Secure filename copy to fixed size variable wfileName
Dmitry Timoshkov
dmitry at codeweavers.com
Mon Apr 21 21:39:18 CDT 2008
"Tomasz Jezierski - Tefnet" <developers at tefnet.pl> wrote:
> - strcpyW(wfileName, sei_tmp.lpFile);
> + StrCpyNW(wfileName, sei_tmp.lpFile,sizeof(wfileName));
> }
> } else
> - strcpyW(wfileName, sei_tmp.lpFile);
> + StrCpyNW(wfileName, sei_tmp.lpFile,sizeof(wfileName));
Your patch doesn't make the code more secure than it is now. StrCpyNW takes
number of characters, not bytes. And since it's just a wrapper around lstrcpynW
it's better to use the latter one instead.
--
Dmitry.
More information about the wine-devel
mailing list