Fix mis-ordering of escaped command line arguments

Author: nirbar

src/burn/engine/bundlepackageengine.cpp

@@ -808,11 +808,8 @@ static HRESULT ExecuteBundle(
     LPWSTR sczCachedDirectory = NULL;
     LPWSTR sczExecutablePath = NULL;
     LPWSTR sczBaseCommand = NULL;
-    LPWSTR sczUnformattedUserArgs = NULL;
     LPWSTR sczUserArgs = NULL;
     LPWSTR sczUserArgsObfuscated = NULL;
-    LPWSTR sczUserArgsEscaped = NULL;
-    LPWSTR sczUserArgsEscapedObfuscated = NULL;
     LPWSTR sczCommandObfuscated = NULL;
     LPWSTR sczArpUninstallString = NULL;
     int argcArp = 0;
@@ -924,8 +921,11 @@ static HRESULT ExecuteBundle(
     // now add optional arguments
     if (wzArguments && *wzArguments)
     {
-        hr = StrAllocString(&sczUnformattedUserArgs, wzArguments, 0);
-        ExitOnFailure(hr, "Failed to copy package arguments.");
+        hr = ExeEngineAppendCommandLineArgument(wzArguments, pVariables, FALSE, &sczUserArgs);
+        ExitOnFailure(hr, "Failed to get command-line arguments.");
+
+        hr = ExeEngineAppendCommandLineArgument(wzArguments, pVariables, TRUE, &sczUserArgsObfuscated);
+        ExitOnFailure(hr, "Failed to get obfuscated command-line arguments.");
     }
 
     for (DWORD i = 0; i < pPackage->Bundle.cCommandLineArguments; ++i)
@@ -941,59 +941,62 @@ static HRESULT ExecuteBundle(
 
         if (fCondition)
         {
-            if (sczUnformattedUserArgs && !commandLineArgument->fEscape)
-            {
-                hr = StrAllocConcat(&sczUnformattedUserArgs, L" ", 0);
-                ExitOnFailure(hr, "Failed to separate command-line arguments.");
-            }
-
             switch (action)
             {
             case BOOTSTRAPPER_ACTION_STATE_INSTALL:
                 if (commandLineArgument->fEscape)
                 {
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, FALSE, &sczUserArgsEscaped);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for install.");
 
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, TRUE, &sczUserArgsEscapedObfuscated);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
                     ExitOnFailure(hr, "Failed to get obfuscated command-line argument for install.");
                 }
                 else
                 {
-                    hr = StrAllocConcat(&sczUnformattedUserArgs, commandLineArgument->sczInstallArgument, 0);
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for install.");
+
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
+                    ExitOnFailure(hr, "Failed to get obfuscated command-line argument for install.");
                 }
                 break;
 
             case BOOTSTRAPPER_ACTION_STATE_UNINSTALL:
                 if (commandLineArgument->fEscape)
                 {
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, FALSE, &sczUserArgsEscaped);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for uninstall.");
 
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, TRUE, &sczUserArgsEscapedObfuscated);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
                     ExitOnFailure(hr, "Failed to get obfuscated command-line argument for uninstall.");
                 }
                 else
                 {
-                    hr = StrAllocConcat(&sczUnformattedUserArgs, commandLineArgument->sczUninstallArgument, 0);
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for uninstall.");
+
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
+                    ExitOnFailure(hr, "Failed to get obfuscated command-line argument for uninstall.");
                 }
                 break;
 
             case BOOTSTRAPPER_ACTION_STATE_REPAIR:
                 if (commandLineArgument->fEscape)
                 {
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, FALSE, &sczUserArgsEscaped);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for repair.");
 
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, TRUE, &sczUserArgsEscapedObfuscated);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, TRUE, &sczUserArgsObfuscated);
                     ExitOnFailure(hr, "Failed to get obfuscated command-line argument for repair.");
                 }
                 else
                 {
-                    hr = StrAllocConcat(&sczUnformattedUserArgs, commandLineArgument->sczRepairArgument, 0);
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for repair.");
+
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, TRUE, &sczUserArgsObfuscated);
+                    ExitOnFailure(hr, "Failed to get obfuscated command-line argument for repair.");
                 }
                 break;
 
@@ -1080,33 +1083,12 @@ static HRESULT ExecuteBundle(
     ExitOnFailure(hr, "Failed to append %ls", BURN_COMMANDLINE_SWITCH_FILEHANDLE_SELF);
 
     // build user args
-    if (sczUnformattedUserArgs && *sczUnformattedUserArgs)
+    if (sczUserArgsObfuscated && *sczUserArgsObfuscated)
     {
-        hr = VariableFormatString(pVariables, sczUnformattedUserArgs, &sczUserArgs, NULL);
-        ExitOnFailure(hr, "Failed to format argument string.");
-
-        hr = VariableFormatStringObfuscated(pVariables, sczUnformattedUserArgs, &sczUserArgsObfuscated, NULL);
-        ExitOnFailure(hr, "Failed to format obfuscated argument string.");
-
         hr = StrAllocFormatted(&sczCommandObfuscated, L"%ls %ls", sczBaseCommand, sczUserArgsObfuscated);
         ExitOnFailure(hr, "Failed to allocate obfuscated bundle command.");
     }
 
-    if (sczUserArgsEscaped && *sczUserArgsEscaped)
-    {
-        hr = StrAllocConcat(&sczUserArgs, L" ", 0);
-        ExitOnFailure(hr, "Failed to concat exe command.");
-
-        hr = StrAllocConcat(&sczUserArgs, sczUserArgsEscaped, 0);
-        ExitOnFailure(hr, "Failed to concat exe command.");
-
-        hr = StrAllocConcat(&sczCommandObfuscated, L" ", 0);
-        ExitOnFailure(hr, "Failed to concat obfuscated exe command.");
-
-        hr = StrAllocConcat(&sczCommandObfuscated, sczUserArgsEscapedObfuscated, 0);
-        ExitOnFailure(hr, "Failed to concat obfuscated exe command.");
-    }
-
     // Append logging to command line if it doesn't contain '-log'
     CoreAppendLogToCommandLine(&sczBaseCommand, &sczCommandObfuscated, fRollback, pVariables, pPackage);
 
@@ -1144,11 +1126,8 @@ static HRESULT ExecuteBundle(
     ReleaseStr(sczCachedDirectory);
     ReleaseStr(sczExecutablePath);
     ReleaseStr(sczBaseCommand);
-    ReleaseStr(sczUnformattedUserArgs);
     StrSecureZeroFreeString(sczUserArgs);
     ReleaseStr(sczUserArgsObfuscated);
-    ReleaseStr(sczUserArgsEscapedObfuscated);
-    ReleaseStr(sczUserArgsEscaped);
     ReleaseStr(sczCommandObfuscated);
     ReleaseStr(sczArpUninstallString);
 

src/burn/engine/exeengine.cpp

@@ -473,10 +473,7 @@ extern "C" HRESULT ExeEngineExecutePackage(
     LPWSTR sczCachedDirectory = NULL;
     LPWSTR sczExecutablePath = NULL;
     LPWSTR sczBaseCommand = NULL;
-    LPWSTR sczUnformattedUserArgs = NULL;
     LPWSTR sczUserArgs = NULL;
-    LPWSTR sczUserArgsEscaped = NULL;
-    LPWSTR sczUserArgsEscapedObfuscated = NULL;
     LPWSTR sczUserArgsObfuscated = NULL;
     LPWSTR sczCommandObfuscated = NULL;
     LPWSTR sczArpUninstallString = NULL;
@@ -589,8 +586,14 @@ extern "C" HRESULT ExeEngineExecutePackage(
     }
 
     // now add optional arguments
-    hr = StrAllocString(&sczUnformattedUserArgs, wzArguments && *wzArguments ? wzArguments : L"", 0);
-    ExitOnFailure(hr, "Failed to copy package arguments.");
+    if (wzArguments && *wzArguments)
+    {
+        hr = ExeEngineAppendCommandLineArgument(wzArguments, pVariables, FALSE, &sczUserArgs);
+        ExitOnFailure(hr, "Failed to get command-line arguments.");
+
+        hr = ExeEngineAppendCommandLineArgument(wzArguments, pVariables, TRUE, &sczUserArgsObfuscated);
+        ExitOnFailure(hr, "Failed to get obfuscated command-line arguments.");
+    }
 
     for (DWORD i = 0; i < pPackage->Exe.cCommandLineArguments; ++i)
     {
@@ -605,59 +608,62 @@ extern "C" HRESULT ExeEngineExecutePackage(
 
         if (fCondition)
         {
-            if (sczUnformattedUserArgs && !commandLineArgument->fEscape)
-            {
-                hr = StrAllocConcat(&sczUnformattedUserArgs, L" ", 0);
-                ExitOnFailure(hr, "Failed to separate command-line arguments.");
-            }
-
             switch (pExecuteAction->exePackage.action)
             {
             case BOOTSTRAPPER_ACTION_STATE_INSTALL:
                 if (commandLineArgument->fEscape)
                 {
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, FALSE, &sczUserArgsEscaped);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for install.");
 
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, TRUE, &sczUserArgsEscapedObfuscated);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
                     ExitOnFailure(hr, "Failed to get obfuscated command-line argument for install.");
                 }
                 else
                 {
-                    hr = StrAllocConcat(&sczUnformattedUserArgs, commandLineArgument->sczInstallArgument, 0);
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for install.");
+
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczInstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
+                    ExitOnFailure(hr, "Failed to get obfuscated command-line argument for install.");
                 }
                 break;
 
             case BOOTSTRAPPER_ACTION_STATE_UNINSTALL:
                 if (commandLineArgument->fEscape)
                 {
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, FALSE, &sczUserArgsEscaped);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for uninstall.");
 
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, TRUE, &sczUserArgsEscapedObfuscated);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
                     ExitOnFailure(hr, "Failed to get obfuscated command-line argument for uninstall.");
                 }
                 else
                 {
-                    hr = StrAllocConcat(&sczUnformattedUserArgs, commandLineArgument->sczUninstallArgument, 0);
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for uninstall.");
+
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczUninstallArgument, pVariables, TRUE, &sczUserArgsObfuscated);
+                    ExitOnFailure(hr, "Failed to get obfuscated command-line argument for uninstall.");
                 }
                 break;
 
             case BOOTSTRAPPER_ACTION_STATE_REPAIR:
                 if (commandLineArgument->fEscape)
                 {
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, FALSE, &sczUserArgsEscaped);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for repair.");
 
-                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, TRUE, &sczUserArgsEscapedObfuscated);
+                    hr = ExeEngineAppendEscapeCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, TRUE, &sczUserArgsObfuscated);
                     ExitOnFailure(hr, "Failed to get obfuscated command-line argument for repair.");
                 }
                 else
                 {
-                    hr = StrAllocConcat(&sczUnformattedUserArgs, commandLineArgument->sczRepairArgument, 0);
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, FALSE, &sczUserArgs);
                     ExitOnFailure(hr, "Failed to get command-line argument for repair.");
+
+                    hr = ExeEngineAppendCommandLineArgument(commandLineArgument->sczRepairArgument, pVariables, TRUE, &sczUserArgsObfuscated);
+                    ExitOnFailure(hr, "Failed to get obfuscated command-line argument for repair.");
                 }
                 break;
 
@@ -714,33 +720,12 @@ extern "C" HRESULT ExeEngineExecutePackage(
     }
 
     // build user args
-    if (sczUnformattedUserArgs && *sczUnformattedUserArgs)
+    if (sczUserArgsObfuscated && *sczUserArgsObfuscated)
     {
-        hr = VariableFormatString(pVariables, sczUnformattedUserArgs, &sczUserArgs, NULL);
-        ExitOnFailure(hr, "Failed to format argument string.");
-
-        hr = VariableFormatStringObfuscated(pVariables, sczUnformattedUserArgs, &sczUserArgsObfuscated, NULL);
-        ExitOnFailure(hr, "Failed to format obfuscated argument string.");
-
         hr = StrAllocFormatted(&sczCommandObfuscated, L"%ls %ls", sczBaseCommand, sczUserArgsObfuscated);
         ExitOnFailure(hr, "Failed to allocate obfuscated exe command.");
     }
 
-    if (sczUserArgsEscaped && *sczUserArgsEscaped)
-    {
-        hr = StrAllocConcat(&sczUserArgs, L" ", 0);
-        ExitOnFailure(hr, "Failed to concat exe command.");
-
-        hr = StrAllocConcat(&sczUserArgs, sczUserArgsEscaped, 0);
-        ExitOnFailure(hr, "Failed to concat exe command.");
-
-        hr = StrAllocConcat(&sczCommandObfuscated, L" ", 0);
-        ExitOnFailure(hr, "Failed to concat obfuscated exe command.");
-
-        hr = StrAllocConcat(&sczCommandObfuscated, sczUserArgsEscapedObfuscated, 0);
-        ExitOnFailure(hr, "Failed to concat obfuscated exe command.");
-    }
-
     // Log obfuscated command, which won't include raw hidden variable values or protocol specific arguments to avoid exposing secrets.
     LogId(REPORT_STANDARD, MSG_APPLYING_PACKAGE, LoggingRollbackOrExecute(fRollback), pPackage->sczId, LoggingActionStateToString(pExecuteAction->exePackage.action), sczExecutablePath, sczCommandObfuscated ? sczCommandObfuscated : sczBaseCommand);
 
@@ -767,11 +752,8 @@ extern "C" HRESULT ExeEngineExecutePackage(
     ReleaseStr(sczCachedDirectory);
     ReleaseStr(sczExecutablePath);
     ReleaseStr(sczBaseCommand);
-    ReleaseStr(sczUnformattedUserArgs);
     StrSecureZeroFreeString(sczUserArgs);
     ReleaseStr(sczUserArgsObfuscated);
-    ReleaseStr(sczUserArgsEscapedObfuscated);
-    ReleaseStr(sczUserArgsEscaped);
     ReleaseStr(sczCommandObfuscated);
     ReleaseStr(sczArpUninstallString);
 
@@ -1098,6 +1080,42 @@ extern "C" HRESULT ExeEngineAppendEscapeCommandLineArgument(
     return hr;
 }
 
+extern "C" HRESULT ExeEngineAppendCommandLineArgument(
+    __in LPCWSTR szArgument,
+    __in BURN_VARIABLES* pVariables,
+    __in BOOL fObfuscateHiddenVariables,
+    __deref_out_z LPWSTR* psczArguments
+    )
+{
+    HRESULT hr = S_OK;
+    LPWSTR sz = NULL;
+
+    if (fObfuscateHiddenVariables)
+    {
+        hr = VariableFormatStringObfuscated(pVariables, szArgument, &sz, NULL);
+        ExitOnFailure(hr, "Failed to format argument.");
+    }
+    else
+    {
+        hr = VariableFormatString(pVariables, szArgument, &sz, NULL);
+        ExitOnFailure(hr, "Failed to format argument.");
+    }
+
+    if (*psczArguments && **psczArguments)
+    {
+        StrAllocConcat(psczArguments, L" ", 0);
+        ExitOnFailure(hr, "Failed to append space.");
+    }
+
+    hr = StrAllocConcat(psczArguments, sz, 0);
+    ExitOnFailure(hr, "Failed to append argument.");
+
+LExit:
+    ReleaseStr(sz);
+
+    return hr;
+}
+
 extern "C" HRESULT ExeEngineHandleExitCode(
     __in BURN_EXE_EXIT_CODE* rgCustomExitCodes,
     __in DWORD cCustomExitCodes,

src/burn/engine/exeengine.h

@@ -72,6 +72,12 @@ HRESULT ExeEngineAppendEscapeCommandLineArgument(
     __in BOOL fObfuscateHiddenVariables,
     __deref_out_z LPWSTR* psczEscapedArguments
     );
+HRESULT ExeEngineAppendCommandLineArgument(
+    __in LPCWSTR szArgument,
+    __in BURN_VARIABLES* pVariables,
+    __in BOOL fObfuscateHiddenVariables,
+    __deref_out_z LPWSTR* psczArguments
+    );
 HRESULT ExeEngineHandleExitCode(
     __in BURN_EXE_EXIT_CODE* rgCustomExitCodes,
     __in DWORD cCustomExitCodes,

src/test/burn/TestData/BasicFunctionalityTests/BundleE/BundleE.wxs

@@ -1,8 +1,14 @@
 <!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
 
 
-<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs">
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:bal="http://wixtoolset.org/schemas/v4/wxs/bal">
   <Fragment>
+
+    <Variable Name="NotInstallFolder" Value="0" Type="formatted" Persisted="no" bal:Overridable="yes"/>
+    <Variable Name="InstallFolder" Value="1" Type="formatted" Persisted="no" bal:Overridable="yes"/>
+    <Variable Name="InstallFolder2" Value="2" Type="formatted" Persisted="no" bal:Overridable="yes"/>
+    <Variable Name="UnquotedInstallFolder" Value="4" Type="formatted" Persisted="no" bal:Overridable="yes"/>
+
     <PackageGroup Id="BundlePackages">
       <PackageGroupRef Id="PackageA"/>
       <PackageGroupRef Id="PackageA_x64"/>