mirror of
https://github.com/Xevion/easy7zip.git
synced 2026-01-31 10:24:13 -06:00
Revert the fixes for the "vulnerable command line parsing"
revert these commits: -e615c8c63f-45c245645d. -cc1192c7d9.
This commit is contained in:
Tino Reichardt
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
#define MY_VER_MAJOR 22
|
#define MY_VER_MAJOR 22
|
||||||
#define MY_VER_MINOR 01
|
#define MY_VER_MINOR 01
|
||||||
#define MY_VER_BUILD 05
|
#define MY_VER_BUILD 05
|
||||||
#define MY_VERSION_NUMBERS "22.01 ZS v1.5.5 R1"
|
#define MY_VERSION_NUMBERS "22.01 ZS v1.5.5 R2"
|
||||||
#define MY_VERSION MY_VERSION_NUMBERS
|
#define MY_VERSION MY_VERSION_NUMBERS
|
||||||
|
|
||||||
#ifdef MY_CPU_NAME
|
#ifdef MY_CPU_NAME
|
||||||
|
|||||||
@@ -6,108 +6,41 @@
|
|||||||
|
|
||||||
namespace NCommandLineParser {
|
namespace NCommandLineParser {
|
||||||
|
|
||||||
static const wchar_t * _SplitCommandLine(const wchar_t* s, UString &dest)
|
bool SplitCommandLine(const UString &src, UString &dest1, UString &dest2)
|
||||||
{
|
{
|
||||||
unsigned qcount = 0, bcount = 0;
|
dest1.Empty();
|
||||||
wchar_t c; const wchar_t *f, *b;
|
dest2.Empty();
|
||||||
|
bool quoteMode = false;
|
||||||
dest.Empty();
|
unsigned i;
|
||||||
|
for (i = 0; i < src.Len(); i++)
|
||||||
// skip spaces:
|
|
||||||
while (isblank(*s)) { s++; };
|
|
||||||
b = f = s;
|
|
||||||
|
|
||||||
while ((c = *s++) != 0)
|
|
||||||
{
|
{
|
||||||
switch (c)
|
wchar_t c = src[i];
|
||||||
|
if ((c == L' ' || c == L'\t') && !quoteMode)
|
||||||
{
|
{
|
||||||
case L'\\':
|
dest2 = src.Ptr(i + 1);
|
||||||
// a backslash - count them up to quote-char or regular char
|
return i != 0;
|
||||||
bcount++;
|
|
||||||
break;
|
|
||||||
case L'"':
|
|
||||||
// check quote char is escaped:
|
|
||||||
if (!(bcount & 1))
|
|
||||||
{
|
|
||||||
// preceded by an even number of '\', this is half that
|
|
||||||
// number of '\':
|
|
||||||
dest.AddFrom(f, (unsigned)(s - f - bcount/2 - 1)); f = s;
|
|
||||||
// count quote chars:
|
|
||||||
qcount++;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// preceded by an odd number of '\', this is half that
|
|
||||||
// number of '\' followed by an escaped '"':
|
|
||||||
dest.AddFrom(f, (unsigned)(s - f - bcount/2 - 2)); f = s;
|
|
||||||
dest += L'"';
|
|
||||||
}
|
|
||||||
bcount = 0;
|
|
||||||
// now count the number of consecutive quotes (inclusive
|
|
||||||
// the quote that lead us here):
|
|
||||||
while (*s == L'"')
|
|
||||||
{
|
|
||||||
s++;
|
|
||||||
if (++qcount == 3)
|
|
||||||
{
|
|
||||||
dest += L'"';
|
|
||||||
qcount = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
f = s;
|
|
||||||
if (qcount == 2)
|
|
||||||
qcount = 0;
|
|
||||||
break;
|
|
||||||
case L' ':
|
|
||||||
case L'\t':
|
|
||||||
// a space (end of arg or regular char):
|
|
||||||
if (!qcount)
|
|
||||||
{
|
|
||||||
// end of argument:
|
|
||||||
dest.AddFrom(f, (unsigned)(s - f - 1)); f = s;
|
|
||||||
// skip to the next one:
|
|
||||||
while (isblank(*s)) { s++; };
|
|
||||||
bcount = 0;
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
// no break - a space as regular char:
|
|
||||||
default:
|
|
||||||
// a regular character, reset backslash counter
|
|
||||||
bcount = 0;
|
|
||||||
}
|
}
|
||||||
|
if (c == L'\"')
|
||||||
|
quoteMode = !quoteMode;
|
||||||
|
else
|
||||||
|
dest1 += c;
|
||||||
}
|
}
|
||||||
s--; // back to NTS-zero char
|
return i != 0;
|
||||||
dest.AddFrom(f, (unsigned)(s - f));
|
|
||||||
done:
|
|
||||||
// remaining part if argument was found, otherwise NULL:
|
|
||||||
return (dest.Len() || *b) ? s : NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool SplitCommandLine(const UString& src, UString& dest1, UString& dest2)
|
void SplitCommandLine(const UString &s, UStringVector &parts)
|
||||||
{
|
{
|
||||||
const wchar_t *s = src.Ptr();
|
UString sTemp (s);
|
||||||
s = _SplitCommandLine(s, dest1);
|
sTemp.Trim();
|
||||||
if (s) {
|
|
||||||
dest2 = s;
|
|
||||||
return true;
|
|
||||||
} else {
|
|
||||||
dest2.Empty();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void SplitCommandLine(const UString &src, UStringVector &parts)
|
|
||||||
{
|
|
||||||
const wchar_t *s = src.Ptr();
|
|
||||||
parts.Clear();
|
parts.Clear();
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
UString s1;
|
UString s1, s2;
|
||||||
s = _SplitCommandLine(s, s1);
|
if (SplitCommandLine(sTemp, s1, s2))
|
||||||
if (s)
|
|
||||||
parts.Add(s1);
|
parts.Add(s1);
|
||||||
if (!s || !*s)
|
if (s2.IsEmpty())
|
||||||
break;
|
break;
|
||||||
|
sTemp = s2;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1206,16 +1206,6 @@ UString &UString::operator=(const UString &s)
|
|||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
void UString::AddFrom(const wchar_t *s, unsigned len) // no check
|
|
||||||
{
|
|
||||||
if (len) {
|
|
||||||
Grow(len);
|
|
||||||
wmemcpy(_chars + _len, s, len);
|
|
||||||
_len += len;
|
|
||||||
_chars[_len] = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void UString::SetFrom(const wchar_t *s, unsigned len) // no check
|
void UString::SetFrom(const wchar_t *s, unsigned len) // no check
|
||||||
{
|
{
|
||||||
if (len > _limit)
|
if (len > _limit)
|
||||||
|
|||||||
@@ -628,7 +628,6 @@ public:
|
|||||||
UString &operator=(char c) { return (*this)=((wchar_t)(unsigned char)c); }
|
UString &operator=(char c) { return (*this)=((wchar_t)(unsigned char)c); }
|
||||||
UString &operator=(const wchar_t *s);
|
UString &operator=(const wchar_t *s);
|
||||||
UString &operator=(const UString &s);
|
UString &operator=(const UString &s);
|
||||||
void AddFrom(const wchar_t *s, unsigned len); // no check
|
|
||||||
void SetFrom(const wchar_t *s, unsigned len); // no check
|
void SetFrom(const wchar_t *s, unsigned len); // no check
|
||||||
void SetFromBstr(LPCOLESTR s);
|
void SetFromBstr(LPCOLESTR s);
|
||||||
UString &operator=(const char *s);
|
UString &operator=(const char *s);
|
||||||
|
|||||||
Reference in New Issue
Block a user