[SHELL32] Stop SHELL_execute from always executing files (#4363)

CORE-18038 Add a check (PathIsExeW) to SHELL_execute to prevent it from executing non-exe files.
2022-02-15 17:54:20 -06:00 · 2022-02-15 17:54:20 -06:00 · 9b71653918
parent d64ab28b5f
commit 9b71653918
1 changed files with 31 additions and 24 deletions
--- a/dll/win32/shell32/shlexec.cpp
+++ b/dll/win32/shell32/shlexec.cpp
@ -25,6 +25,8 @@

 WINE_DEFAULT_DEBUG_CHANNEL(exec);

+EXTERN_C BOOL PathIsExeW(LPCWSTR lpszPath);
+
 #define SEE_MASK_CLASSALL (SEE_MASK_CLASSNAME | SEE_MASK_CLASSKEY)

 typedef UINT_PTR (*SHELL_ExecuteW32)(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
@ -2139,32 +2141,37 @@ static BOOL SHELL_execute(LPSHELLEXECUTEINFOW sei, SHELL_ExecuteW32 execfunc)
        lpFile = sei_tmp.lpFile;

    wcmd = wcmdBuffer;
-    len = lstrlenW(wszApplicationName) + 3;
-    if (sei_tmp.lpParameters[0])
-        len += 1 + lstrlenW(wszParameters);
-    if (len > wcmdLen)
-    {
-        wcmd = (LPWSTR)HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
-        wcmdLen = len;
-    }
-    swprintf(wcmd, L"\"%s\"", wszApplicationName);
-    if (sei_tmp.lpParameters[0])
-    {
-        strcatW(wcmd, L" ");
-        strcatW(wcmd, wszParameters);
-    }

-    retval = execfunc(wcmd, NULL, FALSE, &sei_tmp, sei);
-    if (retval > 32)
+    /* Only execute if it has an executable extension */
+    if (PathIsExeW(lpFile))
    {
-        HeapFree(GetProcessHeap(), 0, wszApplicationName);
-        if (wszParameters != parametersBuffer)
-            HeapFree(GetProcessHeap(), 0, wszParameters);
-        if (wszDir != dirBuffer)
-            HeapFree(GetProcessHeap(), 0, wszDir);
-        if (wcmd != wcmdBuffer)
-            HeapFree(GetProcessHeap(), 0, wcmd);
-        return TRUE;
+        len = lstrlenW(wszApplicationName) + 3;
+        if (sei_tmp.lpParameters[0])
+            len += 1 + lstrlenW(wszParameters);
+        if (len > wcmdLen)
+        {
+            wcmd = (LPWSTR)HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+            wcmdLen = len;
+        }
+        swprintf(wcmd, L"\"%s\"", wszApplicationName);
+        if (sei_tmp.lpParameters[0])
+        {
+            strcatW(wcmd, L" ");
+            strcatW(wcmd, wszParameters);
+        }
+
+        retval = execfunc(wcmd, NULL, FALSE, &sei_tmp, sei);
+        if (retval > 32)
+        {
+            HeapFree(GetProcessHeap(), 0, wszApplicationName);
+            if (wszParameters != parametersBuffer)
+                HeapFree(GetProcessHeap(), 0, wszParameters);
+            if (wszDir != dirBuffer)
+                HeapFree(GetProcessHeap(), 0, wszDir);
+            if (wcmd != wcmdBuffer)
+                HeapFree(GetProcessHeap(), 0, wcmd);
+            return TRUE;
+        }
    }

    /* Else, try to find the executable */