Validate DOS path before returning

kubkon · kubkon · commit bb8b24fa4d70 · 2020-08-10T12:30:24.000+02:00
And some other minor refactors which address more review comments.
diff --git a/lib/std/os/windows.zig b/lib/std/os/windows.zig
@@ -897,6 +897,7 @@ pub fn SetFilePointerEx_CURRENT_get(handle: HANDLE) SetFilePointerError!u64 {
 }
 
 pub const GetFinalPathNameByHandleError = error{
+    BadPathName,
     FileNotFound,
     NameTooLong,
     Unexpected,
@@ -925,11 +926,11 @@ pub fn GetFinalPathNameByHandle(
 ) GetFinalPathNameByHandleError![]u16 {
     // Get normalized path; doesn't include volume name though.
     var path_buffer: [@sizeOf(FILE_NAME_INFORMATION) + PATH_MAX_WIDE * 2]u8 align(@alignOf(FILE_NAME_INFORMATION)) = undefined;
-    try QueryInformationFile(hFile, FILE_INFORMATION_CLASS.FileNormalizedNameInformation, path_buffer[0..]);
+    try QueryInformationFile(hFile, .FileNormalizedNameInformation, path_buffer[0..]);
 
     // Get NT volume name.
     var volume_buffer: [@sizeOf(FILE_NAME_INFORMATION) + MAX_PATH]u8 align(@alignOf(FILE_NAME_INFORMATION)) = undefined; // MAX_PATH bytes should be enough since it's Windows-defined name
-    try QueryInformationFile(hFile, FILE_INFORMATION_CLASS.FileVolumeNameInformation, volume_buffer[0..]);
+    try QueryInformationFile(hFile, .FileVolumeNameInformation, volume_buffer[0..]);
 
     const file_name = @ptrCast(*const FILE_NAME_INFORMATION, &path_buffer[0]);
     const file_name_u16 = @ptrCast([*]const u16, &file_name.FileName[0])[0 .. file_name.FileNameLength / 2];
@@ -1010,8 +1011,17 @@ pub fn GetFinalPathNameByHandle(
 
                     std.mem.copy(u16, out_buffer[0..], drive_letter);
                     std.mem.copy(u16, out_buffer[drive_letter.len..], file_name_u16);
+                    const total_len = drive_letter.len + file_name_u16.len;
 
-                    return out_buffer[0 .. drive_letter.len + file_name_u16.len];
+                    // Validate that DOS does not contain any spurious nul bytes.
+                    var iter = std.unicode.Utf16LeIterator.init(out_buffer[0..total_len]);
+                    var next = iter.nextCodepoint() catch return error.BadPathName;
+                    while (next) |cp| {
+                        if (cp == 0) return error.BadPathName;
+                        next = iter.nextCodepoint() catch return error.BadPathName;
+                    }
+
+                    return out_buffer[0 .. total_len];
                 }
             }
 
@@ -1030,9 +1040,7 @@ pub fn QueryInformationFile(
     out_buffer: []u8,
 ) QueryInformationFileError!void {
     var io: IO_STATUS_BLOCK = undefined;
-    const len_bytes = std.math.cast(u32, out_buffer.len) catch |err| switch (err) {
-        error.Overflow => std.math.maxInt(u32), // If the provided buffer is larger than what we can handle, set size to max what we can handle
-    };
+    const len_bytes = std.math.cast(u32, out_buffer.len) catch unreachable;
     const rc = ntdll.NtQueryInformationFile(handle, &io, out_buffer.ptr, len_bytes, info_class);
     switch (rc) {
         .SUCCESS => {},
