[PATCH] programs/cmd: don't recurse into paths longer than MAX_PATH

25 Mar 2022

Signed-off-by: Eric Pouech eric.pouech@gmail.com
---
 programs/cmd/builtins.c |   24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/programs/cmd/builtins.c b/programs/cmd/builtins.c
index 963a9eaf361..3a09659e1c7 100644
--- a/programs/cmd/builtins.c
+++ b/programs/cmd/builtins.c
@@ -193,7 +193,11 @@ static BOOL WCMD_ask_confirm (const WCHAR *message, BOOL showSureText,
       if (showSureText)
         WCMD_output_asis (confirm);
       WCMD_output_asis (options);
-      WCMD_ReadFile(GetStdHandle(STD_INPUT_HANDLE), answer, ARRAY_SIZE(answer), &count);
+      if (!WCMD_ReadFile(GetStdHandle(STD_INPUT_HANDLE), answer, ARRAY_SIZE(answer), &count))
+      {
+          FIXME("Cannot handle %ls as no readable input stream\n", message);
+          return FALSE;
+      }
       answer[0] = towupper(answer[0]);
       if (answer[0] == Ybuffer[0])
         return TRUE;
@@ -1349,6 +1353,11 @@ static BOOL WCMD_delete_one (const WCHAR *thisArg) {
             DIRECTORY_STACK *nextDir;
             WCHAR subParm[MAX_PATH];
+            if (wcslen(thisDir) + wcslen(fd.cFileName) + 1 + wcslen(fname) + wcslen(ext) + 1 >= MAX_PATH)
+            {
+                FIXME("too long path %ls%ls\%ls%ls\n", thisDir, fd.cFileName, fname, ext);
+                continue;
+            }
             /* Work out search parameter in sub dir */
             lstrcpyW (subParm, thisDir);
             lstrcatW (subParm, fd.cFileName);
@@ -1743,6 +1752,11 @@ static void WCMD_add_dirstowalk(DIRECTORY_STACK *dirsToWalk) {
   WIN32_FIND_DATAW fd;
   HANDLE hff;
+  if (wcslen(dirsToWalk->dirName) + 2 + 1 >= MAX_PATH)
+  {
+      WINE_FIXME("Too long path %ls\*\n", dirsToWalk->dirName);
+      return;
+  }
   /* Build a generic search and add all directories on the list of directories
      still to walk                                                             */
   lstrcpyW(fullitem, dirsToWalk->dirName);
@@ -1755,7 +1769,13 @@ static void WCMD_add_dirstowalk(DIRECTORY_STACK *dirsToWalk) {
           (lstrcmpW(fd.cFileName, L"..") != 0) && (lstrcmpW(fd.cFileName, L".") != 0))
       {
         /* Allocate memory, add to list */
-        DIRECTORY_STACK *toWalk = heap_xalloc(sizeof(DIRECTORY_STACK));
+        DIRECTORY_STACK *toWalk;
+        if (wcslen(dirsToWalk->dirName) + 2 + wcslen(fd.cFileName) > MAX_PATH)
+        {
+            WINE_FIXME("too long path %ls\%ls\n", dirsToWalk->dirName, fd.cFileName);
+            continue;
+        }
+        toWalk = heap_xalloc(sizeof(DIRECTORY_STACK));
         WINE_TRACE("(%p->%p)\n", remainingDirs, remainingDirs->next);
         toWalk->next = remainingDirs->next;
         remainingDirs->next = toWalk;

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[PATCH] programs/cmd: don't recurse into paths longer than MAX_PATH