Fix bugs of arbitrary code execution.

author s_kawamoto <s_kawamoto@users.sourceforge.jp>

Mon, 17 Oct 2011 11:52:51 +0000 (20:52 +0900)

committer s_kawamoto <s_kawamoto@users.sourceforge.jp>

Mon, 17 Oct 2011 11:52:51 +0000 (20:52 +0900)
author s_kawamoto <s_kawamoto@users.sourceforge.jp>
Mon, 17 Oct 2011 11:52:51 +0000 (20:52 +0900)
committer s_kawamoto <s_kawamoto@users.sourceforge.jp>
Mon, 17 Oct 2011 11:52:51 +0000 (20:52 +0900)
diff --git a/FFFTP_Eng_Release/FFFTP.exe b/FFFTP_Eng_Release/FFFTP.exe

index 39305ae..c273a94 100644 (file)

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
diff --git a/Release/FFFTP.exe b/Release/FFFTP.exe

index 85996d1..d195522 100644 (file)

Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
diff --git a/main.c b/main.c

index 7e31ba5..161c73e 100644 (file)
--- a/main.c
+++ b/main.c
@@ -2419,6 +2419,8 @@ void ExecViewer(char *Fname, int App)
         char AssocProg[FMAX_PATH+1];\r
         char ComLine[FMAX_PATH*2+3+1];\r
         char CurDir[FMAX_PATH+1];\r
+       // 任意のコードが実行されるバグ修正\r
+       char SysDir[FMAX_PATH+1];\r
  \r
         /* FindExecutable()は関連付けられたプログラムのパス名にスペースが        */\r
         /* 含まれている時、間違ったパス名を返す事がある。                                        */\r
@@ -2446,10 +2448,26 @@ void ExecViewer(char *Fname, int App)
                 memset(&Startup, NUL, sizeof(STARTUPINFO));\r
                 Startup.cb = sizeof(STARTUPINFO);\r
                 Startup.wShowWindow = SW_SHOW;\r
-               if(CreateProcess(NULL, ComLine, NULL, NULL, FALSE, 0, NULL, NULL, &Startup, &Info) == FALSE)\r
+               // 任意のコードが実行されるバグ修正\r
+//             if(CreateProcess(NULL, ComLine, NULL, NULL, FALSE, 0, NULL, NULL, &Startup, &Info) == FALSE)\r
+//             {\r
+//                     SetTaskMsg(MSGJPN182, GetLastError());\r
+//                     SetTaskMsg(">>%s", ComLine);\r
+//             }\r
+               if(GetCurrentDirectory(FMAX_PATH, CurDir) > 0)\r
                 {\r
-                       SetTaskMsg(MSGJPN182, GetLastError());\r
-                       SetTaskMsg(">>%s", ComLine);\r
+                       if(GetSystemDirectory(SysDir, FMAX_PATH) > 0)\r
+                       {\r
+                               if(SetCurrentDirectory(SysDir))\r
+                               {\r
+                                       if(CreateProcess(NULL, ComLine, NULL, NULL, FALSE, 0, NULL, NULL, &Startup, &Info) == FALSE)\r
+                                       {\r
+                                               SetTaskMsg(MSGJPN182, GetLastError());\r
+                                               SetTaskMsg(">>%s", ComLine);\r
+                                       }\r
+                                       SetCurrentDirectory(CurDir);\r
+                               }\r
+                       }\r
                 }\r
         }\r
         return;\r
@@ -2474,6 +2492,8 @@ void ExecViewer2(char *Fname1, char *Fname2, int App)
         char AssocProg[FMAX_PATH+1];\r
         char ComLine[FMAX_PATH*2+3+1];\r
         char CurDir[FMAX_PATH+1];\r
+       // 任意のコードが実行されるバグ修正\r
+       char SysDir[FMAX_PATH+1];\r
  \r
         /* FindExecutable()は関連付けられたプログラムのパス名にスペースが        */\r
         /* 含まれている時、間違ったパス名を返す事がある。                                        */\r
@@ -2493,10 +2513,26 @@ void ExecViewer2(char *Fname1, char *Fname2, int App)
         memset(&Startup, NUL, sizeof(STARTUPINFO));\r
         Startup.cb = sizeof(STARTUPINFO);\r
         Startup.wShowWindow = SW_SHOW;\r
-       if(CreateProcess(NULL, ComLine, NULL, NULL, FALSE, 0, NULL, NULL, &Startup, &Info) == FALSE)\r
+       // 任意のコードが実行されるバグ修正\r
+//     if(CreateProcess(NULL, ComLine, NULL, NULL, FALSE, 0, NULL, NULL, &Startup, &Info) == FALSE)\r
+//     {\r
+//             SetTaskMsg(MSGJPN182, GetLastError());\r
+//             SetTaskMsg(">>%s", ComLine);\r
+//     }\r
+       if(GetCurrentDirectory(FMAX_PATH, CurDir) > 0)\r
         {\r
-               SetTaskMsg(MSGJPN182, GetLastError());\r
-               SetTaskMsg(">>%s", ComLine);\r
+               if(GetSystemDirectory(SysDir, FMAX_PATH) > 0)\r
+               {\r
+                       if(SetCurrentDirectory(SysDir))\r
+                       {\r
+                               if(CreateProcess(NULL, ComLine, NULL, NULL, FALSE, 0, NULL, NULL, &Startup, &Info) == FALSE)\r
+                               {\r
+                                       SetTaskMsg(MSGJPN182, GetLastError());\r
+                                       SetTaskMsg(">>%s", ComLine);\r
+                               }\r
+                               SetCurrentDirectory(CurDir);\r
+                       }\r
+               }\r
         }\r
  \r
         return;\r
author	s_kawamoto <s_kawamoto@users.sourceforge.jp>
	Mon, 17 Oct 2011 11:52:51 +0000 (20:52 +0900)
committer	s_kawamoto <s_kawamoto@users.sourceforge.jp>
	Mon, 17 Oct 2011 11:52:51 +0000 (20:52 +0900)
FFFTP_Eng_Release/FFFTP.exe		patch \| blob \| history
Release/FFFTP.exe		patch \| blob \| history
main.c		patch \| blob \| history