tyler.durden/notepad-plus-plus
1
0
Fork 0
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git synced 2025-07-29 16:54:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

[EU-FOSSA] Fix crash issue on shorcut command while its length exceed 260

Browse Source 
Fix stack Buffer Overflow in Command::extractArgs
This commit is contained in:
Don HO 2019-03-11 09:58:13 +01:00
parent 3f5f69c6a6
commit e4f9778358
2 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.cpp
View File

@ -24,14 +24,23 @@
#include "Notepad_plus.h" #include "Notepad_plus.h"
void Command::extractArgs(TCHAR *cmd2Exec, TCHAR *args, const TCHAR *cmdEntier) void Command::extractArgs(TCHAR* cmd2Exec, size_t cmd2ExecLen, TCHAR* args, size_t argsLen, const TCHAR* cmdEntier)
{ {
size_t i = 0; size_t i = 0;
bool quoted = false; bool quoted = false;
for (size_t len = lstrlen(cmdEntier); i < len ; ++i)
size_t cmdEntierLen = lstrlen(cmdEntier);
size_t shortest = min(cmd2ExecLen, argsLen);
if (cmdEntierLen > shortest)
cmdEntierLen = shortest - 1;
for (; i < cmdEntierLen; ++i)
{ {
if ((cmdEntier[i] == ' ') && (!quoted)) if (cmdEntier[i] == ' ' && !quoted)
break; break;
if (cmdEntier[i]=='"') if (cmdEntier[i]=='"')
quoted = !quoted; quoted = !quoted;
@ -39,12 +48,13 @@ void Command::extractArgs(TCHAR *cmd2Exec, TCHAR *args, const TCHAR *cmdEntier)
} }
cmd2Exec[i] = '\0'; cmd2Exec[i] = '\0';
if (i < size_t(lstrlen(cmdEntier))) if (i < cmdEntierLen)
{ {
for (size_t len = size_t(lstrlen(cmdEntier)); (i < len) && (cmdEntier[i] == ' ') ; ++i); for (size_t len = cmdEntierLen; (i < len) && (cmdEntier[i] == ' ') ; ++i);
if (i < size_t(lstrlen(cmdEntier)))
if (i < cmdEntierLen)
{ {
for (size_t k = 0, len2 = size_t(lstrlen(cmdEntier)); i <= len2; ++i, ++k) for (size_t k = 0, len2 = cmdEntierLen; i <= len2; ++i, ++k)
{ {
args[k] = cmdEntier[i]; args[k] = cmdEntier[i];
} }
@ -56,10 +66,11 @@ void Command::extractArgs(TCHAR *cmd2Exec, TCHAR *args, const TCHAR *cmdEntier)
for (l -= 2 ; (l > 0) && (args[l] == ' ') ; l--); for (l -= 2 ; (l > 0) && (args[l] == ' ') ; l--);
args[l+1] = '\0'; args[l+1] = '\0';
} }
} }
else else
{
args[0] = '\0'; args[0] = '\0';
}
} }
@ -183,7 +194,7 @@ HINSTANCE Command::run(HWND hWnd, const TCHAR* cwd)
TCHAR argsIntermediate[argsIntermediateLen]; TCHAR argsIntermediate[argsIntermediateLen];
TCHAR args2Exec[args2ExecLen]; TCHAR args2Exec[args2ExecLen];
extractArgs(cmdPure, args, _cmdLine.c_str()); extractArgs(cmdPure, MAX_PATH, args, MAX_PATH, _cmdLine.c_str());
int nbTchar = ::ExpandEnvironmentStrings(cmdPure, cmdIntermediate, MAX_PATH); int nbTchar = ::ExpandEnvironmentStrings(cmdPure, cmdIntermediate, MAX_PATH);
if (!nbTchar) if (!nbTchar)
wcscpy_s(cmdIntermediate, cmdPure); wcscpy_s(cmdIntermediate, cmdPure);

2
PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.h
View File

@ -48,7 +48,7 @@ public :
protected : protected :
generic_string _cmdLine; generic_string _cmdLine;
private : private :
void extractArgs(TCHAR *cmd2Exec, TCHAR *args, const TCHAR *cmdEntier); void extractArgs(TCHAR *cmd2Exec, size_t cmd2ExecLen, TCHAR *args, size_t argsLen, const TCHAR *cmdEntier);
}; };
class RunDlg : public Command, public StaticDialog class RunDlg : public Command, public StaticDialog