[ros-diffs] [tkreuzer] 53942: [NTSOKRNL] - use RtlStringCbPrintfA instead of manually calculating required length and checking if the buffer is large enough - Use %wZ as format specifier for a UNICODE_STRING, ...

Sun Oct 2 21:42:00 UTC 2011

Author: tkreuzer
Date: Sun Oct  2 21:42:00 2011
New Revision: 53942

URL: http://svn.reactos.org/svn/reactos?rev=53942&view=rev
Log:
[NTSOKRNL]
- use RtlStringCbPrintfA instead of manually calculating required length and checking if the buffer is large enough
- Use %wZ as format specifier for a UNICODE_STRING, instead of using %S and making assumptions about zero termination.
- Don't "while (TRUE);" on buffer overflow!

Modified:
    trunk/reactos/ntoskrnl/ex/init.c

Modified: trunk/reactos/ntoskrnl/ex/init.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/init.c?rev=53942&r1=53941&r2=53942&view=diff
==============================================================================

--- trunk/reactos/ntoskrnl/ex/init.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ex/init.c [iso-8859-1] Sun Oct  2 21:42:00 2011
@@ -750,9 +750,9 @@
     ULONG Count, Length;
     PWCHAR Name;
     PLDR_DATA_TABLE_ENTRY LdrEntry;
-    BOOLEAN OverFlow = FALSE;
     CHAR NameBuffer[256];
     STRING SymbolString;
+    NTSTATUS Status;
 
     /* Loop the driver list */
     NextEntry = LoaderBlock->LoadOrderListHead.Flink;
@@ -775,7 +775,7 @@
                 if (sizeof(NameBuffer) < Length + sizeof(ANSI_NULL))
                 {
                     /* It's too long */
-                    OverFlow = TRUE;
+                    Status = STATUS_BUFFER_OVERFLOW;
                 }
                 else
                 {
@@ -789,33 +789,21 @@
 
                     /* Null-terminate */
                     NameBuffer[Count] = ANSI_NULL;
+                    Status = STATUS_SUCCESS;
                 }
             }
             else
             {
-                /* This should be a driver, check if it fits */
-                if (sizeof(NameBuffer) <
-                    (sizeof("\\System32\\Drivers\\") +
-                     NtSystemRoot.Length / sizeof(WCHAR) - sizeof(UNICODE_NULL) +
-                     LdrEntry->BaseDllName.Length / sizeof(WCHAR) +
-                     sizeof(ANSI_NULL)))
-                {
-                    /* Buffer too small */
-                    OverFlow = TRUE;
-                    while (TRUE);
-                }
-                else
-                {
-                    /* Otherwise build the name. HACKED for GCC :( */
-                    sprintf(NameBuffer,
-                            "%S\\System32\\Drivers\\%S",
-                            &SharedUserData->NtSystemRoot[2],
-                            LdrEntry->BaseDllName.Buffer);
-                }
+                /* Safely print the string into our buffer */
+                Status = RtlStringCbPrintfA(NameBuffer,
+                                            sizeof(NameBuffer),
+                                            "%S\\System32\\Drivers\\%wZ",
+                                            &SharedUserData->NtSystemRoot[2],
+                                            &LdrEntry->BaseDllName);
             }
 
             /* Check if the buffer was ok */
-            if (!OverFlow)
+            if (NT_SUCCESS(Status))
             {
                 /* Initialize the STRING for the debugger */
                 RtlInitString(&SymbolString, NameBuffer);


