[ros-diffs] [janderwald] 34344: - fix potential buffer overflows spotted by Christoph
janderwald at svn.reactos.org
janderwald at svn.reactos.org
Sun Jul 6 22:52:11 CEST 2008
Author: janderwald
Date: Sun Jul 6 15:52:11 2008
New Revision: 34344
URL: http://svn.reactos.org/svn/reactos?rev=34344&view=rev
Log:
- fix potential buffer overflows spotted by Christoph
Modified:
trunk/reactos/dll/win32/shell32/fprop.c
Modified: trunk/reactos/dll/win32/shell32/fprop.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/shell32/fprop.c?rev=34344&r1=34343&r2=34344&view=diff
==============================================================================
--- trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] Sun Jul 6 15:52:11 2008
@@ -678,13 +678,16 @@
pOffset = wcsrchr(wFileName, L'.');
if (!pOffset)
{
+ Length = wcslen(szName);
+ if (Length >=94)
+ return 0;
wcscpy(szName, L"CLSID\\");
wcscpy(&szName[6], wFileName);
}
else
{
Length = wcslen(pOffset);
- if (Length >= 70)
+ if (Length >= 100)
return 0;
wcscpy(szName, pOffset);
}
@@ -700,6 +703,7 @@
if (RegGetValueW(HKEY_CLASSES_ROOT, pOffset, NULL, RRF_RT_REG_SZ, NULL, szName, &dwName) == ERROR_SUCCESS)
{
TRACE("EnumPropSheetExt szName %s, pOffset %s\n", debugstr_w(szName), debugstr_w(pOffset));
+ szName[(sizeof(szName)/sizeof(WCHAR))-1] = L'\0';
hpsxa[1] = SHCreatePropSheetExtArrayEx(HKEY_CLASSES_ROOT, szName, NumPages - Pages, pDataObj);
Pages +=SHAddFromPropSheetExtArray(hpsxa[1], AddShellPropSheetExCallback, (LPARAM)hppages);
}
More information about the Ros-diffs
mailing list