@@ -6,6 +6,11 @@
add_executable(openvpnserv)
+include(CheckSymbolExists)
+
+# Some old versions of mingw does not have PATHCCH_OPTIONS enums -- add a check
+check_symbol_exists(PATHCCH_ENSURE_TRAILING_SLASH pathcch.h HAVE_PATHCCH_ENSURE_TRAILING_SLASH)
+
set(MC_GEN_DIR ${CMAKE_CURRENT_BINARY_DIR}/mc)
target_include_directories(openvpnserv PRIVATE
@@ -31,7 +36,7 @@
)
target_link_libraries(openvpnserv
advapi32.lib userenv.lib iphlpapi.lib fwpuclnt.lib rpcrt4.lib
- shlwapi.lib netapi32.lib ws2_32.lib ntdll.lib ole32.lib)
+ shlwapi.lib netapi32.lib ws2_32.lib ntdll.lib ole32.lib pathcch.lib)
if (MINGW)
target_compile_options(openvpnserv PRIVATE -municode)
target_link_options(openvpnserv PRIVATE -municode)
@@ -25,6 +25,11 @@
#include <lmaccess.h>
#include <shlwapi.h>
#include <lm.h>
+#include <pathcch.h>
+
+#ifndef HAVE_PATHCCH_ENSURE_TRAILING_SLASH
+#define PATHCCH_ENSURE_TRAILING_SLASH 0x20
+#endif
static const WCHAR *white_list[] = {
L"auth-retry",
@@ -61,7 +66,7 @@
{
WCHAR tmp[MAX_PATH];
const WCHAR *config_file = NULL;
- const WCHAR *config_dir = NULL;
+ WCHAR config_dir[MAX_PATH];
/* convert fname to full path */
if (PathIsRelativeW(fname))
@@ -74,9 +79,12 @@
config_file = fname;
}
- config_dir = s->config_dir;
+ /* canonicalize config_dir and add trailing slash before comparison */
+ HRESULT res = PathCchCanonicalizeEx(config_dir, _countof(config_dir), s->config_dir,
+ PATHCCH_ENSURE_TRAILING_SLASH);
- if (wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
+ if (res == S_OK
+ && wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
&& wcsstr(config_file + wcslen(config_dir), L"..") == NULL)
{
return TRUE;