[v2] kernel32: Avoid two potential buffer overflows of cStr in create_hardware_branch.
Gerald Pfeifer
gerald at pfeifer.com
Sat Feb 11 15:11:36 CST 2017
Based on feedback by Sebastian, this updated version of the patch
uses NAME_MAX instead of the non-portable/recommended against
sizeof(dent->d_name).
Gerald
Signed-off-by: Gerald Pfeifer <gerald at pfeifer.com>
---
dlls/kernel32/oldconfig.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/dlls/kernel32/oldconfig.c b/dlls/kernel32/oldconfig.c
index 6c80dc614f..ff82943120 100644
--- a/dlls/kernel32/oldconfig.c
+++ b/dlls/kernel32/oldconfig.c
@@ -32,6 +32,7 @@
# include <sys/stat.h>
#endif
#include <fcntl.h>
+#include <limits.h>
#ifdef HAVE_DIRENT_H
# include <dirent.h>
#endif
@@ -275,7 +276,9 @@ static void create_hardware_branch(void)
DIR *idedir;
struct dirent *dent = NULL;
FILE *procfile = NULL;
- char cStr[40], cDevModel[40], cUnixDeviceName[40], read1[10] = "\0", read2[10] = "\0";
+ char cStr[NAME_MAX+sizeof(procname_ide_media)],
+ cDevModel[40], cUnixDeviceName[40],
+ read1[10] = "\0", read2[10] = "\0";
SCSI_ADDRESS scsi_addr;
UINT nType;
struct LinuxProcScsiDevice dev;
--
2.11.0
More information about the wine-patches
mailing list