fusion: Avoid buffer overflow in enum_gac_assemblies.
Gerald Pfeifer
gerald at pfeifer.com
Sun Nov 13 02:36:29 CST 2016
In enum_gac_assemblies we have the following
sprintf(buf, ", Version=%s, Culture=%s, PublicKeyToken=%s",
ffd.cFileName, culture, ptr);
culture alone is declard as char[MAX_PATH], and WIN32_FIND_DATAA.cFileName
is CHAR[260], so a mere size of MAX_PATH for buf is not sufficient.
(We need to double sizeof(ffd.cFileName) since ptr also points
into it.)
Gerald
Signed-off-by: Gerald Pfeifer <gerald at pfeifer.com>
---
dlls/fusion/tests/asmenum.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/fusion/tests/asmenum.c b/dlls/fusion/tests/asmenum.c
index 1dc34a2..9ba77f7 100644
--- a/dlls/fusion/tests/asmenum.c
+++ b/dlls/fusion/tests/asmenum.c
@@ -223,7 +223,7 @@ typedef struct _tagASMNAME
static BOOL enum_gac_assemblies(struct list *assemblies, int depth, LPSTR path)
{
WIN32_FIND_DATAA ffd;
- CHAR buf[MAX_PATH];
+ CHAR buf[MAX_PATH+sizeof(ffd.cFileName)*2+40];
CHAR disp[MAX_PATH];
ASMNAME *name;
HANDLE hfind;
--
2.10.1
More information about the wine-patches
mailing list