[ros-diffs] [janderwald] 34344: - fix potential buffer overflows spotted by Christoph

janderwald at svn.reactos.org janderwald at svn.reactos.org
Sun Jul 6 22:52:11 CEST 2008


Author: janderwald
Date: Sun Jul  6 15:52:11 2008
New Revision: 34344

URL: http://svn.reactos.org/svn/reactos?rev=34344&view=rev
Log:
- fix potential buffer overflows spotted by Christoph

Modified:
    trunk/reactos/dll/win32/shell32/fprop.c

Modified: trunk/reactos/dll/win32/shell32/fprop.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/shell32/fprop.c?rev=34344&r1=34343&r2=34344&view=diff
==============================================================================
--- trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] Sun Jul  6 15:52:11 2008
@@ -678,13 +678,16 @@
     pOffset = wcsrchr(wFileName, L'.');
     if (!pOffset)
     {
+        Length = wcslen(szName);
+        if (Length >=94)
+           return 0;
         wcscpy(szName, L"CLSID\\");
         wcscpy(&szName[6], wFileName);
     }
     else
     {
         Length = wcslen(pOffset);
-        if (Length  >= 70)
+        if (Length  >= 100)
             return 0;
         wcscpy(szName, pOffset);
     }
@@ -700,6 +703,7 @@
         if (RegGetValueW(HKEY_CLASSES_ROOT, pOffset, NULL, RRF_RT_REG_SZ, NULL, szName, &dwName) == ERROR_SUCCESS)
         {
             TRACE("EnumPropSheetExt szName %s, pOffset %s\n", debugstr_w(szName), debugstr_w(pOffset));
+            szName[(sizeof(szName)/sizeof(WCHAR))-1] = L'\0';
             hpsxa[1] = SHCreatePropSheetExtArrayEx(HKEY_CLASSES_ROOT, szName, NumPages - Pages, pDataObj);
             Pages +=SHAddFromPropSheetExtArray(hpsxa[1], AddShellPropSheetExCallback, (LPARAM)hppages);
         }



More information about the Ros-diffs mailing list