Don't follow junctions when recursing directories.

When deleting directories recursively, an elevated custom action following junctions in a user-writable location could recurse into any directory, including some that you might not want to be deleted. Therefore, avoid recursing into directories that are actually junctions (aka "reparse points"). This applies to: - The RemoveFoldersEx custom action (which doesn't actually do deletions but would instruct elevated MSI to delete on your behalf). - DTF's custom action runner.
author: Rob Mensching <rob@firegiant.com> 2024-03-22 11:55:43 -0700
committer: Rob Mensching <rob@firegiant.com> 2024-03-22 13:30:34 -0700
commit: 2e5960b575881567a8807e6b8b9c513138b19742 (patch)
tree: 1061c85aac8fdbbb734f74d58f937939b929c7b2
parent: 2de6f549981222566638abae7c812bb8e2098841 (diff)
download: wix-2e5960b575881567a8807e6b8b9c513138b19742.tar.gz
wix-2e5960b575881567a8807e6b8b9c513138b19742.tar.bz2
wix-2e5960b575881567a8807e6b8b9c513138b19742.zip
2 files changed, 13 insertions, 3 deletions
diff --git a/src/dtf/SfxCA/SfxUtil.cpp b/src/dtf/SfxCA/SfxUtil.cpp
index 1bf2c5b2..2e6b0555 100644
--- a/src/dtf/SfxCA/SfxUtil.cpp
+++ b/src/dtf/SfxCA/SfxUtil.cpp
@@ -93,7 +93,9 @@ bool DeleteDirectory(const wchar_t* szDir)
                StringCchCopy(szPath + cchDir + 1, cchPathBuf - (cchDir + 1), fd.cFileName);
                if ((fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0)
                {
-                        if (wcscmp(fd.cFileName, L".") != 0 && wcscmp(fd.cFileName, L"..") != 0)
+                        if (wcscmp(fd.cFileName, L".") != 0
+                            && wcscmp(fd.cFileName, L"..") != 0
+                            && ((fd.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) == 0))
                        {
                                DeleteDirectory(szPath);
                        }
diff --git a/src/ext/Util/ca/RemoveFoldersEx.cpp b/src/ext/Util/ca/RemoveFoldersEx.cpp
index 10345de7..9523dda7 100644
--- a/src/ext/Util/ca/RemoveFoldersEx.cpp
+++ b/src/ext/Util/ca/RemoveFoldersEx.cpp
@@ -38,6 +38,14 @@ static HRESULT RecursePath(
    }
 #endif
+    // Do NOT follow junctions.
+    DWORD dwAttributes = ::GetFileAttributesW(wzPath);
+    if (dwAttributes & FILE_ATTRIBUTE_REPARSE_POINT)
+    {
+        WcaLog(LOGMSG_STANDARD, "Path is a junction; skipping: %ls", wzPath);
+        ExitFunction();
+    }
    // First recurse down to all the child directories.
    hr = StrAllocFormatted(&sczSearch, L"%s*", wzPath);
    ExitOnFailure(hr, "Failed to allocate file search string in path: %S", wzPath);
@@ -210,10 +218,10 @@ extern "C" UINT WINAPI WixRemoveFoldersEx(
        hr = PathExpand(&sczExpandedPath, sczPath, PATH_EXPAND_ENVIRONMENT);
        ExitOnFailure(hr, "Failed to expand path: %S for row: %S", sczPath, sczId);
-        
        hr = PathBackslashTerminate(&sczExpandedPath);
        ExitOnFailure(hr, "Failed to backslash-terminate path: %S", sczExpandedPath);
-    
        WcaLog(LOGMSG_STANDARD, "Recursing path: %S for row: %S.", sczExpandedPath, sczId);
        hr = RecursePath(sczExpandedPath, sczId, sczComponent, sczProperty, iMode, f64BitComponent, &dwCounter, &hTable, &hColumns);
        ExitOnFailure(hr, "Failed while navigating path: %S for row: %S", sczPath, sczId);
author	Rob Mensching <rob@firegiant.com>	2024-03-22 11:55:43 -0700
committer	Rob Mensching <rob@firegiant.com>	2024-03-22 13:30:34 -0700
commit	2e5960b575881567a8807e6b8b9c513138b19742 (patch)
tree	1061c85aac8fdbbb734f74d58f937939b929c7b2
parent	2de6f549981222566638abae7c812bb8e2098841 (diff)
download	wix-2e5960b575881567a8807e6b8b9c513138b19742.tar.gz wix-2e5960b575881567a8807e6b8b9c513138b19742.tar.bz2 wix-2e5960b575881567a8807e6b8b9c513138b19742.zip