Alexandre Julliard : shell32: Validate the destination name in IShellFolder::SetNameOf. - wine-commits

14 Sep 2021

Module: wine
Branch: master
Commit: 1dcd1fe613dfaf3d0ca256975b1bf164a009e944
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=1dcd1fe613dfaf3d0ca256975...
Author: Alexandre Julliard julliard@winehq.org
Date:   Tue Sep 14 12:39:05 2021 +0200
shell32: Validate the destination name in IShellFolder::SetNameOf.
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/shell32/shfldr_fs.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/dlls/shell32/shfldr_fs.c b/dlls/shell32/shfldr_fs.c
index e298cc18bd2..902910e55bb 100644
--- a/dlls/shell32/shfldr_fs.c
+++ b/dlls/shell32/shfldr_fs.c
@@ -883,6 +883,7 @@ static HRESULT WINAPI IShellFolder_fnSetNameOf (IShellFolder2 * iface,
                                                 DWORD dwFlags,
                                                 LPITEMIDLIST * pPidlOut)
 {
+    static const WCHAR invalid_chars[] = { '\','/',':','*','?','"','<','>','|',0 };
     IGenericSFImpl *This = impl_from_IShellFolder2(iface);
     WCHAR szSrc[MAX_PATH + 1], szDest[MAX_PATH + 1];
     LPWSTR ptr;
@@ -891,20 +892,20 @@ static HRESULT WINAPI IShellFolder_fnSetNameOf (IShellFolder2 * iface,
     TRACE ("(%p)->(%p,pidl=%p,%s,%u,%p)\n", This, hwndOwner, pidl,
      debugstr_w (lpName), dwFlags, pPidlOut);
+    /* pidl has to contain a single non-empty SHITEMID */
+    if (_ILIsDesktop(pidl) || !_ILIsPidlSimple(pidl) || !_ILGetTextPointer(pidl)) return E_INVALIDARG;
+
+    if (strpbrkW( lpName, invalid_chars )) return HRESULT_FROM_WIN32(ERROR_CANCELLED);
+
     /* build source path */
     lstrcpynW(szSrc, This->sPathTarget, MAX_PATH);
     ptr = PathAddBackslashW (szSrc);
-    if (ptr)
-        _ILSimpleGetTextW (pidl, ptr, MAX_PATH + 1 - (ptr - szSrc));
+    _ILSimpleGetTextW (pidl, ptr, MAX_PATH + 1 - (ptr - szSrc));
/* build destination path */
-    if (dwFlags == SHGDN_NORMAL || dwFlags & SHGDN_INFOLDER) {
-        lstrcpynW(szDest, This->sPathTarget, MAX_PATH);
-        ptr = PathAddBackslashW (szDest);
-        if (ptr)
-            lstrcpynW(ptr, lpName, MAX_PATH + 1 - (ptr - szDest));
-    } else
-        lstrcpynW(szDest, lpName, MAX_PATH);
+    lstrcpynW(szDest, This->sPathTarget, MAX_PATH);
+    ptr = PathAddBackslashW (szDest);
+    lstrcpynW(ptr, lpName, MAX_PATH + 1 - (ptr - szDest));
if(!(dwFlags & SHGDN_FORPARSING) && SHELL_FS_HideExtension(szSrc)) {
         WCHAR *ext = PathFindExtensionW(szSrc);

    