Validate DOS path before returning

And some other minor refactors which address more review comments.
2025-12-29 17:43:17 +00:00 · 2020-08-10 12:30:24 +02:00 · 2020-08-10 12:30:24 +02:00 · 73b9f65746
commit 73b9f65746
parent cd8e6b66d0
1 changed files with 11 additions and 6 deletions
--- a/lib/std/os/windows.zig
+++ b/lib/std/os/windows.zig
@ -897,6 +897,7 @@ pub fn SetFilePointerEx_CURRENT_get(handle: HANDLE) SetFilePointerError!u64 {
 }

 pub const GetFinalPathNameByHandleError = error{
+    BadPathName,
    FileNotFound,
    NameTooLong,
    Unexpected,
@ -925,11 +926,11 @@ pub fn GetFinalPathNameByHandle(
 ) GetFinalPathNameByHandleError![]u16 {
    // Get normalized path; doesn't include volume name though.
    var path_buffer: [@sizeOf(FILE_NAME_INFORMATION) + PATH_MAX_WIDE * 2]u8 align(@alignOf(FILE_NAME_INFORMATION)) = undefined;
-    try QueryInformationFile(hFile, FILE_INFORMATION_CLASS.FileNormalizedNameInformation, path_buffer[0..]);
+    try QueryInformationFile(hFile, .FileNormalizedNameInformation, path_buffer[0..]);

    // Get NT volume name.
    var volume_buffer: [@sizeOf(FILE_NAME_INFORMATION) + MAX_PATH]u8 align(@alignOf(FILE_NAME_INFORMATION)) = undefined; // MAX_PATH bytes should be enough since it's Windows-defined name
-    try QueryInformationFile(hFile, FILE_INFORMATION_CLASS.FileVolumeNameInformation, volume_buffer[0..]);
+    try QueryInformationFile(hFile, .FileVolumeNameInformation, volume_buffer[0..]);

    const file_name = @ptrCast(*const FILE_NAME_INFORMATION, &path_buffer[0]);
    const file_name_u16 = @ptrCast([*]const u16, &file_name.FileName[0])[0 .. file_name.FileNameLength / 2];
@ -1010,8 +1011,14 @@ pub fn GetFinalPathNameByHandle(

                    std.mem.copy(u16, out_buffer[0..], drive_letter);
                    std.mem.copy(u16, out_buffer[drive_letter.len..], file_name_u16);
+                    const total_len = drive_letter.len + file_name_u16.len;

-                    return out_buffer[0 .. drive_letter.len + file_name_u16.len];
+                    // Validate that DOS does not contain any spurious nul bytes.
+                    if (std.mem.indexOfScalar(u16, out_buffer[0..total_len], 0)) |_| {
+                        return error.BadPathName;
+                    }
+
+                    return out_buffer[0..total_len];
                }
            }

@ -1030,9 +1037,7 @@ pub fn QueryInformationFile(
    out_buffer: []u8,
 ) QueryInformationFileError!void {
    var io: IO_STATUS_BLOCK = undefined;
-    const len_bytes = std.math.cast(u32, out_buffer.len) catch |err| switch (err) {
-        error.Overflow => std.math.maxInt(u32), // If the provided buffer is larger than what we can handle, set size to max what we can handle
-    };
+    const len_bytes = std.math.cast(u32, out_buffer.len) catch unreachable;
    const rc = ntdll.NtQueryInformationFile(handle, &io, out_buffer.ptr, len_bytes, info_class);
    switch (rc) {
        .SUCCESS => {},