[ros-diffs] [weiden] 18187: fixed possible buffer overflow bug: pass correct buffer length (in characters, not bytes) to FileGetString()

weiden at svn.reactos.com weiden at svn.reactos.com
Sat Oct 1 14:22:03 CEST 2005 

fixed possible buffer overflow bug: pass correct buffer length (in
characters, not bytes) to FileGetString()
Modified: trunk/reactos/subsys/system/cmd/batch.c
Modified: trunk/reactos/subsys/system/cmd/goto.c
Modified: trunk/reactos/subsys/system/cmd/misc.c
  _____  

Modified: trunk/reactos/subsys/system/cmd/batch.c
--- trunk/reactos/subsys/system/cmd/batch.c	2005-10-01 10:10:39 UTC
(rev 18186)
+++ trunk/reactos/subsys/system/cmd/batch.c	2005-10-01 12:21:55 UTC
(rev 18187)
@@ -408,7 +408,7 @@

 			return textline;
 		}
 
-		if (!FileGetString (bc->hBatchFile, textline, sizeof
(textline)))
+		if (!FileGetString (bc->hBatchFile, textline, sizeof
(textline) / sizeof (textline[0])))
 		{
 #ifdef _DEBUG
 			DebugPrintf (_T("ReadBatchLine(): Reached
EOF!\n"));
  _____  

Modified: trunk/reactos/subsys/system/cmd/goto.c
--- trunk/reactos/subsys/system/cmd/goto.c	2005-10-01 10:10:39 UTC
(rev 18186)
+++ trunk/reactos/subsys/system/cmd/goto.c	2005-10-01 12:21:55 UTC
(rev 18187)
@@ -85,7 +85,7 @@

   /* jump to begin of the file */
   SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN);
 
-	while (FileGetString (bc->hBatchFile, textline,
sizeof(textline)))
+	while (FileGetString (bc->hBatchFile, textline, sizeof(textline)
/ sizeof(textline[0])))
 	{
      int pos;
      int size;     
  _____  

Modified: trunk/reactos/subsys/system/cmd/misc.c
--- trunk/reactos/subsys/system/cmd/misc.c	2005-10-01 10:10:39 UTC
(rev 18186)
+++ trunk/reactos/subsys/system/cmd/misc.c	2005-10-01 12:21:55 UTC
(rev 18187)
@@ -381,13 +381,12 @@

 	while ((--nBufferLength >  0) &&
 		   ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead)
 	{
-		if ((ch == '\n') || (ch == '\r'))
+        lpString[len++] = ch;
+        if ((ch == '\n') || (ch == '\r'))
 		{
-			/* read it*/
-			lpString[len++] = ch;
+			/* break at new line*/
 			break;
 		}
-		lpString[len++] = ch;
 	}
 
 	if (!dwRead && !len)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.reactos.org/pipermail/ros-diffs/attachments/20051001/e1926c63/attachment.html

More information about the Ros-diffs mailing list