[PATCH v2] winspool: Filter invalid characters when creating the PPD filename. - wine-devel

10 Mar 2021

From: Owen Rudge orudge@codeweavers.com
Fixes potential crash when trying to print if a CUPS printer name
contains an asterisk.
Signed-off-by: Owen Rudge orudge@codeweavers.com
Signed-off-by: Huw Davies huw@codeweavers.com
---
 dlls/winspool.drv/info.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/dlls/winspool.drv/info.c b/dlls/winspool.drv/info.c
index fb9c1599d38..ed55761e29b 100644
--- a/dlls/winspool.drv/info.c
+++ b/dlls/winspool.drv/info.c
@@ -721,13 +721,18 @@ fail:
 static WCHAR *get_ppd_filename( const WCHAR *dir, const WCHAR *file_name )
 {
     static const WCHAR dot_ppd[] = {'.','p','p','d',0};
-    int len = (strlenW( dir ) + strlenW( file_name )) * sizeof(WCHAR) + sizeof(dot_ppd);
-    WCHAR *ppd = HeapAlloc( GetProcessHeap(), 0, len );
+    static const WCHAR escape_chars[] = {'*','/','\',0};
+    int dir_len = strlenW( dir ), file_len = strlenW( file_name );
+    int len = (dir_len + file_len + ARRAY_SIZE( dot_ppd )) * sizeof(WCHAR);
+    WCHAR *ppd = HeapAlloc( GetProcessHeap(), 0, len ), *p;
if (!ppd) return NULL;
-    strcpyW( ppd, dir );
-    strcatW( ppd, file_name );
-    strcatW( ppd, dot_ppd );
+    memcpy( ppd, dir, dir_len * sizeof(WCHAR) );
+    memcpy( ppd + dir_len, file_name, file_len * sizeof(WCHAR) );
+    memcpy( ppd + dir_len + file_len, dot_ppd, sizeof(dot_ppd) );
+
+    p = ppd + dir_len;
+    while ((p = strpbrkW( p, escape_chars ))) *p++ = '_';
return ppd;
 }
-- 
2.23.0



    