[Bug 20860] Read buffer overflow in INTERNET_SendCallback in wininet... calling strlen on non-nul-terminated buffer?

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Dec 3 20:19:43 CST 2009


--- Comment #1 from Juan Lang <juan_lang at yahoo.com>  2009-12-03 20:19:42 ---
The error is in the caller, which is passing too short a buffer.  I'll send a
patch for this error, but others remain, especially in ftp.c.  Here's one:

        SendAsyncCallback(&hIC->hdr, dwContext,
            &socketAddr, sock_namelen);

Note that utility.c assumes the lpvStatusInfo is a wide string, not a socket
address.  Unless FTP cannot be used in async mode (I don't really know), this
is clearly bogus.

Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list