From 35aaed5fff1e84dc5b034cb5085676a6d5428a8a Mon Sep 17 00:00:00 2001
From: Robert Strong <robert.bugzilla@gmail.com>
Date: Fri, 28 Apr 2017 16:37:37 -0700
Subject: [PATCH] Client code - Bug 1234401 - check that the patch dir
 subdirectory is valid. r=mhowell

---
 .../maintenanceservice/workmonitor.cpp           | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/toolkit/components/maintenanceservice/workmonitor.cpp b/toolkit/components/maintenanceservice/workmonitor.cpp
index d06db3ca2b98..1b344100f4c8 100644
--- a/toolkit/components/maintenanceservice/workmonitor.cpp
+++ b/toolkit/components/maintenanceservice/workmonitor.cpp
@@ -25,6 +25,8 @@
 #include "pathhash.h"
 #include "errors.h"
 
+#define PATCH_DIR_PATH L"\\updates\\0"
+
 // Wait 15 minutes for an update operation to run at most.
 // Updates usually take less than a minute so this seems like a
 // significantly large and safe amount of time to wait.
@@ -596,6 +598,20 @@ ExecuteServiceCommand(int argc, LPWSTR *argv)
       return FALSE;
     }
 
+    // The patch directory path must end with updates\0 to use the maintenance
+    // service.
+    size_t fullPathLen = NS_tstrlen(argv[4]);
+    size_t relPathLen = NS_tstrlen(PATCH_DIR_PATH);
+    if (relPathLen > fullPathLen) {
+      LOG_WARN(("The patch directory path length is not valid for this application."));
+      return FALSE;
+    }
+
+    if (_wcsnicmp(argv[4] + fullPathLen - relPathLen, PATCH_DIR_PATH, relPathLen) != 0) {
+      LOG_WARN(("The patch directory path subdirectory is not valid for this application."));
+      return FALSE;
+    }
+
     // This check is also performed in updater.cpp and is performed here
     // as well since the maintenance service can be called directly.
     if (argc < 5 || !IsValidFullPath(argv[5])) {