FILEDLG95_HandleCustomDialogMessages:

- for the three handled messages we must return the required buffer size
- for CDM_GETFILEPATH paths like "dir\file" were handled incorrectly
- fixed multiple potential buffer overflows.
FILEDLG95_OnOpen: fixed a use of strncpy without '\0'.
FILEDLG95_SHELL_NewFolder: the size of lpstrCaption was incorrect
leading to a buffer overflow.
This commit is contained in:
Francois Gouget 1999-12-26 00:34:23 +00:00 committed by Alexandre Julliard
parent 27548eeb4a
commit f3ca842678
1 changed files with 36 additions and 48 deletions

View File

@ -770,58 +770,49 @@ HRESULT SendCustomDlgNotificationMessage(HWND hwndParentDlg, UINT uCode)
HRESULT FILEDLG95_HandleCustomDialogMessages(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) HRESULT FILEDLG95_HandleCustomDialogMessages(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{ {
LPSTR lpstrFileSpec; LPSTR lpstrFileSpec;
char lpstrCurrentDir[MAX_PATH]=""; int reqSize;
char lpstrPath[MAX_PATH];
FileOpenDlgInfos *fodInfos = (FileOpenDlgInfos *) GetPropA(hwnd,FileOpenDlgInfosStr); FileOpenDlgInfos *fodInfos = (FileOpenDlgInfos *) GetPropA(hwnd,FileOpenDlgInfosStr);
if(!fodInfos) if(!fodInfos)
return TRUE; return -1;
switch(uMsg) switch(uMsg)
{ {
case CDM_GETFILEPATH: case CDM_GETFILEPATH:
{ {
char lpstrPathSpec[MAX_PATH]=""; GetDlgItemTextA(hwnd,IDC_FILENAME,lpstrPath, sizeof(lpstrPath));
GetDlgItemTextA(hwnd,IDC_FILENAME,(LPSTR)lParam, (int)wParam); lpstrFileSpec = (LPSTR)COMDLG32_PathFindFilenameA(lpstrPath);
lpstrFileSpec = (LPSTR)COMDLG32_PathFindFilenameA((LPSTR)lParam); if (lpstrFileSpec==lpstrPath) {
strcpy(lpstrPathSpec,(LPSTR)lParam); char lpstrCurrentDir[MAX_PATH];
COMDLG32_PathRemoveFileSpecA(lpstrPathSpec); /* Prepend the current path */
if(!lpstrPathSpec[0]) COMDLG32_SHGetPathFromIDListA(fodInfos->ShellInfos.pidlAbsCurrent,lpstrCurrentDir);
COMDLG32_SHGetPathFromIDListA(fodInfos->ShellInfos.pidlAbsCurrent, if ((LPSTR)lParam!=NULL)
lpstrPathSpec); wsnprintfA((LPSTR)lParam,(int)wParam,"%s\\%s",lpstrCurrentDir,lpstrPath);
strcat(lpstrPathSpec,"\\"); reqSize=strlen(lpstrCurrentDir)+1+strlen(lpstrPath)+1;
strcat(lpstrPathSpec,(LPSTR)lParam); } else {
strcpy((LPSTR)lParam,(LPSTR)lpstrPathSpec); lstrcpynA((LPSTR)lParam,(LPSTR)lpstrPath,(int)wParam);
reqSize=strlen(lpstrPath);
} }
return TRUE; }
/* return the required buffer size */
return reqSize;
case CDM_GETFOLDERPATH: case CDM_GETFOLDERPATH:
if(lParam) COMDLG32_SHGetPathFromIDListA(fodInfos->ShellInfos.pidlAbsCurrent,lpstrPath);
{ if ((LPSTR)lParam!=NULL)
if(fodInfos) lstrcpynA((LPSTR)lParam,lpstrPath,(int)wParam);
{ return strlen(lpstrPath);
COMDLG32_SHGetPathFromIDListA(fodInfos->ShellInfos.pidlAbsCurrent,
lpstrCurrentDir);
strncpy((LPSTR)lParam,lpstrCurrentDir,(int)wParam);
}
else
*((LPSTR)lParam)=0;
}
return TRUE;
case CDM_GETSPEC: case CDM_GETSPEC:
if(lParam) reqSize=GetDlgItemTextA(hwnd,IDC_FILENAME,lpstrPath, sizeof(lpstrPath));
{ lpstrFileSpec = (LPSTR)COMDLG32_PathFindFilenameA(lpstrPath);
GetDlgItemTextA(hwnd,IDC_FILENAME,(LPSTR)lParam, (int)wParam); if ((LPSTR)lParam!=NULL)
lpstrFileSpec = (LPSTR)COMDLG32_PathFindFilenameA((LPSTR)lParam); lstrcpynA((LPSTR)lParam, lpstrFileSpec, (int)wParam);
if(lpstrFileSpec) return strlen(lpstrFileSpec);
strcpy((LPSTR)lParam, lpstrFileSpec);
else
*((LPSTR)lParam)=0;
}
return TRUE;
case CDM_HIDECONTROL: case CDM_HIDECONTROL:
case CDM_SETCONTROLTEXT: case CDM_SETCONTROLTEXT:
case CDM_SETDEFEXT: case CDM_SETDEFEXT:
FIXME("CDM_HIDECONTROL,CDM_SETCONTROLTEXT,CDM_SETDEFEXT not implemented\n"); FIXME("CDM_HIDECONTROL,CDM_SETCONTROLTEXT,CDM_SETDEFEXT not implemented\n");
return TRUE; return TRUE;
} }
return TRUE; return -1;
} }
/*********************************************************************** /***********************************************************************
@ -1147,13 +1138,10 @@ BOOL FILEDLG95_OnOpen(HWND hwnd)
/* Add drive spec \TEXT => C:\TEXT */ /* Add drive spec \TEXT => C:\TEXT */
case '\\': case '\\':
{ {
INT iCopy = 2; int lenPathSpec=strlen(lpstrPathSpec);
char lpstrTmp[MAX_PATH] = ""; INT iCopy = (lenPathSpec!=0?2:3);
if(!strlen(lpstrPathSpec)) memmove(lpstrPathSpec+iCopy,lpstrPathSpec,lenPathSpec);
iCopy = 3; strncpy(lpstrPathSpec,lpstrCurrentDir,iCopy);
strncpy(lpstrTmp,lpstrCurrentDir,iCopy);
strcat(lpstrTmp,lpstrPathSpec);
strcpy(lpstrPathSpec,lpstrTmp);
} }
break; break;
/* Go to parent ..\TEXT */ /* Go to parent ..\TEXT */
@ -1165,7 +1153,7 @@ BOOL FILEDLG95_OnOpen(HWND hwnd)
iSize = lpstrTmp - lpstrCurrentDir; iSize = lpstrTmp - lpstrCurrentDir;
strncpy(lpstrTmp2,lpstrCurrentDir,iSize + 1); strncpy(lpstrTmp2,lpstrCurrentDir,iSize + 1);
if(strlen(lpstrSpecifiedByUser) <= 3) if(strlen(lpstrSpecifiedByUser) <= 3)
strcpy(lpstrFileSpec,""); *lpstrFileSpec='\0';
if(strcmp(lpstrPathSpec,"..")) if(strcmp(lpstrPathSpec,".."))
strcat(lpstrTmp2,&lpstrPathSpec[3]); strcat(lpstrTmp2,&lpstrPathSpec[3]);
strcpy(lpstrPathSpec,lpstrTmp2); strcpy(lpstrPathSpec,lpstrTmp2);
@ -1634,11 +1622,11 @@ static BOOL FILEDLG95_SHELL_NewFolder(HWND hwnd)
{ {
char lpstrText[128+MAX_PATH]; char lpstrText[128+MAX_PATH];
char lpstrTempText[128]; char lpstrTempText[128];
char lpstrCaption[32]; char lpstrCaption[256];
/* Cannot Create folder because of permissions */ /* Cannot Create folder because of permissions */
LoadStringA(COMMDLG_hInstance32, IDS_CREATEFOLDER_DENIED, lpstrTempText, 256); LoadStringA(COMMDLG_hInstance32, IDS_CREATEFOLDER_DENIED, lpstrTempText, sizeof(lpstrTempText));
LoadStringA(COMMDLG_hInstance32, IDS_FILEOPEN_CAPTION, lpstrCaption, 256); LoadStringA(COMMDLG_hInstance32, IDS_FILEOPEN_CAPTION, lpstrCaption, sizeof(lpstrCaption));
sprintf(lpstrText,lpstrTempText, lpstrDirName); sprintf(lpstrText,lpstrTempText, lpstrDirName);
MessageBoxA(hwnd,lpstrText, lpstrCaption, MB_OK | MB_ICONEXCLAMATION); MessageBoxA(hwnd,lpstrText, lpstrCaption, MB_OK | MB_ICONEXCLAMATION);
} }