Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-01-06 13:48:11 -06:00
Code Activity

Windows: use wcstok_s instead of wcstok for more secure parsing of directory path

Browse Source
This commit is contained in:
Mounir IDRASSI
2024-09-08 17:10:56 +02:00
parent b2e55df00c
commit 66ce6998b6
2 changed files with 95 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/Setup/Dir.c
View File

@@ -65,24 +65,24 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
int int
mkfulldir_internal (wchar_t *path) mkfulldir_internal(wchar_t* path)
{ {
wchar_t *token; wchar_t* token;
wchar_t* next_token = NULL;
struct _stat st; struct _stat st;
static wchar_t tokpath[_MAX_PATH]; static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH]; static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH) if (wcslen(path) >= _MAX_PATH)
{ {
// directory name will be truncated so return failure to avoid unexepected behavior // directory name will be truncated so return failure to avoid unexpected behavior
return -1; return -1;
} }
StringCbCopyW (tokpath, _MAX_PATH, path); StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0'; trail[0] = L'\0';
token = wcstok (tokpath, L"\\/"); token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\') if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */ { /* unc */
trail[0] = tokpath[0]; trail[0] = tokpath[0];
@@ -90,33 +90,33 @@ mkfulldir_internal (wchar_t *path)
trail[2] = L'\0'; trail[2] = L'\0';
if (token) if (token)
{ {
StringCbCatW (trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
if (token) if (token)
{ /* get share name */ { /* get share name */
StringCbCatW (trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
} }
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
} }
if (tokpath[1] == L':') if (tokpath[1] == L':')
{ /* drive letter */ { /* drive letter */
StringCbCatW (trail, _MAX_PATH, tokpath); StringCbCatW(trail, _MAX_PATH, tokpath);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
while (token != NULL) while (token != NULL)
{ {
int x; int x;
StringCbCatW (trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
x = _wmkdir (trail); x = _wmkdir(trail);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
return _wstat (path, &st); return _wstat(path, &st);
} }

40
src/SetupDLL/Dir.c
View File

@@ -65,24 +65,24 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
int int
mkfulldir_internal (wchar_t *path) mkfulldir_internal(wchar_t* path)
{ {
wchar_t *token; wchar_t* token;
wchar_t* next_token = NULL;
struct _stat st; struct _stat st;
static wchar_t tokpath[_MAX_PATH]; static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH]; static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH) if (wcslen(path) >= _MAX_PATH)
{ {
// directory name will be truncated so return failure to avoid unexepected behavior // directory name will be truncated so return failure to avoid unexpected behavior
return -1; return -1;
} }
StringCbCopyW (tokpath, _MAX_PATH, path); StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0'; trail[0] = L'\0';
token = wcstok (tokpath, L"\\/"); token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\') if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */ { /* unc */
trail[0] = tokpath[0]; trail[0] = tokpath[0];
@@ -90,33 +90,33 @@ mkfulldir_internal (wchar_t *path)
trail[2] = L'\0'; trail[2] = L'\0';
if (token) if (token)
{ {
StringCbCatW (trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
if (token) if (token)
{ /* get share name */ { /* get share name */
StringCbCatW (trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
} }
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
} }
if (tokpath[1] == L':') if (tokpath[1] == L':')
{ /* drive letter */ { /* drive letter */
StringCbCatW (trail, _MAX_PATH, tokpath); StringCbCatW(trail, _MAX_PATH, tokpath);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
while (token != NULL) while (token != NULL)
{ {
int x; int x;
StringCbCatW (trail, _MAX_PATH, token); StringCbCatW(trail, _MAX_PATH, token);
x = _wmkdir (trail); x = _wmkdir(trail);
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/"); token = wcstok_s(NULL, L"\\/", &next_token);
} }
return _wstat (path, &st); return _wstat(path, &st);
} }