Mercurial > vim

comparison src/dosinst.c @ 15941:b9098585d945 v8.1.0976

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.1.0976: dosinstall still has buffer overflow problems commit https://github.com/vim/vim/commit/e4963c543ddcfc4845fa0d42893b6a4e1aa27c47 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Feb 22 19:41:08 2019 +0100 patch 8.1.0976: dosinstall still has buffer overflow problems Problem: Dosinstall still has buffer overflow problems. Solution: Adjust buffer sizes. (Yasuhiro Matsumoto, closes https://github.com/vim/vim/issues/4002)
author Bram Moolenaar <Bram@vim.org>
date Fri, 22 Feb 2019 19:45:12 +0100
parents e43b5e6d9190
children cd5c83115ec6
comparison
equal deleted inserted replaced
15940:00844735e936 15941:b9098585d945
386 FILE *fd; 386 FILE *fd;
387 char fname[BUFSIZE]; 387 char fname[BUFSIZE];
388 388
389 /* First get $VIMRUNTIME. If it's set, remove the tail. */ 389 /* First get $VIMRUNTIME. If it's set, remove the tail. */
390 vim = getenv("VIMRUNTIME"); 390 vim = getenv("VIMRUNTIME");
391 if (vim != NULL && *vim != 0 && strlen(vim) < BUFSIZE) 391 if (vim != NULL && *vim != 0 && strlen(vim) < sizeof(buf))
392 { 392 {
393 strcpy(buf, vim); 393 strcpy(buf, vim);
394 remove_tail(buf); 394 remove_tail(buf);
395 vim = buf; 395 vim = buf;
396 } 396 }
409 } 409 }
410 } 410 }
411 411
412 /* NSIS also uses GetTempPath(), thus we should get the same directory 412 /* NSIS also uses GetTempPath(), thus we should get the same directory
413 * name as where NSIS will look for vimini.ini. */ 413 * name as where NSIS will look for vimini.ini. */
414 GetTempPath(BUFSIZE, fname); 414 GetTempPath(sizeof(fname) - 12, fname);
415 add_pathsep(fname); 415 add_pathsep(fname);
416 strcat(fname, "vimini.ini"); 416 strcat(fname, "vimini.ini");
417 417
418 fd = fopen(fname, "w"); 418 fd = fopen(fname, "w");
419 if (fd != NULL) 419 if (fd != NULL)
454 * Run the uninstaller silently. 454 * Run the uninstaller silently.
455 */ 455 */
456 static int 456 static int
457 run_silent_uninstall(char *uninst_exe) 457 run_silent_uninstall(char *uninst_exe)
458 { 458 {
459 char vimrt_dir[MAX_PATH]; 459 char vimrt_dir[BUFSIZE];
460 char temp_uninst[BUFSIZE]; 460 char temp_uninst[BUFSIZE];
461 char temp_dir[MAX_PATH]; 461 char temp_dir[MAX_PATH];
462 char buf[BUFSIZE * 2 + 10]; 462 char buf[BUFSIZE * 2 + 10];
463 int i; 463 int i;
464 DWORD tick; 464 DWORD tick;
504 HKEY key_handle; 504 HKEY key_handle;
505 HKEY uninstall_key_handle; 505 HKEY uninstall_key_handle;
506 char *uninstall_key = "software\\Microsoft\\Windows\\CurrentVersion\\Uninstall"; 506 char *uninstall_key = "software\\Microsoft\\Windows\\CurrentVersion\\Uninstall";
507 char subkey_name_buff[BUFSIZE]; 507 char subkey_name_buff[BUFSIZE];
508 char temp_string_buffer[BUFSIZE-2]; 508 char temp_string_buffer[BUFSIZE-2];
509 DWORD local_bufsize = BUFSIZE; 509 DWORD local_bufsize;
510 FILETIME temp_pfiletime; 510 FILETIME temp_pfiletime;
511 DWORD key_index; 511 DWORD key_index;
512 char input; 512 char input;
513 long code; 513 long code;
514 DWORD value_type; 514 DWORD value_type;
519 519
520 code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, uninstall_key, 0, 520 code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, uninstall_key, 0,
521 KEY_WOW64_64KEY | KEY_READ, &key_handle); 521 KEY_WOW64_64KEY | KEY_READ, &key_handle);
522 CHECK_REG_ERROR(code); 522 CHECK_REG_ERROR(code);
523 523
524 for (key_index = 0; 524 key_index = 0;
525 RegEnumKeyEx(key_handle, key_index, subkey_name_buff, &local_bufsize, 525 while (TRUE)
526 NULL, NULL, NULL, &temp_pfiletime) != ERROR_NO_MORE_ITEMS; 526 {
527 key_index++) 527 local_bufsize = sizeof(subkey_name_buff);
528 { 528 if (RegEnumKeyEx(key_handle, key_index, subkey_name_buff, &local_bufsize,
529 local_bufsize = BUFSIZE; 529 NULL, NULL, NULL, &temp_pfiletime) == ERROR_NO_MORE_ITEMS)
530 break;
531
530 if (strncmp("Vim", subkey_name_buff, 3) == 0) 532 if (strncmp("Vim", subkey_name_buff, 3) == 0)
531 { 533 {
532 /* Open the key named Vim* */ 534 /* Open the key named Vim* */
533 code = RegOpenKeyEx(key_handle, subkey_name_buff, 0, 535 code = RegOpenKeyEx(key_handle, subkey_name_buff, 0,
534 KEY_WOW64_64KEY | KEY_READ, &uninstall_key_handle); 536 KEY_WOW64_64KEY | KEY_READ, &uninstall_key_handle);
535 CHECK_REG_ERROR(code); 537 CHECK_REG_ERROR(code);
536 538
537 /* get the DisplayName out of it to show the user */ 539 /* get the DisplayName out of it to show the user */
540 local_bufsize = sizeof(temp_string_buffer);
538 code = RegQueryValueEx(uninstall_key_handle, "displayname", 0, 541 code = RegQueryValueEx(uninstall_key_handle, "displayname", 0,
539 &value_type, (LPBYTE)temp_string_buffer, 542 &value_type, (LPBYTE)temp_string_buffer,
540 &local_bufsize); 543 &local_bufsize);
541 local_bufsize = BUFSIZE;
542 CHECK_REG_ERROR(code); 544 CHECK_REG_ERROR(code);
543 545
544 allow_silent = 0; 546 allow_silent = 0;
545 if (skip_question) 547 if (skip_question)
546 { 548 {
566 else 568 else
567 printf("\nDo you want to uninstall \"%s\" now?\n(y)es/(n)o) ", temp_string_buffer); 569 printf("\nDo you want to uninstall \"%s\" now?\n(y)es/(n)o) ", temp_string_buffer);
568 fflush(stdout); 570 fflush(stdout);
569 571
570 /* get the UninstallString */ 572 /* get the UninstallString */
573 local_bufsize = sizeof(temp_string_buffer);
571 code = RegQueryValueEx(uninstall_key_handle, "uninstallstring", 0, 574 code = RegQueryValueEx(uninstall_key_handle, "uninstallstring", 0,
572 &value_type, (LPBYTE)temp_string_buffer, &local_bufsize); 575 &value_type, (LPBYTE)temp_string_buffer, &local_bufsize);
573 local_bufsize = BUFSIZE;
574 CHECK_REG_ERROR(code); 576 CHECK_REG_ERROR(code);
575 577
576 /* Remember the directory, it is used as the default for NSIS. */ 578 /* Remember the directory, it is used as the default for NSIS. */
577 default_vim_dir = alloc(strlen(temp_string_buffer) + 1); 579 default_vim_dir = alloc(strlen(temp_string_buffer) + 1);
578 strcpy(default_vim_dir, temp_string_buffer); 580 strcpy(default_vim_dir, temp_string_buffer);
681 683
682 } while (input != 'n' && input != 'y'); 684 } while (input != 'n' && input != 'y');
683 685
684 RegCloseKey(uninstall_key_handle); 686 RegCloseKey(uninstall_key_handle);
685 } 687 }
688
689 key_index++;
686 } 690 }
687 RegCloseKey(key_handle); 691 RegCloseKey(key_handle);
688 692
689 return foundone; 693 return foundone;
690 } 694 }
1824 wchar_t wsz[BUFSIZE]; 1828 wchar_t wsz[BUFSIZE];
1825 1829
1826 /* translate the (possibly) multibyte shortcut filename to windows 1830 /* translate the (possibly) multibyte shortcut filename to windows
1827 * Unicode so it can be used as a file name. 1831 * Unicode so it can be used as a file name.
1828 */ 1832 */
1829 MultiByteToWideChar(CP_ACP, 0, shortcut_name, -1, wsz, BUFSIZE); 1833 MultiByteToWideChar(CP_ACP, 0, shortcut_name, -1, wsz, sizeof(wsz)/sizeof(wsz[0]));
1830 1834
1831 /* set the attributes */ 1835 /* set the attributes */
1832 shelllink_ptr->lpVtbl->SetPath(shelllink_ptr, shortcut_target); 1836 shelllink_ptr->lpVtbl->SetPath(shelllink_ptr, shortcut_target);
1833 shelllink_ptr->lpVtbl->SetWorkingDirectory(shelllink_ptr, 1837 shelllink_ptr->lpVtbl->SetWorkingDirectory(shelllink_ptr,
1834 workingdir); 1838 workingdir);
2133 /* 2137 /*
2134 * Remove the last part of directory "path[]" to get its parent, and put the 2138 * Remove the last part of directory "path[]" to get its parent, and put the
2135 * result in "to[]". 2139 * result in "to[]".
2136 */ 2140 */
2137 static void 2141 static void
2138 dir_remove_last(const char *path, char to[BUFSIZE]) 2142 dir_remove_last(const char *path, char to[MAX_PATH])
2139 { 2143 {
2140 char c; 2144 char c;
2141 long last_char_to_copy; 2145 long last_char_to_copy;
2142 long path_length = strlen(path); 2146 long path_length = strlen(path);
2143 2147
2204 homedrive = getenv("HOMEDRIVE"); 2208 homedrive = getenv("HOMEDRIVE");
2205 homepath = getenv("HOMEPATH"); 2209 homepath = getenv("HOMEPATH");
2206 if (homepath == NULL || *homepath == NUL) 2210 if (homepath == NULL || *homepath == NUL)
2207 homepath = "\\"; 2211 homepath = "\\";
2208 if (homedrive != NULL 2212 if (homedrive != NULL
2209 && strlen(homedrive) + strlen(homepath) < MAX_PATH) 2213 && strlen(homedrive) + strlen(homepath) < sizeof(buf))
2210 { 2214 {
2211 sprintf(buf, "%s%s", homedrive, homepath); 2215 sprintf(buf, "%s%s", homedrive, homepath);
2212 if (buf[0] != NUL) 2216 if (buf[0] != NUL)
2213 var = buf; 2217 var = buf;
2214 } 2218 }
2232 { 2236 {
2233 strncpy(buf, var + 1, p - (var + 1)); 2237 strncpy(buf, var + 1, p - (var + 1));
2234 buf[p - (var + 1)] = NUL; 2238 buf[p - (var + 1)] = NUL;
2235 exp = getenv(buf); 2239 exp = getenv(buf);
2236 if (exp != NULL && *exp != NUL 2240 if (exp != NULL && *exp != NUL
2237 && strlen(exp) + strlen(p) < MAX_PATH) 2241 && strlen(exp) + strlen(p) < sizeof(buf))
2238 { 2242 {
2239 _snprintf(buf, MAX_PATH, "%s%s", exp, p + 1); 2243 sprintf(buf, "%s%s", exp, p + 1);
2240 buf[MAX_PATH - 1] = NUL;
2241 var = buf; 2244 var = buf;
2242 } 2245 }
2243 } 2246 }
2244 } 2247 }
2245 2248
2349 choices[choice_count].installfunc = install_vimfilesdir; 2352 choices[choice_count].installfunc = install_vimfilesdir;
2350 choices[choice_count].active = 1; 2353 choices[choice_count].active = 1;
2351 2354
2352 // Check if the "compiler" directory already exists. That's a good 2355 // Check if the "compiler" directory already exists. That's a good
2353 // indication that the plugin directories were already created. 2356 // indication that the plugin directories were already created.
2354 if (getenv("HOME") != NULL) 2357 p = getenv("HOME");
2358 if (p != NULL)
2355 { 2359 {
2356 vimfiles_dir_choice = (int)vimfiles_dir_home; 2360 vimfiles_dir_choice = (int)vimfiles_dir_home;
2357 sprintf(tmp_dirname, "%s\\vimfiles\\compiler", getenv("HOME")); 2361 sprintf(tmp_dirname, "%s\\vimfiles\\compiler", p);
2358 if (stat(tmp_dirname, &st) == 0) 2362 if (stat(tmp_dirname, &st) == 0)
2359 vimfiles_dir_choice = (int)vimfiles_dir_none; 2363 vimfiles_dir_choice = (int)vimfiles_dir_none;
2360 } 2364 }
2361 else 2365 else
2362 { 2366 {