Milestone 5: deliver embedded RDP sessions and lifecycle hardening

third_party/FreeRDP/winpr/libwinpr/path/include/PathAllocCombine.h

@@ -0,0 +1,174 @@
+
+/*
+#define DEFINE_UNICODE		FALSE
+#define CUR_PATH_SEPARATOR_CHR	'\\'
+#define CUR_PATH_SEPARATOR_STR	"\\"
+#define PATH_ALLOC_COMBINE	PathAllocCombineA
+*/
+
+/**
+ * FIXME: These implementations of the PathAllocCombine functions have
+ * several issues:
+ * - pszPathIn or pszMore may be nullptr (but not both)
+ * - no check if pszMore is fully qualified (if so, it must be directly
+ *   copied to the output buffer without being combined with pszPathIn.
+ * - if pszMore begins with a _single_ backslash it must be combined with
+ *   only the root of the path pointed to by pszPathIn and there's no code
+ *   to extract the root of pszPathIn.
+ * - the function will crash with some short string lengths of the parameters
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <winpr/wtypes.h>
+#include <winpr/string.h>
+#include <winpr/error.h>
+#include <winpr/wlog.h>
+
+#if DEFINE_UNICODE
+
+HRESULT PATH_ALLOC_COMBINE(PCWSTR pszPathIn, PCWSTR pszMore,
+                           WINPR_ATTR_UNUSED unsigned long dwFlags, PWSTR* ppszPathOut)
+{
+	WLog_WARN("TODO", "has known bugs and needs fixing.");
+
+	if (!ppszPathOut)
+		return E_INVALIDARG;
+
+	if (!pszPathIn && !pszMore)
+		return E_INVALIDARG;
+
+	if (!pszMore)
+		return E_FAIL; /* valid but not implemented, see top comment */
+
+	if (!pszPathIn)
+		return E_FAIL; /* valid but not implemented, see top comment */
+
+	const size_t pszPathInLength = _wcslen(pszPathIn);
+	const size_t pszMoreLength = _wcslen(pszMore);
+
+	/* prevent segfaults - the complete implementation below is buggy */
+	if (pszPathInLength < 3)
+		return E_FAIL;
+
+	const BOOL backslashIn =
+	    (pszPathIn[pszPathInLength - 1] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+	const BOOL backslashMore = (pszMore[0] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+
+	if (backslashMore)
+	{
+		if ((pszPathIn[1] == ':') && (pszPathIn[2] == CUR_PATH_SEPARATOR_CHR))
+		{
+			const WCHAR colon[] = { ':', '\0' };
+			const size_t pszPathOutLength = sizeof(WCHAR) + pszMoreLength;
+			const size_t sizeOfBuffer = (pszPathOutLength + 1) * sizeof(WCHAR);
+			PWSTR pszPathOut = (PWSTR)calloc(sizeOfBuffer, sizeof(WCHAR));
+
+			if (!pszPathOut)
+				return E_OUTOFMEMORY;
+
+			_wcsncat(pszPathOut, &pszPathIn[0], 1);
+			_wcsncat(pszPathOut, colon, ARRAYSIZE(colon));
+			_wcsncat(pszPathOut, pszMore, pszMoreLength);
+			*ppszPathOut = pszPathOut;
+			return S_OK;
+		}
+	}
+	else
+	{
+		const size_t pszPathOutLength = pszPathInLength + pszMoreLength;
+		const size_t sizeOfBuffer = (pszPathOutLength + 1) * sizeof(WCHAR);
+		PWSTR pszPathOut = (PWSTR)calloc(sizeOfBuffer, 2);
+
+		if (!pszPathOut)
+			return E_OUTOFMEMORY;
+
+		_wcsncat(pszPathOut, pszPathIn, pszPathInLength);
+		if (!backslashIn)
+			_wcsncat(pszPathOut, CUR_PATH_SEPARATOR_STR, ARRAYSIZE(CUR_PATH_SEPARATOR_STR));
+		_wcsncat(pszPathOut, pszMore, pszMoreLength);
+
+		*ppszPathOut = pszPathOut;
+		return S_OK;
+	}
+
+	return E_FAIL;
+}
+
+#else
+
+HRESULT PATH_ALLOC_COMBINE(PCSTR pszPathIn, PCSTR pszMore, WINPR_ATTR_UNUSED unsigned long dwFlags,
+                           PSTR* ppszPathOut)
+{
+	WLog_WARN("TODO", "has known bugs and needs fixing.");
+
+	if (!ppszPathOut)
+		return E_INVALIDARG;
+
+	if (!pszPathIn && !pszMore)
+		return E_INVALIDARG;
+
+	if (!pszMore)
+		return E_FAIL; /* valid but not implemented, see top comment */
+
+	if (!pszPathIn)
+		return E_FAIL; /* valid but not implemented, see top comment */
+
+	const size_t pszPathInLength = strlen(pszPathIn);
+	const size_t pszMoreLength = strlen(pszMore);
+
+	/* prevent segfaults - the complete implementation below is buggy */
+	if (pszPathInLength < 3)
+		return E_FAIL;
+
+	const BOOL backslashIn =
+	    (pszPathIn[pszPathInLength - 1] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+	const BOOL backslashMore = (pszMore[0] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+
+	if (backslashMore)
+	{
+		if ((pszPathIn[1] == ':') && (pszPathIn[2] == CUR_PATH_SEPARATOR_CHR))
+		{
+			const size_t pszPathOutLength = 2 + pszMoreLength;
+			const size_t sizeOfBuffer = (pszPathOutLength + 1) * sizeof(WCHAR);
+			PSTR pszPathOut = calloc(sizeOfBuffer, 2);
+
+			if (!pszPathOut)
+				return E_OUTOFMEMORY;
+
+			(void)sprintf_s(pszPathOut, sizeOfBuffer, "%c:%s", pszPathIn[0], pszMore);
+			*ppszPathOut = pszPathOut;
+			return S_OK;
+		}
+	}
+	else
+	{
+		const size_t pszPathOutLength = pszPathInLength + pszMoreLength;
+		const size_t sizeOfBuffer = (pszPathOutLength + 1) * sizeof(WCHAR);
+		PSTR pszPathOut = calloc(sizeOfBuffer, 2);
+
+		if (!pszPathOut)
+			return E_OUTOFMEMORY;
+
+		if (backslashIn)
+			(void)sprintf_s(pszPathOut, sizeOfBuffer, "%s%s", pszPathIn, pszMore);
+		else
+			(void)sprintf_s(pszPathOut, sizeOfBuffer, "%s%s%s", pszPathIn, CUR_PATH_SEPARATOR_STR,
+			                pszMore);
+
+		*ppszPathOut = pszPathOut;
+		return S_OK;
+	}
+
+	return E_FAIL;
+}
+
+#endif
+
+/*
+#undef DEFINE_UNICODE
+#undef CUR_PATH_SEPARATOR_CHR
+#undef CUR_PATH_SEPARATOR_STR
+#undef PATH_ALLOC_COMBINE
+*/

third_party/FreeRDP/winpr/libwinpr/path/include/PathCchAddExtension.h

@@ -0,0 +1,101 @@
+
+/*
+#define DEFINE_UNICODE		FALSE
+#define CUR_PATH_SEPARATOR_CHR	'\\'
+#define PATH_CCH_ADD_EXTENSION	PathCchAddExtensionA
+*/
+
+#if DEFINE_UNICODE
+
+HRESULT PATH_CCH_ADD_EXTENSION(PWSTR pszPath, size_t cchPath, PCWSTR pszExt)
+{
+	LPWSTR pDot;
+	BOOL bExtDot;
+	LPWSTR pBackslash;
+	size_t pszExtLength;
+	size_t pszPathLength;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	if (!pszExt)
+		return E_INVALIDARG;
+
+	pszExtLength = _wcslen(pszExt);
+	pszPathLength = _wcslen(pszPath);
+	bExtDot = (pszExt[0] == '.') ? TRUE : FALSE;
+
+	pDot = _wcsrchr(pszPath, '.');
+	pBackslash = _wcsrchr(pszPath, CUR_PATH_SEPARATOR_CHR);
+
+	if (pDot && pBackslash)
+	{
+		if (pDot > pBackslash)
+			return S_FALSE;
+	}
+
+	if (cchPath > pszPathLength + pszExtLength + ((bExtDot) ? 0 : 1))
+	{
+		const WCHAR dot[] = { '.', '\0' };
+		WCHAR* ptr = &pszPath[pszPathLength];
+		*ptr = '\0';
+
+		if (!bExtDot)
+			_wcsncat(ptr, dot, _wcslen(dot));
+		_wcsncat(ptr, pszExt, pszExtLength);
+
+		return S_OK;
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER);
+}
+
+#else
+
+HRESULT PATH_CCH_ADD_EXTENSION(PSTR pszPath, size_t cchPath, PCSTR pszExt)
+{
+	CHAR* pDot;
+	BOOL bExtDot;
+	CHAR* pBackslash;
+	size_t pszExtLength;
+	size_t pszPathLength;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	if (!pszExt)
+		return E_INVALIDARG;
+
+	pszExtLength = strlen(pszExt);
+	pszPathLength = strlen(pszPath);
+	bExtDot = (pszExt[0] == '.') ? TRUE : FALSE;
+
+	pDot = strrchr(pszPath, '.');
+	pBackslash = strrchr(pszPath, CUR_PATH_SEPARATOR_CHR);
+
+	if (pDot && pBackslash)
+	{
+		if (pDot > pBackslash)
+			return S_FALSE;
+	}
+
+	if (cchPath > pszPathLength + pszExtLength + ((bExtDot) ? 0 : 1))
+	{
+		if (bExtDot)
+			sprintf_s(&pszPath[pszPathLength], cchPath - pszPathLength, "%s", pszExt);
+		else
+			sprintf_s(&pszPath[pszPathLength], cchPath - pszPathLength, ".%s", pszExt);
+
+		return S_OK;
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER);
+}
+
+#endif
+
+/*
+#undef DEFINE_UNICODE
+#undef CUR_PATH_SEPARATOR_CHR
+#undef PATH_CCH_ADD_EXTENSION
+*/

third_party/FreeRDP/winpr/libwinpr/path/include/PathCchAddSeparator.h

@@ -0,0 +1,64 @@
+
+/*
+#define DEFINE_UNICODE		FALSE
+#define CUR_PATH_SEPARATOR_CHR	'\\'
+#define PATH_CCH_ADD_SEPARATOR	PathCchAddBackslashA
+*/
+
+#if DEFINE_UNICODE
+
+HRESULT PATH_CCH_ADD_SEPARATOR(PWSTR pszPath, size_t cchPath)
+{
+	size_t pszPathLength;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	pszPathLength = _wcslen(pszPath);
+
+	if (pszPath[pszPathLength - 1] == CUR_PATH_SEPARATOR_CHR)
+		return S_FALSE;
+
+	if (cchPath > (pszPathLength + 1))
+	{
+		pszPath[pszPathLength] = CUR_PATH_SEPARATOR_CHR;
+		pszPath[pszPathLength + 1] = '\0';
+
+		return S_OK;
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER);
+}
+
+#else
+
+HRESULT PATH_CCH_ADD_SEPARATOR(PSTR pszPath, size_t cchPath)
+{
+	size_t pszPathLength;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	pszPathLength = strlen(pszPath);
+
+	if (pszPath[pszPathLength - 1] == CUR_PATH_SEPARATOR_CHR)
+		return S_FALSE;
+
+	if (cchPath > (pszPathLength + 1))
+	{
+		pszPath[pszPathLength] = CUR_PATH_SEPARATOR_CHR;
+		pszPath[pszPathLength + 1] = '\0';
+
+		return S_OK;
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER);
+}
+
+#endif
+
+/*
+#undef DEFINE_UNICODE
+#undef CUR_PATH_SEPARATOR_CHR
+#undef PATH_CCH_ADD_SEPARATOR
+*/

third_party/FreeRDP/winpr/libwinpr/path/include/PathCchAddSeparatorEx.h

@@ -0,0 +1,69 @@
+
+#include <winpr/wtypes.h>
+
+/*
+#define DEFINE_UNICODE			FALSE
+#define CUR_PATH_SEPARATOR_CHR		'\\'
+#define PATH_CCH_ADD_SEPARATOR_EX	PathCchAddBackslashExA
+*/
+
+#if DEFINE_UNICODE
+
+HRESULT PATH_CCH_ADD_SEPARATOR_EX(PWSTR pszPath, size_t cchPath, WINPR_ATTR_UNUSED PWSTR* ppszEnd,
+                                  WINPR_ATTR_UNUSED size_t* pcchRemaining)
+{
+	size_t pszPathLength;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	pszPathLength = _wcslen(pszPath);
+
+	if (pszPath[pszPathLength - 1] == CUR_PATH_SEPARATOR_CHR)
+		return S_FALSE;
+
+	if (cchPath > (pszPathLength + 1))
+	{
+		pszPath[pszPathLength] = CUR_PATH_SEPARATOR_CHR;
+		pszPath[pszPathLength + 1] = '\0';
+
+		return S_OK;
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER);
+}
+
+#else
+
+HRESULT PATH_CCH_ADD_SEPARATOR_EX(WINPR_ATTR_UNUSED PSTR pszPath, WINPR_ATTR_UNUSED size_t cchPath,
+                                  WINPR_ATTR_UNUSED PSTR* ppszEnd,
+                                  WINPR_ATTR_UNUSED size_t* pcchRemaining)
+{
+	size_t pszPathLength;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	pszPathLength = strlen(pszPath);
+
+	if (pszPath[pszPathLength - 1] == CUR_PATH_SEPARATOR_CHR)
+		return S_FALSE;
+
+	if (cchPath > (pszPathLength + 1))
+	{
+		pszPath[pszPathLength] = CUR_PATH_SEPARATOR_CHR;
+		pszPath[pszPathLength + 1] = '\0';
+
+		return S_OK;
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER);
+}
+
+#endif
+
+/*
+#undef DEFINE_UNICODE
+#undef CUR_PATH_SEPARATOR_CHR
+#undef PATH_CCH_ADD_SEPARATOR_EX
+*/

third_party/FreeRDP/winpr/libwinpr/path/include/PathCchAppend.h

@@ -0,0 +1,136 @@
+
+/*
+#define DEFINE_UNICODE		FALSE
+#define CUR_PATH_SEPARATOR_CHR	'\\'
+#define CUR_PATH_SEPARATOR_STR	"\\"
+#define PATH_CCH_APPEND		PathCchAppendA
+*/
+
+#include <string.h>
+
+#include <winpr/wtypes.h>
+#include <winpr/error.h>
+#include <winpr/path.h>
+
+#if defined(DEFINE_UNICODE) && (DEFINE_UNICODE != 0)
+
+HRESULT PATH_CCH_APPEND(PWSTR pszPath, size_t cchPath, PCWSTR pszMore)
+{
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	if (!pszMore)
+		return E_INVALIDARG;
+
+	if ((cchPath == 0) || (cchPath > PATHCCH_MAX_CCH))
+		return E_INVALIDARG;
+
+	const size_t pszMoreLength = _wcsnlen(pszMore, cchPath);
+	const size_t pszPathLength = _wcsnlen(pszPath, cchPath);
+
+	BOOL pathBackslash = FALSE;
+	if (pszPathLength > 0)
+		pathBackslash = (pszPath[pszPathLength - 1] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+
+	const BOOL moreBackslash = (pszMore[0] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+
+	if (pathBackslash && moreBackslash)
+	{
+		if (pszMoreLength < 1)
+			return E_INVALIDARG;
+
+		if ((pszPathLength + pszMoreLength - 1) < cchPath)
+		{
+			WCHAR* ptr = &pszPath[pszPathLength];
+			*ptr = '\0';
+			_wcsncat(ptr, &pszMore[1], pszMoreLength - 1);
+			return S_OK;
+		}
+	}
+	else if ((pathBackslash && !moreBackslash) || (!pathBackslash && moreBackslash))
+	{
+		if ((pszPathLength + pszMoreLength) < cchPath)
+		{
+			WCHAR* ptr = &pszPath[pszPathLength];
+			*ptr = '\0';
+			_wcsncat(ptr, pszMore, pszMoreLength);
+			return S_OK;
+		}
+	}
+	else if (!pathBackslash && !moreBackslash)
+	{
+		if ((pszPathLength + pszMoreLength + 1) < cchPath)
+		{
+			WCHAR* ptr = &pszPath[pszPathLength];
+			*ptr = '\0';
+			_wcsncat(ptr, CUR_PATH_SEPARATOR_STR,
+			         _wcsnlen(CUR_PATH_SEPARATOR_STR, ARRAYSIZE(CUR_PATH_SEPARATOR_STR)));
+			_wcsncat(ptr, pszMore, pszMoreLength);
+			return S_OK;
+		}
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_FILENAME_EXCED_RANGE);
+}
+
+#else
+
+HRESULT PATH_CCH_APPEND(PSTR pszPath, size_t cchPath, PCSTR pszMore)
+{
+	BOOL pathBackslash = FALSE;
+	BOOL moreBackslash = FALSE;
+
+	if (!pszPath)
+		return E_INVALIDARG;
+
+	if (!pszMore)
+		return E_INVALIDARG;
+
+	if ((cchPath == 0) || (cchPath > PATHCCH_MAX_CCH))
+		return E_INVALIDARG;
+
+	const size_t pszPathLength = strnlen(pszPath, cchPath);
+	if (pszPathLength > 0)
+		pathBackslash = (pszPath[pszPathLength - 1] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+
+	const size_t pszMoreLength = strnlen(pszMore, cchPath);
+	if (pszMoreLength > 0)
+		moreBackslash = (pszMore[0] == CUR_PATH_SEPARATOR_CHR) ? TRUE : FALSE;
+
+	if (pathBackslash && moreBackslash)
+	{
+		if ((pszPathLength + pszMoreLength - 1) < cchPath)
+		{
+			sprintf_s(&pszPath[pszPathLength], cchPath - pszPathLength, "%s", &pszMore[1]);
+			return S_OK;
+		}
+	}
+	else if ((pathBackslash && !moreBackslash) || (!pathBackslash && moreBackslash))
+	{
+		if ((pszPathLength + pszMoreLength) < cchPath)
+		{
+			sprintf_s(&pszPath[pszPathLength], cchPath - pszPathLength, "%s", pszMore);
+			return S_OK;
+		}
+	}
+	else if (!pathBackslash && !moreBackslash)
+	{
+		if ((pszPathLength + pszMoreLength + 1) < cchPath)
+		{
+			sprintf_s(&pszPath[pszPathLength], cchPath - pszPathLength, "%s%s",
+			          CUR_PATH_SEPARATOR_STR, pszMore);
+			return S_OK;
+		}
+	}
+
+	return HRESULT_FROM_WIN32(ERROR_FILENAME_EXCED_RANGE);
+}
+
+#endif
+
+/*
+#undef DEFINE_UNICODE
+#undef CUR_PATH_SEPARATOR_CHR
+#undef CUR_PATH_SEPARATOR_STR
+#undef PATH_CCH_APPEND
+*/