (path, &st); + wchar_t* token; + wchar_t* next_token = NULL; + struct _stat st; + static wchar_t tokpath[_MAX_PATH]; + static wchar_t trail[_MAX_PATH]; + + if (wcslen(path) >= _MAX_PATH) + { + // directory name will be truncated so return failure to avoid unexpected behavior + return -1; + } + + StringCbCopyW(tokpath, _MAX_PATH, path); + trail[0] = L'\0'; + + token = wcstok_s(tokpath, L"\\/", &next_token); + if (tokpath[0] == L'\\' && tokpath[1] == L'\\') + { /* unc */ + trail[0] = tokpath[0]; + trail[1] = tokpath[1]; + trail[2] = L'\0'; + if (token) + { + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + if (token) + { /* get share name */ + StringCbCatW(trail, _MAX_PATH, token); + StringCbCatW(trail, _MAX_PATH, L"\\"); + } + token = wcstok_s(NULL, L"\\/", &next_token); + } + } + + if (tokpath[1] == L':') + { /* drive letter */ + StringCbCatW(trail, _MAX_PATH, tokpath); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + while (token != NULL) + { + int x; + StringCbCatW(trail, _MAX_PATH, token); + x = _wmkdir(trail); + StringCbCatW(trail, _MAX_PATH, L"\\"); + token = wcstok_s(NULL, L"\\/", &next_token); + } + + return _wstat(path, &st); } -- cgit v1.2.3