ntdll: Validate directory path when the path name ends with a dos device name.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51291
Signed-off-by: Akihiro Sagawa <sagawa.aki@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
(cherry picked from commit 0acd98f135)
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
This commit is contained in:
Akihiro Sagawa 2021-06-19 18:25:35 +09:00 committed by Michael Stefaniuc
parent b301e0285e
commit a917d758b3
2 changed files with 79 additions and 16 deletions

View File

@ -129,6 +129,40 @@ ULONG WINAPI RtlIsDosDeviceName_U( PCWSTR dos_name )
return 0;
}
/******************************************************************
* is_valid_directory
*
* Helper for RtlDosPathNameToNtPathName_U_WithStatus.
* Test if the path is an exisiting directory.
*/
static BOOL is_valid_directory(LPCWSTR path)
{
OBJECT_ATTRIBUTES attr;
UNICODE_STRING ntpath;
IO_STATUS_BLOCK io;
HANDLE handle;
NTSTATUS nts;
if (!RtlDosPathNameToNtPathName_U(path, &ntpath, NULL, NULL))
return FALSE;
attr.Length = sizeof(attr);
attr.RootDirectory = 0;
attr.Attributes = OBJ_CASE_INSENSITIVE;
attr.ObjectName = &ntpath;
attr.SecurityDescriptor = NULL;
attr.SecurityQualityOfService = NULL;
nts = NtOpenFile(&handle, FILE_READ_ATTRIBUTES | SYNCHRONIZE, &attr, &io,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
RtlFreeUnicodeString(&ntpath);
if (nts != STATUS_SUCCESS)
return FALSE;
NtClose(handle);
return TRUE;
}
/**************************************************************************
* RtlDosPathNameToNtPathName_U_WithStatus [NTDLL.@]
*
@ -146,9 +180,10 @@ NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(const WCHAR *dos_path, U
{
static const WCHAR global_prefix[] = {'\\','\\','?','\\'};
static const WCHAR global_prefix2[] = {'\\','?','?','\\'};
ULONG sz, offset;
NTSTATUS nts = STATUS_SUCCESS;
ULONG sz, offset, dosdev;
WCHAR local[MAX_PATH];
LPWSTR ptr;
LPWSTR ptr = local;
TRACE("(%s,%p,%p,%p)\n", debugstr_w(dos_path), ntpath, file_part, cd);
@ -178,7 +213,35 @@ NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(const WCHAR *dos_path, U
return STATUS_SUCCESS;
}
ptr = local;
dosdev = RtlIsDosDeviceName_U(dos_path);
if ((offset = HIWORD(dosdev)))
{
sz = offset + sizeof(WCHAR);
if (sz > sizeof(local) &&
(!(ptr = RtlAllocateHeap(GetProcessHeap(), 0, sz))))
return STATUS_NO_MEMORY;
memcpy(ptr, dos_path, offset);
ptr[offset/sizeof(WCHAR)] = '\0';
if (!is_valid_directory(ptr))
{
nts = STATUS_OBJECT_NAME_INVALID;
goto out;
}
if (*file_part) *file_part = NULL;
sz = LOWORD(dosdev);
wcscpy(ptr, L"\\\\.\\");
memcpy(ptr + 4, dos_path + offset / sizeof(WCHAR), sz);
ptr[4 + sz / sizeof(WCHAR)] = '\0';
sz += 4 * sizeof(WCHAR);
}
else
{
sz = RtlGetFullPathName_U(dos_path, sizeof(local), ptr, file_part);
if (sz == 0) return STATUS_OBJECT_NAME_INVALID;
@ -187,19 +250,20 @@ NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(const WCHAR *dos_path, U
if (!(ptr = RtlAllocateHeap(GetProcessHeap(), 0, sz))) return STATUS_NO_MEMORY;
sz = RtlGetFullPathName_U(dos_path, sz, ptr, file_part);
}
}
sz += (1 /* NUL */ + 4 /* unc\ */ + 4 /* \??\ */) * sizeof(WCHAR);
if (sz > MAXWORD)
{
if (ptr != local) RtlFreeHeap(GetProcessHeap(), 0, ptr);
return STATUS_OBJECT_NAME_INVALID;
nts = STATUS_OBJECT_NAME_INVALID;
goto out;
}
ntpath->MaximumLength = sz;
ntpath->Buffer = RtlAllocateHeap(GetProcessHeap(), 0, ntpath->MaximumLength);
if (!ntpath->Buffer)
{
if (ptr != local) RtlFreeHeap(GetProcessHeap(), 0, ptr);
return STATUS_NO_MEMORY;
nts = STATUS_NO_MEMORY;
goto out;
}
wcscpy(ntpath->Buffer, L"\\??\\");
@ -225,8 +289,9 @@ NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(const WCHAR *dos_path, U
/* FIXME: cd filling */
out:
if (ptr != local) RtlFreeHeap(GetProcessHeap(), 0, ptr);
return STATUS_SUCCESS;
return nts;
}
/**************************************************************************

View File

@ -553,13 +553,11 @@ static void test_RtlDosPathNameToNtPathName_U(void)
winetest_push_context("%s", debugstr_w(error_paths[i]));
ret = pRtlDosPathNameToNtPathName_U(error_paths[i], &nameW, &file_part, NULL);
todo_wine_if(i == 3 || i == 4)
ok(!ret, "Got %d.\n", ret);
if (pRtlDosPathNameToNtPathName_U_WithStatus)
{
status = pRtlDosPathNameToNtPathName_U_WithStatus(error_paths[i], &nameW, &file_part, NULL);
todo_wine_if(i == 3 || i == 4)
ok(status == STATUS_OBJECT_NAME_INVALID || broken(status == STATUS_OBJECT_PATH_NOT_FOUND /* 2003 */),
"Got status %#x.\n", status);
}