From: Eric Pouech eric.pouech@gmail.com
Signed-off-by: Eric Pouech eric.pouech@gmail.com --- programs/cmd/builtins.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/programs/cmd/builtins.c b/programs/cmd/builtins.c index dd3ebf76d50..5ae5a129d90 100644 --- a/programs/cmd/builtins.c +++ b/programs/cmd/builtins.c @@ -1355,6 +1355,11 @@ static BOOL WCMD_delete_one (const WCHAR *thisArg) { DIRECTORY_STACK *nextDir; WCHAR subParm[MAX_PATH];
+ if (wcslen(thisDir) + wcslen(fd.cFileName) + 1 + wcslen(fname) + wcslen(ext) >= MAX_PATH) + { + WINE_TRACE("Skipping path too long %ls%ls\%ls%ls\n", thisDir, fd.cFileName, fname, ext); + continue; + } /* Work out search parameter in sub dir */ lstrcpyW (subParm, thisDir); lstrcatW (subParm, fd.cFileName); @@ -1761,7 +1766,13 @@ static void WCMD_add_dirstowalk(DIRECTORY_STACK *dirsToWalk) { (lstrcmpW(fd.cFileName, L"..") != 0) && (lstrcmpW(fd.cFileName, L".") != 0)) { /* Allocate memory, add to list */ - DIRECTORY_STACK *toWalk = heap_xalloc(sizeof(DIRECTORY_STACK)); + DIRECTORY_STACK *toWalk; + if (wcslen(dirsToWalk->dirName) + 1 + wcslen(fd.cFileName) >= MAX_PATH) + { + WINE_TRACE("Skipping too long path %ls\%ls\n", dirsToWalk->dirName, fd.cFileName); + continue; + } + toWalk = heap_xalloc(sizeof(DIRECTORY_STACK)); WINE_TRACE("(%p->%p)\n", remainingDirs, remainingDirs->next); toWalk->next = remainingDirs->next; remainingDirs->next = toWalk; @@ -2321,6 +2332,11 @@ void WCMD_for (WCHAR *p, CMD_LIST **cmdList) { WINE_TRACE("Processing FOR filename %s\n", wine_dbgstr_w(fd.cFileName));
if (doRecurse) { + if (wcslen(dirsToWalk->dirName) + 1 + wcslen(fd.cFileName) >= MAX_PATH) + { + WINE_TRACE("Skipping too long path %ls\%ls\n", dirsToWalk->dirName, fd.cFileName); + continue; + } lstrcpyW(fullitem, dirsToWalk->dirName); lstrcatW(fullitem, L"\"); lstrcatW(fullitem, fd.cFileName);