From: Hugh McMaster Subject: regsvr32: Fix issue where DllInstall receives invalid cmdline Message-Id: <9CB7F20010CADE479EB89B7DCEDFB642687E3C425F@VMBX112.ihostexchange.net> Date: Tue, 22 Apr 2014 02:26:00 -0400 This patch fixes an issue that allows the option /i:cmdline to pass cmdline to DllInstall with only one quotation mark present (either at the start or end of the string). If working with /i:"command, DllInstall receives 'comman' as the string, which is neither intended nor valid. Similarly, if working with /i:command", DllInstall receives command" as the string which, again, is not intended nor valid. From 9e53141ec996b4c849cba477a483f845f751ac21 Mon Sep 17 00:00:00 2001 From: Hugh McMaster Date: Tue, 22 Apr 2014 13:10:09 +1000 Subject: Prevent quotes mismatch in regsvr32 --- programs/regsvr32/regsvr32.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/programs/regsvr32/regsvr32.c b/programs/regsvr32/regsvr32.c index bb9198a..64ccb2c 100644 --- a/programs/regsvr32/regsvr32.c +++ b/programs/regsvr32/regsvr32.c @@ -233,6 +233,12 @@ int main(int argc, char* argv[]) /* remove double quotes */ if (command_line[0] == '"') { + if (command_line[len-1] != '"') + { + output_write(STRING_UNRECOGNIZED_SWITCH, argv[i]); + output_write(STRING_USAGE); + return 1; + } command_line++; len--; if (command_line[0]) @@ -241,6 +247,12 @@ int main(int argc, char* argv[]) command_line[len] = 0; } } + else if (command_line[len-1] == '"') + { + output_write(STRING_UNRECOGNIZED_SWITCH, argv[i]); + output_write(STRING_USAGE); + return 1; + } if (command_line[0]) { len = MultiByteToWideChar(CP_ACP, 0, command_line, -1, -- 1.8.3.2