From fc4726c22500ae507999ab9f3b0d66bc6d97397d Mon Sep 17 00:00:00 2001
From: Damjan Jovanovic <damjan.jov@gmail.com>
Date: Wed, 23 Feb 2022 05:16:13 +0200
Subject: [PATCH] krnl386.exe: Fix VxD filename format checks in
 __wine_vxd_open().

__wine_vxd_open() has several bugs. If filenameW doesn't end in
".vxd", it is wrongly
allowed to be over 8 characters long. If it does end in ".vxd", then a
maximum length
filename, eg. "12345678.vxd", always gets misdetected as being too long, as:
"lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4"
becomes 12 >= 12.

Rather do the checks for maximum filename length when we detect the
filename format.

Signed-off-by: Damjan Jovanovic <damjan.jov@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/krnl386.exe16/vxd.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/dlls/krnl386.exe16/vxd.c b/dlls/krnl386.exe16/vxd.c
index c9ce9729ec5..8a1769f23c4 100644
--- a/dlls/krnl386.exe16/vxd.c
+++ b/dlls/krnl386.exe16/vxd.c
@@ -136,29 +136,34 @@ done:
 /* load a VxD and return a file handle to it */
 HANDLE __wine_vxd_open( LPCWSTR filenameW, DWORD access, SECURITY_ATTRIBUTES *sa )
 {
-    static const WCHAR dotVxDW[] = {'.','v','x','d',0};
     int i;
     HANDLE handle;
     HMODULE module;
-    WCHAR *p, name[16];
+    WCHAR *p, name[13];
 
     /* normalize the filename */
 
-    if (lstrlenW( filenameW ) >= ARRAY_SIZE(name) - 4 ||
-        wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' ))
+    if (wcschr( filenameW, '/' ) || wcschr( filenameW, '\\' ))
+    {
+        SetLastError( ERROR_FILE_NOT_FOUND );
+        return 0;
+    }
+    p = wcschr( filenameW, '.' );
+    if (!p && lstrlenW( filenameW ) <= 8)
+    {
+        wcscpy( name, filenameW );
+        wcscat( name, L".vxd" );
+    }
+    else if (p && !wcsicmp( p, L".vxd" ) && lstrlenW( filenameW ) <= 12)  /* existing extension has to be .vxd */
+    {
+        wcscpy( name, filenameW );
+    }
+    else
     {
         SetLastError( ERROR_FILE_NOT_FOUND );
         return 0;
     }
-    lstrcpyW( name, filenameW );
     wcslwr( name );
-    p = wcschr( name, '.' );
-    if (!p) lstrcatW( name, dotVxDW );
-    else if (wcsicmp( p, dotVxDW ))  /* existing extension has to be .vxd */
-    {
-        SetLastError( ERROR_FILE_NOT_FOUND );
-        return 0;
-    }
 
     /* try to load the module first */