[reactos] 01/01: [USER32] Don't allow invalid 'IME File' values - Ros-diffs

16 Sep 2022

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=b4575eccd77c37eb1c3132...
commit b4575eccd77c37eb1c3132660c288e91ac378ed9
Author:     Katayama Hirofumi MZ katayama.hirofumi.mz@gmail.com
AuthorDate: Fri Sep 16 17:59:48 2022 +0900
Commit:     Katayama Hirofumi MZ katayama.hirofumi.mz@gmail.com
CommitDate: Fri Sep 16 18:01:19 2022 +0900
[USER32] Don't allow invalid 'IME File' values
Improve security. CORE-11700
---
 win32ss/user/user32/windows/input.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/win32ss/user/user32/windows/input.c b/win32ss/user/user32/windows/input.c
index a9aac9e82a3..39ad3ab951f 100644
--- a/win32ss/user/user32/windows/input.c
+++ b/win32ss/user/user32/windows/input.c
@@ -801,7 +801,11 @@ IntLoadKeyboardLayout(
             {
                 WCHAR szPath[MAX_PATH];
                 GetSystemLibraryPath(szPath, _countof(szPath), szImeFileName);
-                if (GetFileAttributesW(szPath) == INVALID_FILE_ATTRIBUTES) /* Does not exist? */
+
+                /* We don't allow the invalid "IME File" values for security reason */
+                if (dwType != REG_SZ || szImeFileName[0] == 0 ||
+                    wcsspn(szImeFileName, L":\/") != wcslen(szImeFileName) ||
+                    GetFileAttributesW(szPath) == INVALID_FILE_ATTRIBUTES) /* Does not exist? */
                 {
                     bIsIME = FALSE;
                     wHigh = 0;

    