Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 02:58:02 -06:00
Code Activity

Windows: use wcstok_s instead of wcstok for more secure parsing of directory path

Browse Source
This commit is contained in:
Mounir IDRASSI
2024-09-08 17:10:56 +02:00
parent b2e55df00c
commit 66ce6998b6
2 changed files with 95 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Setup/Dir.c
View File

@@ -68,21 +68,21 @@ int
mkfulldir_internal(wchar_t* path)
{
wchar_t* token;
wchar_t* next_token = NULL;
struct _stat st;
static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH)
{
// directory name will be truncated so return failure to avoid unexepected behavior
// directory name will be truncated so return failure to avoid unexpected behavior
return -1;
}
StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0';
token = wcstok (tokpath, L"\\/");
token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */
trail[0] = tokpath[0];
@@ -92,13 +92,13 @@ mkfulldir_internal (wchar_t *path)
{
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
if (token)
{ /* get share name */
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
}
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
}
}
@@ -106,7 +106,7 @@ mkfulldir_internal (wchar_t *path)
{ /* drive letter */
StringCbCatW(trail, _MAX_PATH, tokpath);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
}
while (token != NULL)
@@ -115,7 +115,7 @@ mkfulldir_internal (wchar_t *path)
StringCbCatW(trail, _MAX_PATH, token);
x = _wmkdir(trail);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
}
return _wstat(path, &st);

14
src/SetupDLL/Dir.c
View File

@@ -68,21 +68,21 @@ int
mkfulldir_internal(wchar_t* path)
{
wchar_t* token;
wchar_t* next_token = NULL;
struct _stat st;
static wchar_t tokpath[_MAX_PATH];
static wchar_t trail[_MAX_PATH];
if (wcslen(path) >= _MAX_PATH)
{
// directory name will be truncated so return failure to avoid unexepected behavior
// directory name will be truncated so return failure to avoid unexpected behavior
return -1;
}
StringCbCopyW(tokpath, _MAX_PATH, path);
trail[0] = L'\0';
token = wcstok (tokpath, L"\\/");
token = wcstok_s(tokpath, L"\\/", &next_token);
if (tokpath[0] == L'\\' && tokpath[1] == L'\\')
{ /* unc */
trail[0] = tokpath[0];
@@ -92,13 +92,13 @@ mkfulldir_internal (wchar_t *path)
{
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
if (token)
{ /* get share name */
StringCbCatW(trail, _MAX_PATH, token);
StringCbCatW(trail, _MAX_PATH, L"\\");
}
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
}
}
@@ -106,7 +106,7 @@ mkfulldir_internal (wchar_t *path)
{ /* drive letter */
StringCbCatW(trail, _MAX_PATH, tokpath);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
}
while (token != NULL)
@@ -115,7 +115,7 @@ mkfulldir_internal (wchar_t *path)
StringCbCatW(trail, _MAX_PATH, token);
x = _wmkdir(trail);
StringCbCatW(trail, _MAX_PATH, L"\\");
token = wcstok (NULL, L"\\/");
token = wcstok_s(NULL, L"\\/", &next_token);
}
return _wstat(path, &st);