From 3f5f69c6a6b7620bf2e008fbbb0db9ab8a14ab39 Mon Sep 17 00:00:00 2001 From: Don HO Date: Sun, 10 Mar 2019 23:27:05 +0100 Subject: [PATCH] [EU-FOSSA] Enhance external call code to avoid eventual arbitrary commands execution --- PowerEditor/src/NppCommands.cpp | 4 ++-- .../src/WinControls/FileBrowser/fileBrowser.cpp | 4 ++-- .../src/WinControls/StaticDialog/RunDlg/RunDlg.cpp | 10 +++++++++- .../src/WinControls/StaticDialog/RunDlg/RunDlg.h | 1 + 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/PowerEditor/src/NppCommands.cpp b/PowerEditor/src/NppCommands.cpp index ef29f1d6a..57ff50811 100644 --- a/PowerEditor/src/NppCommands.cpp +++ b/PowerEditor/src/NppCommands.cpp @@ -91,8 +91,8 @@ void Notepad_plus::command(int id) case IDM_FILE_OPEN_CMD: { - Command cmd(TEXT("cmd /K cd /d \"$(CURRENT_DIRECTORY)\"")); - cmd.run(_pPublicInterface->getHSelf()); + Command cmd(TEXT("cmd")); + cmd.run(_pPublicInterface->getHSelf(), TEXT("$(CURRENT_DIRECTORY)")); } break; diff --git a/PowerEditor/src/WinControls/FileBrowser/fileBrowser.cpp b/PowerEditor/src/WinControls/FileBrowser/fileBrowser.cpp index 02c355f0a..8e41d0363 100644 --- a/PowerEditor/src/WinControls/FileBrowser/fileBrowser.cpp +++ b/PowerEditor/src/WinControls/FileBrowser/fileBrowser.cpp @@ -688,9 +688,9 @@ void FileBrowser::popupMenuCmd(int cmdID) if (::PathFileExists(path.c_str())) { TCHAR cmdStr[1024]; - wsprintf(cmdStr, TEXT("cmd /K cd /d \"%s\""), path.c_str()); + wsprintf(cmdStr, TEXT("cmd")); Command cmd(cmdStr); - cmd.run(nullptr); + cmd.run(nullptr, path.c_str()); } } break; diff --git a/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.cpp b/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.cpp index 37794fdf9..aad8fb240 100644 --- a/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.cpp +++ b/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.cpp @@ -167,6 +167,11 @@ void expandNppEnvironmentStrs(const TCHAR *strSrc, TCHAR *stringDest, size_t str } HINSTANCE Command::run(HWND hWnd) +{ + return run(hWnd, TEXT(".")); +} + +HINSTANCE Command::run(HWND hWnd, const TCHAR* cwd) { const int argsIntermediateLen = MAX_PATH*2; const int args2ExecLen = CURRENTWORD_MAXLENGTH+MAX_PATH*2; @@ -194,7 +199,10 @@ HINSTANCE Command::run(HWND hWnd) expandNppEnvironmentStrs(cmdIntermediate, cmd2Exec, MAX_PATH, hWnd); expandNppEnvironmentStrs(argsIntermediate, args2Exec, args2ExecLen, hWnd); - HINSTANCE res = ::ShellExecute(hWnd, TEXT("open"), cmd2Exec, args2Exec, TEXT("."), SW_SHOW); + TCHAR cwd2Exec[MAX_PATH]; + expandNppEnvironmentStrs(cwd, cwd2Exec, MAX_PATH, hWnd); + + HINSTANCE res = ::ShellExecute(hWnd, TEXT("open"), cmd2Exec, args2Exec, cwd2Exec, SW_SHOW); // As per MSDN (https://msdn.microsoft.com/en-us/library/windows/desktop/bb762153(v=vs.85).aspx) // If the function succeeds, it returns a value greater than 32. diff --git a/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.h b/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.h index 67611ee17..3d0337228 100644 --- a/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.h +++ b/PowerEditor/src/WinControls/StaticDialog/RunDlg/RunDlg.h @@ -43,6 +43,7 @@ public : explicit Command(TCHAR *cmd) : _cmdLine(cmd){}; explicit Command(generic_string cmd) : _cmdLine(cmd){}; HINSTANCE run(HWND hWnd); + HINSTANCE run(HWND hWnd, const TCHAR* cwd); protected : generic_string _cmdLine;