From 2e5960b575881567a8807e6b8b9c513138b19742 Mon Sep 17 00:00:00 2001 From: Rob Mensching Date: Fri, 22 Mar 2024 11:55:43 -0700 Subject: Don't follow junctions when recursing directories. When deleting directories recursively, an elevated custom action following junctions in a user-writable location could recurse into any directory, including some that you might not want to be deleted. Therefore, avoid recursing into directories that are actually junctions (aka "reparse points"). This applies to: - The RemoveFoldersEx custom action (which doesn't actually do deletions but would instruct elevated MSI to delete on your behalf). - DTF's custom action runner. --- src/dtf/SfxCA/SfxUtil.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/dtf/SfxCA') diff --git a/src/dtf/SfxCA/SfxUtil.cpp b/src/dtf/SfxCA/SfxUtil.cpp index 1bf2c5b2..2e6b0555 100644 --- a/src/dtf/SfxCA/SfxUtil.cpp +++ b/src/dtf/SfxCA/SfxUtil.cpp @@ -93,7 +93,9 @@ bool DeleteDirectory(const wchar_t* szDir) StringCchCopy(szPath + cchDir + 1, cchPathBuf - (cchDir + 1), fd.cFileName); if ((fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0) { - if (wcscmp(fd.cFileName, L".") != 0 && wcscmp(fd.cFileName, L"..") != 0) + if (wcscmp(fd.cFileName, L".") != 0 + && wcscmp(fd.cFileName, L"..") != 0 + && ((fd.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) { DeleteDirectory(szPath); } -- cgit v1.2.3-55-g6feb