1 files changed, 28 insertions, 5 deletions

diff --git a/src/ldso/pe_open_physical_parent_directory.c b/src/ldso/pe_open_physical_parent_directory.c
index 5f535a3..55910d6 100644
--- a/src/ldso/pe_open_physical_parent_directory.c
+++ b/src/ldso/pe_open_physical_parent_directory.c
@@ -26,6 +26,7 @@ int32_t pe_open_physical_parent_directory(
 	wchar16_t *		root;
 	struct pe_unicode_str *	path;
 	uint32_t		len;
+	int			mup;
 	void *			hntdll;
 	os_zw_query_object *	zw_query_object;
 	os_zw_open_file *	zw_open_file;
@@ -63,24 +64,46 @@ int32_t pe_open_physical_parent_directory(
 	wch  = path->buffer + (path->strlen / sizeof(uint16_t));
 
 
-	if ((root[0] != '\\')
+	if ((wch < &root[8])
+			|| (root[0] != '\\')
 			|| (root[1] != 'D') || (root[2] != 'e')
 			|| (root[3] != 'v') || (root[4] != 'i')
 			|| (root[5] != 'c') || (root[6] != 'e')
 			|| (root[7] != '\\'))
 		return OS_STATUS_INTERNAL_ERROR;
 
-	for (root=&root[8]; (root<wch) && (*root!='\\'); )
+	mup = (wch > &root[11])
+		&& (root[8]=='M')
+		&& (root[9]=='u')
+		&& (root[10]=='p')
+		&& (root[11]=='\\');
+
+	root = mup ? &root[12] : &root[8];
+
+	for (; (root<wch) && (*root!='\\'); )
 		root++;
 
-	if ((uint16_t)((++root - path->buffer) * sizeof(uint16_t)) == path->strlen)
+	if (root == wch)
+		return OS_STATUS_INTERNAL_ERROR;
+
+	if (mup)
+		for (root++; (root<wch) && (*root!='\\'); )
+			root++;
+
+	if (root == wch)
+		return OS_STATUS_INTERNAL_ERROR;
+
+	if (&root[1] == wch)
 		return OS_STATUS_MORE_PROCESSING_REQUIRED;
 
+	if (wch[-1] == '\\')
+		wch--;
+
 	/* physical parent directory path */
-	for (; (wch>root) && (wch[-1]!='\\'); )
+	for (root++; (wch>=root) && (wch[-1]!='\\'); )
 		wch--;
 
-	path->strlen = sizeof(uint16_t) * (uint16_t)(wch-path->buffer);
+	path->strlen = (uint16_t)(wch - path->buffer) * sizeof(uint16_t);
 	path->maxlen = 0;
 
 	/* oa */