toolkit/xre/nsWindowsWMain.cpp

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 #ifndef nsWindowsWMain_cpp
   6 #define nsWindowsWMain_cpp
   7
   8 // This file is a .cpp file meant to be included in nsBrowserApp.cpp and other
   9 // similar bootstrap code. It converts wide-character windows wmain into UTF-8
  10 // narrow-character strings.
  11
  12 #ifndef XP_WIN
  13 #  error This file only makes sense on Windows.
  14 #endif
  15
  16 #include "mozilla/Char16.h"
  17 #include "nsUTF8Utils.h"
  18
  19 #include <windows.h>
  20
  21 #ifdef __MINGW32__
  22
  23 /* MingW currently does not implement a wide version of the
  24    startup routines.  Workaround is to implement something like
  25    it ourselves.  See bug 411826 */
  26
  27 #  include <shellapi.h>
  28
  29 int wmain(int argc, WCHAR** argv);
  30
  31 int main(int argc, char** argv) {
  32   LPWSTR commandLine = GetCommandLineW();
  33   int argcw = 0;
  34   LPWSTR* argvw = CommandLineToArgvW(commandLine, &argcw);
  35   if (!argvw) return 127;
  36
  37   int result = wmain(argcw, argvw);
  38   LocalFree(argvw);
  39   return result;
  40 }
  41 #endif /* __MINGW32__ */
  42
  43 #define main NS_internal_main
  44
  45 #ifndef XRE_WANT_ENVIRON
  46 int main(int argc, char** argv);
  47 #else
  48 int main(int argc, char** argv, char** envp);
  49 #endif
  50
  51 // SanitizeEnvironmentVariables()
  52 //
  53 // Mitigate CVE-2007-6753 (binary planting via unexpanded environment variable
  54 // references) by forcibly expanding all environment variable references in
  55 // %PATH%.
  56 //
  57 // CVE-2007-6753 is documented to have affected all active mainline Windows
  58 // versions at the time of its announcement (i.e., up to Windows 7). Microsoft
  59 // has never formally stated that later versions of Windows are free of this
  60 // issue; out of an abundance of caution, we continue to mitigate it on Windows
  61 // 8 and beyond.
  62 static void SanitizeEnvironmentVariables() {
  63   DWORD bufferSize = GetEnvironmentVariableW(L"PATH", nullptr, 0);
  64   if (bufferSize) {
  65     wchar_t* originalPath = new wchar_t[bufferSize];
  66     if (bufferSize - 1 ==
  67         GetEnvironmentVariableW(L"PATH", originalPath, bufferSize)) {
  68       bufferSize = ExpandEnvironmentStringsW(originalPath, nullptr, 0);
  69       // The maximum length of a Windows environment variable and the maximum
  70       // length of a string returned by ExpandEnvironmentStringsW are both
  71       // documented to be 32,767 characters. Under some versions of Windows,
  72       // however, both may be longer, with delayed but deleterious consequences.
  73       //
  74       // We therefore cap the size manually, in case the user has a sufficiently
  75       // problematic %PATH%. (See bug 1753910.) This is unlikely to occur unless
  76       // there is some form of recursive referencing involved, in which case
  77       // expansion is no mitigation anyway.
  78       if (bufferSize && bufferSize < 32768) {
  79         wchar_t* newPath = new wchar_t[bufferSize];
  80         if (ExpandEnvironmentStringsW(originalPath, newPath, bufferSize)) {
  81           SetEnvironmentVariableW(L"PATH", newPath);
  82         }
  83         delete[] newPath;
  84       }
  85     }
  86     delete[] originalPath;
  87   }
  88 }
  89
  90 static char* AllocConvertUTF16toUTF8(char16ptr_t arg) {
  91   // be generous... UTF16 units can expand up to 3 UTF8 units
  92   size_t len = wcslen(arg);
  93   // ConvertUTF16toUTF8 requires +1. Let's do that here, too, lacking
  94   // knowledge of Windows internals.
  95   size_t dstLen = len * 3 + 1;
  96   char* s = new char[dstLen + 1];  // Another +1 for zero terminator
  97   if (!s) return nullptr;
  98
  99   int written =
 100       ::WideCharToMultiByte(CP_UTF8, 0, arg, len, s, dstLen, nullptr, nullptr);
 101   s[written] = 0;
 102   return s;
 103 }
 104
 105 static void FreeAllocStrings(int argc, char** argv) {
 106   while (argc) {
 107     --argc;
 108     delete[] argv[argc];
 109   }
 110
 111   delete[] argv;
 112 }
 113
 114 int wmain(int argc, WCHAR** argv) {
 115   SanitizeEnvironmentVariables();
 116   SetDllDirectoryW(L"");
 117
 118   // Only run this code if LauncherProcessWin.h was included beforehand, thus
 119   // signalling that the hosting process should support launcher mode.
 120 #if defined(mozilla_LauncherProcessWin_h)
 121   mozilla::Maybe<int> launcherResult =
 122       mozilla::LauncherMain(argc, argv, sAppData);
 123   if (launcherResult) {
 124     return launcherResult.value();
 125   }
 126 #endif  // defined(mozilla_LauncherProcessWin_h)
 127
 128   char** argvConverted = new char*[argc + 1];
 129   if (!argvConverted) return 127;
 130
 131   for (int i = 0; i < argc; ++i) {
 132     argvConverted[i] = AllocConvertUTF16toUTF8(argv[i]);
 133     if (!argvConverted[i]) {
 134       return 127;
 135     }
 136   }
 137   argvConverted[argc] = nullptr;
 138
 139   // need to save argvConverted copy for later deletion.
 140   char** deleteUs = new char*[argc + 1];
 141   if (!deleteUs) {
 142     FreeAllocStrings(argc, argvConverted);
 143     return 127;
 144   }
 145   for (int i = 0; i < argc; i++) deleteUs[i] = argvConverted[i];
 146 #ifndef XRE_WANT_ENVIRON
 147   int result = main(argc, argvConverted);
 148 #else
 149   // Force creation of the multibyte _environ variable.
 150   getenv("PATH");
 151   int result = main(argc, argvConverted, _environ);
 152 #endif
 153
 154   delete[] argvConverted;
 155   FreeAllocStrings(argc, deleteUs);
 156
 157   return result;
 158 }
 159
 160 #endif  // nsWindowsWMain_cpp