mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
[USER32] Don't allow invalid 'IME File' values
Improve security. CORE-11700
This commit is contained in:
parent
787bbf0693
commit
b4575eccd7
1 changed files with 5 additions and 1 deletions
|
@ -801,7 +801,11 @@ IntLoadKeyboardLayout(
|
|||
{
|
||||
WCHAR szPath[MAX_PATH];
|
||||
GetSystemLibraryPath(szPath, _countof(szPath), szImeFileName);
|
||||
if (GetFileAttributesW(szPath) == INVALID_FILE_ATTRIBUTES) /* Does not exist? */
|
||||
|
||||
/* We don't allow the invalid "IME File" values for security reason */
|
||||
if (dwType != REG_SZ || szImeFileName[0] == 0 ||
|
||||
wcsspn(szImeFileName, L":\\/") != wcslen(szImeFileName) ||
|
||||
GetFileAttributesW(szPath) == INVALID_FILE_ATTRIBUTES) /* Does not exist? */
|
||||
{
|
||||
bIsIME = FALSE;
|
||||
wHigh = 0;
|
||||
|
|
Loading…
Reference in a new issue