From 25ae58ec05bec0b97038e98eec9582209c1f9583 Mon Sep 17 00:00:00 2001
From: Sean Hall <r.sean.hall@gmail.com>
Date: Tue, 3 Aug 2021 15:43:06 -0500
Subject: Require clean room switch to be first argument and catch embedded
 switch specified with other modes in the clean room process.

---
 src/burn/engine/core.cpp | 22 +++++++++++++++++-----
 src/burn/engine/core.h   |  1 +
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/burn/engine/core.cpp b/src/burn/engine/core.cpp
index d8e2454d..94aaf204 100644
--- a/src/burn/engine/core.cpp
+++ b/src/burn/engine/core.cpp
@@ -1521,7 +1521,7 @@ extern "C" HRESULT CoreParseCommandLine(
                     ExitOnRootFailure(hr = E_INVALIDARG, "Must specify the elevated name, token and parent process id.");
                 }
 
-                if (BURN_MODE_UNTRUSTED != pInternalCommand->mode)
+                if (BURN_MODE_UNKNOWN != pInternalCommand->mode)
                 {
                     fInvalidCommandLine = TRUE;
                     TraceLog(E_INVALIDARG, "Multiple mode command-line switches were provided.");
@@ -1543,7 +1543,13 @@ extern "C" HRESULT CoreParseCommandLine(
             }
             else if (CSTR_EQUAL == ::CompareStringW(LOCALE_INVARIANT, NORM_IGNORECASE, &argv[i][1], lstrlenW(BURN_COMMANDLINE_SWITCH_CLEAN_ROOM), BURN_COMMANDLINE_SWITCH_CLEAN_ROOM, lstrlenW(BURN_COMMANDLINE_SWITCH_CLEAN_ROOM)))
             {
-                if (BURN_MODE_UNTRUSTED == pInternalCommand->mode)
+                if (0 != i)
+                {
+                    fInvalidCommandLine = TRUE;
+                    TraceLog(E_INVALIDARG, "Clean room command-line switch must be first argument on command-line.");
+                }
+
+                if (BURN_MODE_UNKNOWN == pInternalCommand->mode)
                 {
                     pInternalCommand->mode = BURN_MODE_NORMAL;
                 }
@@ -1579,8 +1585,9 @@ extern "C" HRESULT CoreParseCommandLine(
 
                 switch (pInternalCommand->mode)
                 {
-                case BURN_MODE_UNTRUSTED:
-                    // Leave mode as UNTRUSTED to launch the clean room process.
+                case BURN_MODE_UNKNOWN:
+                    // Set mode to UNTRUSTED to ensure multiple modes weren't specified.
+                    pInternalCommand->mode = BURN_MODE_UNTRUSTED;
                     break;
                 case BURN_MODE_NORMAL:
                     // The initialization code already assumes that the
@@ -1647,7 +1654,7 @@ extern "C" HRESULT CoreParseCommandLine(
             }
             else if (CSTR_EQUAL == ::CompareStringW(LOCALE_INVARIANT, NORM_IGNORECASE, &argv[i][1], -1, BURN_COMMANDLINE_SWITCH_RUNONCE, -1))
             {
-                if (BURN_MODE_UNTRUSTED != pInternalCommand->mode)
+                if (BURN_MODE_UNKNOWN != pInternalCommand->mode)
                 {
                     fInvalidCommandLine = TRUE;
                     TraceLog(E_INVALIDARG, "Multiple mode command-line switches were provided.");
@@ -1797,6 +1804,11 @@ extern "C" HRESULT CoreParseCommandLine(
         pCommand->display = BOOTSTRAPPER_DISPLAY_FULL;
     }
 
+    if (BURN_MODE_UNKNOWN == pInternalCommand->mode)
+    {
+        pInternalCommand->mode = BURN_MODE_UNTRUSTED;
+    }
+
 LExit:
     if (fInvalidCommandLine)
     {
diff --git a/src/burn/engine/core.h b/src/burn/engine/core.h
index fb6c0668..ccc33ba4 100644
--- a/src/burn/engine/core.h
+++ b/src/burn/engine/core.h
@@ -62,6 +62,7 @@ const LPCWSTR BURN_BUNDLE_LAST_USED_SOURCE = L"WixBundleLastUsedSource";
 
 enum BURN_MODE
 {
+    BURN_MODE_UNKNOWN,
     BURN_MODE_UNTRUSTED,
     BURN_MODE_NORMAL,
     BURN_MODE_ELEVATED,
-- 
cgit v1.2.3-55-g6feb