Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: use wcstok_s instead of wcstok for more secure parsing of directory path

Browse Source
This commit is contained in:
Mounir IDRASSI
2024-09-08 17:10:56 +02:00
parent b2e55df00c
commit 66ce6998b6
2 changed files with 95 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Setup/Dir.c
View File

@@ -68,21 +68,21 @@ int
mkfulldir_internal(wchar_t* path) mkfulldir_internal(wchar_t* path)
{ {
wchar_t* token; wchar_t* token;
wchar_t* next_token = NULL;
struct _stat st; struct _stat st;
static wchar_t tokpath[_MAX_PATH]; static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH]; static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH) if (wcslen(path) >= _MAX_PATH)
{ {
// directory name will be truncated so return failure to avoid unexepected behavior // directory name will be truncated so return failure to avoid unexpected behavior
return -1; return -1;
} }
StringCbCopyW(tokpath, _MAX_PATH, path); StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0'; trail[0] = L'\0';
token = wcstok (tokpath, L"\\/"); token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\') if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */ { /* unc */
trail[0] = tokpath[0]; trail[0] = tokpath[0];
@@ -92,13 +92,13 @@ mkfulldir_internal (wchar_t *path)
{ {
StringCbCatW(trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
if (token) if (token)
{ /* get share name */ { /* get share name */
StringCbCatW(trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
} }
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
} }
@@ -106,7 +106,7 @@ mkfulldir_internal (wchar_t *path)
{ /* drive letter */ { /* drive letter */
StringCbCatW(trail, _MAX_PATH, tokpath); StringCbCatW(trail, _MAX_PATH, tokpath);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
while (token != NULL) while (token != NULL)
@@ -115,7 +115,7 @@ mkfulldir_internal (wchar_t *path)
StringCbCatW(trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
x = _wmkdir(trail); x = _wmkdir(trail);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
return _wstat(path, &st); return _wstat(path, &st);

14
src/SetupDLL/Dir.c
View File

@@ -68,21 +68,21 @@ int
mkfulldir_internal(wchar_t* path) mkfulldir_internal(wchar_t* path)
{ {
wchar_t* token; wchar_t* token;
wchar_t* next_token = NULL;
struct _stat st; struct _stat st;
static wchar_t tokpath[_MAX_PATH]; static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH]; static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH) if (wcslen(path) >= _MAX_PATH)
{ {
// directory name will be truncated so return failure to avoid unexepected behavior // directory name will be truncated so return failure to avoid unexpected behavior
return -1; return -1;
} }
StringCbCopyW(tokpath, _MAX_PATH, path); StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0'; trail[0] = L'\0';
token = wcstok (tokpath, L"\\/"); token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\') if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */ { /* unc */
trail[0] = tokpath[0]; trail[0] = tokpath[0];
@@ -92,13 +92,13 @@ mkfulldir_internal (wchar_t *path)
{ {
StringCbCatW(trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
if (token) if (token)
{ /* get share name */ { /* get share name */
StringCbCatW(trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
} }
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
} }
@@ -106,7 +106,7 @@ mkfulldir_internal (wchar_t *path)
{ /* drive letter */ { /* drive letter */
StringCbCatW(trail, _MAX_PATH, tokpath); StringCbCatW(trail, _MAX_PATH, tokpath);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
while (token != NULL) while (token != NULL)
@@ -115,7 +115,7 @@ mkfulldir_internal (wchar_t *path)
StringCbCatW(trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
x = _wmkdir(trail); x = _wmkdir(trail);
StringCbCatW(trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
return _wstat(path, &st); return _wstat(path, &st);