From cdc7f1298deb76f58a2ba48cef60167ba1fac67e Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali@kernel.org>
Date: Mon, 18 Apr 2022 16:53:59 +0200
Subject: libpci: win32-cfgmgr32: Fix parsing paths in NT format

NT namespace separator may be single or double backslash.
---
 lib/win32-cfgmgr32.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/win32-cfgmgr32.c b/lib/win32-cfgmgr32.c
index 004f95f..f52db01 100644
--- a/lib/win32-cfgmgr32.c
+++ b/lib/win32-cfgmgr32.c
@@ -498,18 +498,28 @@ retry_service_config:
         service_image_path[systemroot_len++] = L'\\';
       wcscpy(service_image_path + systemroot_len, service_config->lpBinaryPathName + sizeof("\\SystemRoot\\")-1);
     }
-  else if (wcsncmp(service_config->lpBinaryPathName, L"\\??\\UNC\\", sizeof("\\??\\UNC\\")-1) == 0)
+  else if (wcsncmp(service_config->lpBinaryPathName, L"\\??\\UNC\\", sizeof("\\??\\UNC\\")-1) == 0 ||
+           wcsncmp(service_config->lpBinaryPathName, L"\\??\\\\UNC\\", sizeof("\\??\\\\UNC\\")-1) == 0)
     {
       /* ImagePath is in NT UNC namespace, convert to Win32 UNC path via "\\\\" prefix. */
       service_image_path = pci_malloc(a, sizeof(WCHAR) * (sizeof("\\\\") + wcslen(service_config->lpBinaryPathName) - (sizeof("\\??\\UNC\\")-1)));
+      /* Namespace separator may be single or double backslash. */
+      driver_path_len = sizeof("\\??\\")-1;
+      if (service_config->lpBinaryPathName[driver_path_len] == L'\\')
+        driver_path_len++;
+      driver_path_len += sizeof("UNC\\")-1;
       wcscpy(service_image_path, L"\\\\");
-      wcscpy(service_image_path + sizeof("\\\\")-1, service_config->lpBinaryPathName + sizeof("\\??\\UNC\\")-1);
+      wcscpy(service_image_path + sizeof("\\\\")-1, service_config->lpBinaryPathName + driver_path_len);
     }
   else if (wcsncmp(service_config->lpBinaryPathName, L"\\??\\", sizeof("\\??\\")-1) == 0)
     {
       /* ImagePath is in NT Global?? namespace, root of the Win32 file namespace, so just remove "\\??\\" prefix to get Win32 path. */
       service_image_path = pci_malloc(a, sizeof(WCHAR) * (wcslen(service_config->lpBinaryPathName) - (sizeof("\\??\\")-1)));
-      wcscpy(service_image_path, service_config->lpBinaryPathName + sizeof("\\??\\")-1);
+      /* Namespace separator may be single or double backslash. */
+      driver_path_len = sizeof("\\??\\")-1;
+      if (service_config->lpBinaryPathName[driver_path_len] == L'\\')
+        driver_path_len++;
+      wcscpy(service_image_path, service_config->lpBinaryPathName + driver_path_len);
     }
   else if (service_config->lpBinaryPathName[0] != L'\\')
     {
-- 
cgit 1.2.3-korg