<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi.<br>
<div class="moz-cite-prefix">On 15/10/30 下午11:08, Piotr Caban wrote:<br>
</div>
<blockquote cite="mid:563387D3.9040905@gmail.com" type="cite">On
10/29/15 16:28, YongHao Hu wrote:
<br>
<blockquote type="cite">+ char temppath[MAX_PATH+1];
<br>
+ TRACE("(%p %s %p %p)\n", target, debugstr_a(dest),
err_code, type);
<br>
+ if(strlen(dest) >= MAX_PATH) {
<br>
+ *err_code = ERROR_BAD_PATHNAME;
<br>
+ return NULL;
<br>
+ }
<br>
+ strcpy(temppath, dest);
<br>
+ strcat(temppath, "\\*");
<br>
</blockquote>
There may still write outside of temppath array in this code.
<br>
</blockquote>
<br>
I had sent a new patch to upstream.<br>
I think it will fix possible buffer overflow
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
this time.<br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Thank you very much.<br>
</body>
</html>