[ros-diffs] [reactos] 01/01: [IMM32] Don't allow invalid 'IME File' values

16 Sep 2022

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=db00a7522757ae4e5a0846...
commit db00a7522757ae4e5a084611528d42c076337921
Author:     Katayama Hirofumi MZ katayama.hirofumi.mz@gmail.com
AuthorDate: Fri Sep 16 17:35:05 2022 +0900
Commit:     Katayama Hirofumi MZ katayama.hirofumi.mz@gmail.com
CommitDate: Fri Sep 16 17:38:48 2022 +0900
[IMM32] Don't allow invalid 'IME File' values
Improve security. CORE-11700
---
 dll/win32/imm32/utils.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dll/win32/imm32/utils.c b/dll/win32/imm32/utils.c
index 9e0c07195dd..1ba6d556f21 100644
--- a/dll/win32/imm32/utils.c
+++ b/dll/win32/imm32/utils.c
@@ -908,7 +908,8 @@ UINT APIENTRY Imm32GetImeLayout(PREG_IME pLayouts, UINT cLayouts)
RegCloseKey(hkeyIME);
-        if (!szImeFileName[0])
+        /* We don't allow the invalid "IME File" values for security reason */
+        if (!szImeFileName[0] || wcschr(szImeFileName, L'\') != NULL)
             break;
Imm32StrToUInt(szImeKey, &Value, 16);

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 01/01: [IMM32] Don't allow invalid 'IME File' values