[ros-diffs] [gedmurphy] 33725: fix potential buffer overflow
gedmurphy at svn.reactos.org
gedmurphy at svn.reactos.org
Tue May 27 10:28:53 CEST 2008
Author: gedmurphy
Date: Tue May 27 03:28:52 2008
New Revision: 33725
URL: http://svn.reactos.org/svn/reactos?rev=33725&view=rev
Log:
fix potential buffer overflow
Modified:
trunk/reactos/dll/win32/user32/misc/dllmain.c
Modified: trunk/reactos/dll/win32/user32/misc/dllmain.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/user32/misc/dllmain.c?rev=33725&r1=33724&r2=33725&view=diff
==============================================================================
--- trunk/reactos/dll/win32/user32/misc/dllmain.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/user32/misc/dllmain.c [iso-8859-1] Tue May 27 03:28:52 2008
@@ -90,9 +90,22 @@
LPWSTR lpBuffer = (LPWSTR)kvpInfo->Data;
if (lpBuffer != UNICODE_NULL)
{
- RtlMoveMemory(szAppInit,
- kvpInfo->Data,
- min(kvpInfo->DataLength, KEY_LENGTH));
+ INT bytesToCopy, nullPos;
+
+ bytesToCopy = min(kvpInfo->DataLength, KEY_LENGTH * sizeof(WCHAR));
+
+ if (bytesToCopy != 0)
+ {
+ RtlMoveMemory(szAppInit,
+ kvpInfo->Data,
+ bytesToCopy);
+
+ nullPos = (bytesToCopy / sizeof(WCHAR)) - 1;
+
+ /* ensure string is terminated */
+ szAppInit[nullPos] = UNICODE_NULL;
+ }
+
bRet = TRUE;
}
}
More information about the Ros-diffs
mailing list