[ros-diffs] [tfaber] 55678: [ADVAPI32] - Fix buffer overflow in LookupAccountSidA See issue #6752 for more details.

[tfaber at svn.reactos.org]

Author: tfaber
Date: Sat Feb 18 12:00:50 2012
New Revision: 55678

URL: http://svn.reactos.org/svn/reactos?rev=55678&view=rev
Log:
[ADVAPI32]
- Fix buffer overflow in LookupAccountSidA
See issue #6752 for more details.

Modified:
    trunk/reactos/dll/win32/advapi32/sec/misc.c

Modified: trunk/reactos/dll/win32/advapi32/sec/misc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/misc.c?rev=55678&r1=55677&r2=55678&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] Sat Feb 18 12:00:50 2012
@@ -1,6 +1,6 @@
 /*
  * COPYRIGHT:       See COPYING in the top level directory
- * WINE COPYRIGHT: 
+ * WINE COPYRIGHT:
  * Copyright 1999, 2000 Juergen Schmied <juergen.schmied at debitel.net>
  * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
  * Copyright 2006 Robert Reif
@@ -808,7 +808,7 @@
     /* allocate buffers for the unicode strings to receive */
     if (dwName > 0)
     {
-        NameBuffer = (PWSTR)LocalAlloc(LMEM_FIXED, dwName);
+        NameBuffer = LocalAlloc(LMEM_FIXED, dwName * sizeof(WCHAR));
         if (NameBuffer == NULL)
         {
             SetLastError(ERROR_OUTOFMEMORY);
@@ -820,7 +820,7 @@
 
     if (dwReferencedDomainName > 0)
     {
-        ReferencedDomainNameBuffer = (PWSTR)LocalAlloc(LMEM_FIXED, dwReferencedDomainName);
+        ReferencedDomainNameBuffer = LocalAlloc(LMEM_FIXED, dwReferencedDomainName * sizeof(WCHAR));
         if (ReferencedDomainNameBuffer == NULL)
         {
             if (dwName > 0)