DQSDTools Launcher.cpp,1.37,1.38 Launcher.h,1.21,1.22

bearbr Sat, 28 Jun 2003 10:32:45 -0700

View the DQSD CVS repository here:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/dqsd/


Update of /cvsroot/dqsd/dqsd/src/DQSDTools
In directory sc8-pr-cvs1:/tmp/cvs-serv28707/src/DQSDTools

Modified Files:
        Launcher.cpp Launcher.h 
Log Message:
updated RenameFile in Launcher.cpp to check to make sure that both the source file and 
destination file are in the dqsd installation directory tree

Index: Launcher.cpp
===================================================================
RCS file: /cvsroot/dqsd/dqsd/src/DQSDTools/Launcher.cpp,v
retrieving revision 1.37
retrieving revision 1.38
diff -C2 -d -r1.37 -r1.38
*** Launcher.cpp        27 Jun 2003 22:36:32 -0000      1.37
--- Launcher.cpp        28 Jun 2003 17:32:03 -0000      1.38
***************
*** 627,645 ****
        USES_CONVERSION;
  
-       // Get the installation directory from the registry
-       CRegKey rk;
-       if ( ERROR_SUCCESS != rk.Open( HKEY_CLASSES_ROOT, DQSD_REG_KEY, KEY_READ ) )
-       {
-               Error(IDS_ERR_REGKEYNOTFOUND, IID_ILauncher);
-               return E_UNEXPECTED;
-       }
- 
        TCHAR szInstallDir[ _MAX_PATH ];
!       DWORD dwCount = sizeof( szInstallDir );
!       if ( ERROR_SUCCESS != rk.QueryValue( szInstallDir, _T("InstallDir"), &dwCount 
) )
        {
!               Error(IDS_ERR_REGKEYNOTFOUND, IID_ILauncher);
!               return E_UNEXPECTED;
        }
        CComBSTR bstrInstallDir;
        bstrInstallDir.Append(szInstallDir);
--- 627,637 ----
        USES_CONVERSION;
  
        TCHAR szInstallDir[ _MAX_PATH ];
!       HRESULT hr = GetInstallationDirectory(szInstallDir, sizeof(szInstallDir));
!       if (FAILED (hr) )
        {
!               return hr;
        }
+ 
        CComBSTR bstrInstallDir;
        bstrInstallDir.Append(szInstallDir);
***************
*** 765,774 ****
        USES_CONVERSION;
  
!       // Get the full from pathname after applying some defaults and terminate with 
double \0's
        TCHAR szFromFilename[ _MAX_PATH ];
!       HRESULT hr = GetFilename( W2CT( bstrFromFilename ), szFromFilename );
        if ( FAILED( hr ) )
                return hr;
  
        szFromFilename[lstrlen(szFromFilename)+1] = '\0';
  
--- 757,781 ----
        USES_CONVERSION;
  
!       HRESULT hr;
! 
!       // Get the full from pathname after applying some defaults
        TCHAR szFromFilename[ _MAX_PATH ];
!       hr = GetFilename( W2CT( bstrFromFilename ), szFromFilename );
        if ( FAILED( hr ) )
                return hr;
  
+       // Get the installation directory from the registry to use for making sure the 
filenames are in the install path
+       TCHAR szInstallDir[ _MAX_PATH ];
+       hr = GetInstallationDirectory(szInstallDir, sizeof(szInstallDir));
+       if (FAILED ( hr) )
+               return hr;
+ 
+       // Make sure from filename is in the installation directory tree
+       if (!VerifyFileInDirectoryTree(szFromFilename, szInstallDir))
+       {
+               return Error(_T("Source filename is not in the installation directory 
tree."), IID_ILauncher, E_FAIL);
+       }
+ 
+       // add extra \0 for SHFileOperation call
        szFromFilename[lstrlen(szFromFilename)+1] = '\0';
  
***************
*** 786,790 ****
  #pragma warning(default: 4310) // cast truncates constant value
  
!       // Get the full to pathname after applying some defaults and terminate with 
double \0's
        TCHAR szToFilename[ _MAX_PATH ];
        hr = GetFilename( W2CT( bstrToFilename ), szToFilename );
--- 793,797 ----
  #pragma warning(default: 4310) // cast truncates constant value
  
!       // Get the full to pathname after applying some defaults
        TCHAR szToFilename[ _MAX_PATH ];
        hr = GetFilename( W2CT( bstrToFilename ), szToFilename );
***************
*** 792,795 ****
--- 799,809 ----
                return hr;
  
+       // Make sure to filename is in the installation directory tree
+       if (!VerifyFileInDirectoryTree(szToFilename, szInstallDir))
+       {
+               return Error(_T("Destination filename is not in the installation 
directory tree."), IID_ILauncher, E_FAIL);
+       }
+ 
+       // add extra \0 for SHFileOperation call
        szToFilename[lstrlen(szToFilename)+1] = '\0';
  
***************
*** 821,823 ****
--- 835,877 ----
  
        return S_OK;
+ }
+ 
+ HRESULT CLauncher::GetInstallationDirectory( LPTSTR szResult, DWORD dwResultSize)
+ {
+       // Get the installation directory from the registry to use for making sure the 
filenames are in the install path
+       CRegKey rk;
+       if ( ERROR_SUCCESS != rk.Open( HKEY_CLASSES_ROOT, DQSD_REG_KEY, KEY_READ ) )
+       {
+               Error(IDS_ERR_REGKEYNOTFOUND, IID_ILauncher);
+               return E_UNEXPECTED;
+       }
+ 
+       DWORD dwCount = dwResultSize;
+       if ( ERROR_SUCCESS != rk.QueryValue( szResult, _T("InstallDir"), &dwCount ) )
+       {
+               Error(IDS_ERR_REGKEYNOTFOUND, IID_ILauncher);
+               return E_UNEXPECTED;
+       }
+       return S_OK;
+ }
+ 
+ BOOL CLauncher::VerifyFileInDirectoryTree( LPCTSTR szFilename, LPCTSTR szDir)
+ {
+       TCHAR szCanonFilename[_MAX_PATH];
+       TCHAR szCanonDir[_MAX_PATH];
+ 
+       // canonicalize the dir and filename first to remove . and ..
+       if (!::PathCanonicalize(szCanonFilename, szFilename))
+       {
+               return FALSE;
+       }
+ 
+       if (!::PathCanonicalize(szCanonDir, szDir))
+       {
+               return FALSE;
+       }
+ 
+       // Make sure to filename is in the directory
+       int nCommonPathLen = ::PathCommonPrefix(szCanonDir, szCanonFilename, NULL);
+       return (nCommonPathLen == (int)_tcslen(szCanonDir)) ? TRUE : FALSE;
  }

Index: Launcher.h
===================================================================
RCS file: /cvsroot/dqsd/dqsd/src/DQSDTools/Launcher.h,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -d -r1.21 -r1.22
*** Launcher.h  27 Jun 2003 22:36:32 -0000      1.21
--- Launcher.h  28 Jun 2003 17:32:03 -0000      1.22
***************
*** 103,108 ****
--- 103,111 ----
        HWND    m_hHotkeyNotificationWindow;
  
+ 
  private:
        HRESULT GetFilename( LPCTSTR szName, LPTSTR szResult, LPCTSTR pszDefaultExt = 
_T(".txt") );
+       HRESULT GetInstallationDirectory( LPTSTR szResult, DWORD dwResultSize);
+       BOOL VerifyFileInDirectoryTree( LPCTSTR szFilename, LPCTSTR szDir);
  
  };




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
DQSD-CVS mailing list
https://lists.sourceforge.net/lists/listinfo/dqsd-cvs
DQSD CVS repository:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/dqsd/

[DQSD-CVS] dqsd/src/DQSDTools Launcher.cpp,1.37,1.38 Launcher.h,1.21,1.22

Reply via email to