windows: return error if DecomposeCommandLine parameter contains NUL

DecomposeCommandLine is documented to use CommandLineToArgv, and the CommandLineToArgvW system call inherently does not support strings with internal NUL bytes. This CL changes DecomposeCommandLine to reject those strings with an error instead of panicking. Fixes golang/go#58817 Change-Id: I22a026bf2e69344a21f04849c50ba19b6e7b2007 Reviewed-on: https://go-review.googlesource.com/c/sys/+/487695 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
2026-02-08 11:46:04 +03:00 · 2023-04-22 16:47:22 +10:00
parent 9524d496ef
commit 6c5289959c
2 changed files with 22 additions and 1 deletions
--- a/windows/exec_windows.go
+++ b/windows/exec_windows.go
@@ -95,12 +95,17 @@ func ComposeCommandLine(args []string) string {
 // DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv,
 // as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that
 // command lines are passed around.
+// DecomposeCommandLine returns error if commandLine contains NUL.
 func DecomposeCommandLine(commandLine string) ([]string, error) {
 	if len(commandLine) == 0 {
 		return []string{}, nil
 	}
+	utf16CommandLine, err := UTF16FromString(commandLine)
+	if err != nil {
+		return nil, errorspkg.New("string with NUL passed to DecomposeCommandLine")
+	}
 	var argc int32
-	argv, err := CommandLineToArgv(StringToUTF16Ptr(commandLine), &argc)
+	argv, err := CommandLineToArgv(&utf16CommandLine[0], &argc)
 	if err != nil {
 		return nil, err
 	}
--- a/windows/syscall_windows_test.go
+++ b/windows/syscall_windows_test.go
@@ -626,6 +626,22 @@ func TestCommandLineRecomposition(t *testing.T) {
 			continue
 		}
 	}
+
+	// check that windows.DecomposeCommandLine returns error for strings with NUL
+	testsWithNUL := []string{
+		"\x00abcd",
+		"ab\x00cd",
+		"abcd\x00",
+		"\x00abcd\x00",
+		"\x00ab\x00cd\x00",
+		"\x00\x00\x00",
+	}
+	for _, test := range testsWithNUL {
+		_, err := windows.DecomposeCommandLine(test)
+		if err == nil {
+			t.Errorf("Failed to return error while decomposing %#q string with NUL inside", test)
+		}
+	}
 }

 func TestWinVerifyTrust(t *testing.T) {