Damjan Jovanovic : krnl386.exe: Fix VxD filename format checks in __wine_vxd_open().
Module: wine Branch: master Commit: fc4726c22500ae507999ab9f3b0d66bc6d97397d URL: https://source.winehq.org/git/wine.git/?a=commit;h=fc4726c22500ae507999ab9f3... Author: Damjan Jovanovic <damjan.jov(a)gmail.com> Date: Wed Feb 23 05:16:13 2022 +0200 krnl386.exe: Fix VxD filename format checks in __wine_vxd_open(). __wine_vxd_open() has several bugs. If filenameW doesn't end in ".vxd", it is wrongly allowed to be over 8 characters long. If it does end in ".vxd", then a maximum length filename, eg. "12345678.vxd", always gets misdetected as being too long, as: "lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4" becomes 12 >= 12. Rather do the checks for maximum filename length when we detect the filename format. Signed-off-by: Damjan Jovanovic <damjan.jov(a)gmail.com> Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> --- dlls/krnl386.exe16/vxd.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/dlls/krnl386.exe16/vxd.c b/dlls/krnl386.exe16/vxd.c index c9ce9729ec5..8a1769f23c4 100644 --- a/dlls/krnl386.exe16/vxd.c +++ b/dlls/krnl386.exe16/vxd.c @@ -136,29 +136,34 @@ done: /* load a VxD and return a file handle to it */ HANDLE __wine_vxd_open( LPCWSTR filenameW, DWORD access, SECURITY_ATTRIBUTES *sa ) { - static const WCHAR dotVxDW[] = {'.','v','x','d',0}; int i; HANDLE handle; HMODULE module; - WCHAR *p, name[16]; + WCHAR *p, name[13]; /* normalize the filename */ - if (lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4 || - wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' )) + if (wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' )) { SetLastError( ERROR_FILE_NOT_FOUND ); return 0; } - lstrcpyW( name, filenameW ); - wcslwr( name ); - p = wcschr( name, '.' ); - if (!p) lstrcatW( name, dotVxDW ); - else if (wcsicmp( p, dotVxDW )) /* existing extension has to be .vxd */ + p = wcschr( filenameW, '.' ); + if (!p && lstrlenW( filenameW ) <= 8) + { + wcscpy( name, filenameW ); + wcscat( name, L".vxd" ); + } + else if (p && !wcsicmp( p, L".vxd" ) && lstrlenW( filenameW ) <= 12) /* existing extension has to be .vxd */ + { + wcscpy( name, filenameW ); + } + else { SetLastError( ERROR_FILE_NOT_FOUND ); return 0; } + wcslwr( name ); /* try to load the module first */
participants (1)
-
Alexandre Julliard