Canonicalize config_dir before comparing with the config file location

author Selva Nair <selva.nair@gmail.com>

Tue, 28 Oct 2025 10:16:36 +0000 (11:16 +0100)

committer Gert Doering <gert@greenie.muc.de>

Tue, 28 Oct 2025 14:02:34 +0000 (15:02 +0100)
author Selva Nair <selva.nair@gmail.com>
Tue, 28 Oct 2025 10:16:36 +0000 (11:16 +0100)
committer Gert Doering <gert@greenie.muc.de>
Tue, 28 Oct 2025 14:02:34 +0000 (15:02 +0100)
diff --git a/src/openvpnserv/CMakeLists.txt b/src/openvpnserv/CMakeLists.txt

index 340b904c8fd934a2d072c758c171cfde2bc00a4c..a92ee08c6048fb0103dce16f24e195afca7ea63e 100644 (file)
--- a/src/openvpnserv/CMakeLists.txt
+++ b/src/openvpnserv/CMakeLists.txt
@@ -6,6 +6,11 @@ project(openvpnserv)
  
  add_executable(openvpnserv)
  
+include(CheckSymbolExists)
+
+# Some old versions of mingw does not have PATHCCH_OPTIONS enums -- add a check
+check_symbol_exists(PATHCCH_ENSURE_TRAILING_SLASH pathcch.h HAVE_PATHCCH_ENSURE_TRAILING_SLASH)
+
  set(MC_GEN_DIR ${CMAKE_CURRENT_BINARY_DIR}/mc)
  
  target_include_directories(openvpnserv PRIVATE
@@ -31,7 +36,7 @@ target_compile_options(openvpnserv PRIVATE
      )
  target_link_libraries(openvpnserv
      advapi32.lib userenv.lib iphlpapi.lib fwpuclnt.lib rpcrt4.lib
-    shlwapi.lib netapi32.lib ws2_32.lib ntdll.lib ole32.lib)
+    shlwapi.lib netapi32.lib ws2_32.lib ntdll.lib ole32.lib pathcch.lib)
  if (MINGW)
      target_compile_options(openvpnserv PRIVATE -municode)
      target_link_options(openvpnserv PRIVATE -municode)
diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c

index 59d5b86ea5d2559422bfe1766513d571cabf46a6..2187fb58b7b89851b167d311469b0a6444f07380 100644 (file)
--- a/src/openvpnserv/validate.c
+++ b/src/openvpnserv/validate.c
@@ -25,6 +25,11 @@
  #include <lmaccess.h>
  #include <shlwapi.h>
  #include <lm.h>
+#include <pathcch.h>
+
+#ifndef HAVE_PATHCCH_ENSURE_TRAILING_SLASH
+#define PATHCCH_ENSURE_TRAILING_SLASH 0x20
+#endif
  
  static const WCHAR *white_list[] = {
      L"auth-retry",
@@ -61,7 +66,7 @@ CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s)
  {
      WCHAR tmp[MAX_PATH];
      const WCHAR *config_file = NULL;
-    const WCHAR *config_dir = NULL;
+    WCHAR config_dir[MAX_PATH];
  
      /* convert fname to full path */
      if (PathIsRelativeW(fname))
@@ -74,9 +79,12 @@ CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s)
          config_file = fname;
      }
  
-    config_dir = s->config_dir;
+    /* canonicalize config_dir and add trailing slash before comparison */
+    HRESULT res = PathCchCanonicalizeEx(config_dir, _countof(config_dir), s->config_dir,
+                                        PATHCCH_ENSURE_TRAILING_SLASH);
  
-    if (wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
+    if (res == S_OK
+        && wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
          && wcsstr(config_file + wcslen(config_dir), L"..") == NULL)
      {
          return TRUE;
author	Selva Nair <selva.nair@gmail.com>
	Tue, 28 Oct 2025 10:16:36 +0000 (11:16 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 28 Oct 2025 14:02:34 +0000 (15:02 +0100)
src/openvpnserv/CMakeLists.txt		patch \| blob \| blame \| history
src/openvpnserv/validate.c		patch \| blob \| blame \| history