diff --git a/win32ss/user/user32/windows/input.c b/win32ss/user/user32/windows/input.c index a9aac9e82a3..39ad3ab951f 100644 --- a/win32ss/user/user32/windows/input.c +++ b/win32ss/user/user32/windows/input.c @@ -801,7 +801,11 @@ IntLoadKeyboardLayout( { WCHAR szPath[MAX_PATH]; GetSystemLibraryPath(szPath, _countof(szPath), szImeFileName); - if (GetFileAttributesW(szPath) == INVALID_FILE_ATTRIBUTES) /* Does not exist? */ + + /* We don't allow the invalid "IME File" values for security reason */ + if (dwType != REG_SZ || szImeFileName[0] == 0 || + wcsspn(szImeFileName, L":\\/") != wcslen(szImeFileName) || + GetFileAttributesW(szPath) == INVALID_FILE_ATTRIBUTES) /* Does not exist? */ { bIsIME = FALSE; wHigh = 0;