diff --git a/channels/client/addin.c b/channels/client/addin.c index 592f4110f..183891cd6 100644 --- a/channels/client/addin.c +++ b/channels/client/addin.c @@ -214,7 +214,7 @@ static FREERDP_ADDIN** freerdp_channels_list_dynamic_addins(LPCSTR pszName, LPCS cchPattern = strnlen(pszPattern, cchPattern); cchSearchPath = cchInstallPrefix + cchAddinPath + cchPattern + 3; - pszSearchPath = (LPSTR)malloc(cchSearchPath + 1); + pszSearchPath = (LPSTR)calloc(cchSearchPath + 1, sizeof(char)); if (!pszSearchPath) { @@ -225,10 +225,16 @@ static FREERDP_ADDIN** freerdp_channels_list_dynamic_addins(LPCSTR pszName, LPCS CopyMemory(pszSearchPath, pszInstallPrefix, cchInstallPrefix); pszSearchPath[cchInstallPrefix] = '\0'; - NativePathCchAppendA(pszSearchPath, cchSearchPath + 1, pszAddinPath); - NativePathCchAppendA(pszSearchPath, cchSearchPath + 1, pszPattern); + const HRESULT hr1 = NativePathCchAppendA(pszSearchPath, cchSearchPath + 1, pszAddinPath); + const HRESULT hr2 = NativePathCchAppendA(pszSearchPath, cchSearchPath + 1, pszPattern); free(pszPattern); + if (FAILED(hr1) || FAILED(hr2)) + { + free(pszSearchPath); + return NULL; + } + hFind = FindFirstFileUTF8(pszSearchPath, &FindData); free(pszSearchPath); diff --git a/libfreerdp/common/addin.c b/libfreerdp/common/addin.c index e6171c16f..af608bb07 100644 --- a/libfreerdp/common/addin.c +++ b/libfreerdp/common/addin.c @@ -201,7 +201,9 @@ PVIRTUALCHANNELENTRY freerdp_load_dynamic_addin(LPCSTR pszFileName, LPCSTR pszPa goto fail; sprintf_s(pszRelativeFilePath, relPathLen, "%s", pszPath); - NativePathCchAppendA(pszRelativeFilePath, relPathLen, pszAddinFile); + const HRESULT hr = NativePathCchAppendA(pszRelativeFilePath, relPathLen, pszAddinFile); + if (FAILED(hr)) + goto fail; } else pszRelativeFilePath = _strdup(pszAddinFile); @@ -221,7 +223,10 @@ PVIRTUALCHANNELENTRY freerdp_load_dynamic_addin(LPCSTR pszFileName, LPCSTR pszPa CopyMemory(pszFilePath, pszAddinInstallPath, cchAddinInstallPath); pszFilePath[cchAddinInstallPath] = '\0'; - NativePathCchAppendA((LPSTR)pszFilePath, cchFilePath + 1, pszRelativeFilePath); + const HRESULT hr = + NativePathCchAppendA((LPSTR)pszFilePath, cchFilePath + 1, pszRelativeFilePath); + if (FAILED(hr)) + goto fail; } else pszFilePath = _strdup(pszRelativeFilePath); diff --git a/winpr/libwinpr/path/path.c b/winpr/libwinpr/path/path.c index 3fdabc6f9..55f408e06 100644 --- a/winpr/libwinpr/path/path.c +++ b/winpr/libwinpr/path/path.c @@ -1092,8 +1092,8 @@ static WCHAR* concat(const WCHAR* path, size_t pathlen, const WCHAR* name, size_ if (!str) return NULL; - memcpy(str, path, pathlen * sizeof(WCHAR)); - memcpy(&str[pathlen], name, namelen * sizeof(WCHAR)); + _wcsncat(str, path, pathlen); + _wcsncat(str, name, namelen); return str; } @@ -1119,10 +1119,12 @@ BOOL winpr_RemoveDirectory_RecursiveW(LPCWSTR lpPathName) WCHAR* path_slash = calloc(pathnamelen + 4, sizeof(WCHAR)); if (!path_slash) return FALSE; - memcpy(path_slash, lpPathName, pathnamelen * sizeof(WCHAR)); + _wcsncat(path_slash, lpPathName, pathnamelen); const WCHAR star[] = { '*', '\0' }; - PathCchAppendW(path_slash, path_slash_len, star); + const HRESULT hr = NativePathCchAppendW(path_slash, path_slash_len, star); + if (FAILED(hr)) + goto fail; WIN32_FIND_DATAW findFileData = { 0 }; HANDLE dir = FindFirstFileW(path_slash, &findFileData); @@ -1136,8 +1138,8 @@ BOOL winpr_RemoveDirectory_RecursiveW(LPCWSTR lpPathName) { const size_t len = _wcsnlen(findFileData.cFileName, ARRAYSIZE(findFileData.cFileName)); - if ((len == 1 && findFileData.cFileName[0] == L'.') || - (len == 2 && findFileData.cFileName[0] == L'.' && findFileData.cFileName[1] == L'.')) + if ((len == 1 && findFileData.cFileName[0] == '.') || + (len == 2 && findFileData.cFileName[0] == '.' && findFileData.cFileName[1] == '.')) { continue; }