From 1817f53cae57e17e6d68b2ea32088c922fafa8ac Mon Sep 17 00:00:00 2001
From: David Macek <david.macek.0@gmail.com>
Date: Sun, 4 Apr 2021 11:50:42 +0200
Subject: [PATCH] Improve command line parsing

Instead of allowing only one quote at the beginning and one at the end
of the command name, now we're reading the command line character by
character, also advancing in the CRT-parsed command name and skipping
any number of quotes.

As far as I can tell, there is no other hole in it, but just to be sure,
any parsing failure is now fatal.
---
 PKGBUILD   |  2 +-
 launcher.c | 18 ++++++++++++++----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index eac0ade..c6f027a 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -11,7 +11,7 @@ conflicts=("${_realname}")
 depends=("mintty>=2.2.1")
 makedepends=('mingw-w64-cross-gcc')
 source=(launcher.{c,ini,rc} {macros,version}.h Makefile {msys2,mingw32,mingw64,ucrt64,clang64}.ico)
-sha512sums=('e1137164c4ba8f49a9d9a3a83a7f45cb2121440b958ee610a666ee421b70a17fc0767a88a8502d9ae0f11fa004d7c050b44e53e1395048cf3c41104c27dda137'
+sha512sums=('ed2937084cc7d176bb9f06af96121dbf4433a05cfc8fa260918a5f96ed5e8c4201fa2b45aa196a858ece0c8a86f7ffc617a8330b57b7231a4ea4ab23d75920b0'
             '5ed8a2e9997d9d2c1e17940292d68542f897e2716b274741d8a3ba7c8f46235c175b7e0a1252a879ba3c79b571504d25de2a8d6b004aedd117d263195bc2b185'
             'cf257f1f5b7fc69a32c63fe5bf5299db078621850b1e12358654d71da7777a94a0668d657c1834be308db099cad9d48a42fa7877ad58dfdbd576248150913a12'
             '6019ca0d67375c1261dda0d54d45fc411b02244c51b71d5c57d2613e9edfb4e8f9000754e5c7d632ed0101005c01cd0a98c3961d5b5f51c94d83eceba4296d35'
diff --git a/launcher.c b/launcher.c
index 7da0232..d89c2f1 100644
--- a/launcher.c
+++ b/launcher.c
@@ -235,13 +235,23 @@ int wmain(int argc, wchar_t* argv[]) {
 		ShowLastError(L"Could not set environment variable");
 	}
 
-	// can break, but hopefully won't for most use cases
 	args = GetCommandLine();
-	if (args[0] == L'"') {
+	tmp = argv[0];
+	while (*tmp != L'\0') {
+		if (*args == *tmp) {
+			args++;
+			tmp++;
+		} else if (*args == L'"') {
+			args++;
+		} else {
+			ShowError(L"Could not parse command name", argv[0], 0);
+			return __LINE__;
+		}
+	}
+	while (*args == L'"') {
 		args++;
 	}
-	args += wcslen(argv[0]);
-	if (args[0] == L'"') {
+	while (*args == L' ') {
 		args++;
 	}