https://git.reactos.org/?p=reactos.git;a=commitdiff;h=db00a7522757ae4e5a084… commit db00a7522757ae4e5a084611528d42c076337921 Author: Katayama Hirofumi MZ <katayama.hirofumi.mz(a)gmail.com> AuthorDate: Fri Sep 16 17:35:05 2022 +0900 Commit: Katayama Hirofumi MZ <katayama.hirofumi.mz(a)gmail.com> CommitDate: Fri Sep 16 17:38:48 2022 +0900 [IMM32] Don't allow invalid 'IME File' values Improve security. CORE-11700 --- dll/win32/imm32/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dll/win32/imm32/utils.c b/dll/win32/imm32/utils.c index 9e0c07195dd..1ba6d556f21 100644 --- a/dll/win32/imm32/utils.c +++ b/dll/win32/imm32/utils.c @@ -908,7 +908,8 @@ UINT APIENTRY Imm32GetImeLayout(PREG_IME pLayouts, UINT cLayouts) RegCloseKey(hkeyIME); - if (!szImeFileName[0]) + /* We don't allow the invalid "IME File" values for security reason */ + if (!szImeFileName[0] || wcschr(szImeFileName, L'\\') != NULL) break; Imm32StrToUInt(szImeKey, &Value, 16);