Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 02:58:02 -06:00
Code Activity

Windows: use wcstok_s instead of wcstok for more secure parsing of directory path

Browse Source
This commit is contained in:
Mounir IDRASSI
2024-09-08 17:10:56 +02:00
parent b2e55df00c
commit 66ce6998b6
2 changed files with 95 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
src/Setup/Dir.c
View File

@@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
int int
mkfulldir_internal (wchar_t *path) mkfulldir_internal(wchar_t* path)
{ {
wchar_t *token; wchar_t* token;
struct _stat st; wchar_t* next_token = NULL;
static wchar_t tokpath[_MAX_PATH]; struct _stat st;
static wchar_t trail[_MAX_PATH]; static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH) if (wcslen(path) >= _MAX_PATH)
{ {
// directory name will be truncated so return failure to avoid unexepected behavior // directory name will be truncated so return failure to avoid unexpected behavior
return -1; return -1;
} }
StringCbCopyW (tokpath, _MAX_PATH, path); StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0'; trail[0] = L'\0';
token = wcstok (tokpath, L"\\/"); token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */
trail[0] = tokpath[0];
trail[1] = tokpath[1];
trail[2] = L'\0';
if (token)
{
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok_s(NULL, L"\\/", &next_token);
if (token)
{ /* get share name */
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
}
token = wcstok_s(NULL, L"\\/", &next_token);
}
}
if (tokpath[0] == L'\\' && tokpath[1] == L'\\') if (tokpath[1] == L':')
{ /* unc */ { /* drive letter */
trail[0] = tokpath[0]; StringCbCatW(trail, _MAX_PATH, tokpath);
trail[1] = tokpath[1]; StringCbCatW(trail, _MAX_PATH, L"\\");
trail[2] = L'\0'; token = wcstok_s(NULL, L"\\/", &next_token);
if (token) }
{
StringCbCatW (trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
if (token)
{ /* get share name */
StringCbCatW (trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\");
}
token = wcstok (NULL, L"\\/");
}
}
if (tokpath[1] == L':') while (token != NULL)
{ /* drive letter */ {
StringCbCatW (trail, _MAX_PATH, tokpath); int x;
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, token);
token = wcstok (NULL, L"\\/"); x = _wmkdir(trail);
} StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok_s(NULL, L"\\/", &next_token);
}
while (token != NULL) return _wstat(path, &st);
{ }
int x;
StringCbCatW (trail, _MAX_PATH, token);
x = _wmkdir (trail);
StringCbCatW (trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
}
return _wstat (path, &st);
}

94
src/SetupDLL/Dir.c
View File

@@ -65,58 +65,58 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
int int
mkfulldir_internal (wchar_t *path) mkfulldir_internal(wchar_t* path)
{ {
wchar_t *token; wchar_t* token;
struct _stat st; wchar_t* next_token = NULL;
static wchar_t tokpath[_MAX_PATH]; struct _stat st;
static wchar_t trail[_MAX_PATH]; static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH) if (wcslen(path) >= _MAX_PATH)
{ {
// directory name will be truncated so return failure to avoid unexepected behavior // directory name will be truncated so return failure to avoid unexpected behavior
return -1; return -1;
} }
StringCbCopyW (tokpath, _MAX_PATH, path); StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0'; trail[0] = L'\0';
token = wcstok (tokpath, L"\\/"); token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */
trail[0] = tokpath[0];
trail[1] = tokpath[1];
trail[2] = L'\0';
if (token)
{
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok_s(NULL, L"\\/", &next_token);
if (token)
{ /* get share name */
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
}
token = wcstok_s(NULL, L"\\/", &next_token);
}
}
if (tokpath[0] == L'\\' && tokpath[1] == L'\\') if (tokpath[1] == L':')
{ /* unc */ { /* drive letter */
trail[0] = tokpath[0]; StringCbCatW(trail, _MAX_PATH, tokpath);
trail[1] = tokpath[1]; StringCbCatW(trail, _MAX_PATH, L"\\");
trail[2] = L'\0'; token = wcstok_s(NULL, L"\\/", &next_token);
if (token) }
{
StringCbCatW (trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
if (token)
{ /* get share name */
StringCbCatW (trail, _MAX_PATH, token);
StringCbCatW (trail, _MAX_PATH, L"\\");
}
token = wcstok (NULL, L"\\/");
}
}
if (tokpath[1] == L':') while (token != NULL)
{ /* drive letter */ {
StringCbCatW (trail, _MAX_PATH, tokpath); int x;
StringCbCatW (trail, _MAX_PATH, L"\\"); StringCbCatW(trail, _MAX_PATH, token);
token = wcstok (NULL, L"\\/"); x = _wmkdir(trail);
} StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok_s(NULL, L"\\/", &next_token);
}
while (token != NULL) return _wstat(path, &st);
{
int x;
StringCbCatW (trail, _MAX_PATH, token);
x = _wmkdir (trail);
StringCbCatW (trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
}
return _wstat (path, &st);
} }