Robert Reif : kernel32: Fix ExpandEnvironmentStrings to not overflow UNICODE_STRING buffer size ( with test).

[Alexandre Julliard]

Module: wine
Branch: master
Commit: 63d4bb7bae81db3113388d97204b3a894c1691f1
URL:    http://source.winehq.org/git/?p=wine.git;a=commit;h=63d4bb7bae81db3113388d97204b3a894c1691f1

Author: Robert Reif <reif at earthlink.net>
Date:   Sat Aug 19 13:27:01 2006 -0400

kernel32: Fix ExpandEnvironmentStrings to not overflow UNICODE_STRING buffer size (with test).

---

 dlls/kernel/environ.c       |    5 +++++
 dlls/kernel/tests/environ.c |    7 ++++++-
 2 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/dlls/kernel/environ.c b/dlls/kernel/environ.c
index 4887525..2de9b92 100644
--- a/dlls/kernel/environ.c
+++ b/dlls/kernel/environ.c
@@ -345,6 +345,11 @@ DWORD WINAPI ExpandEnvironmentStringsW( 
     TRACE("(%s %p %lu)\n", debugstr_w(src), dst, len);
 
     RtlInitUnicodeString(&us_src, src);
+
+    /* make sure we don't overflow maximum UNICODE_STRING size */
+    if (len > 0x7fff)
+        len = 0x7fff;
+
     us_dst.Length = 0;
     us_dst.MaximumLength = len * sizeof(WCHAR);
     us_dst.Buffer = dst;
diff --git a/dlls/kernel/tests/environ.c b/dlls/kernel/tests/environ.c
index 9c04162..c9b8cd9 100644
--- a/dlls/kernel/tests/environ.c
+++ b/dlls/kernel/tests/environ.c
@@ -213,9 +213,14 @@ static void test_GetSetEnvironmentVariab
 
 static void test_ExpandEnvironmentStringsA(void)
 {
-    char buf[256], buf1[256];
+    char buf[256], buf1[256], buf2[0x8000];
     DWORD ret_size, ret_size1;
 
+    /* test a large destination size */
+    strcpy(buf, "12345");
+    ret_size = ExpandEnvironmentStringsA(buf, buf2, sizeof(buf2));
+    ok(!strcmp(buf, buf2), "ExpandEnvironmentStrings failed %s vs %s. ret_size = %ld\n", buf, buf2, ret_size);
+
     ret_size1 = GetWindowsDirectoryA(buf1,256);
     ok ((ret_size1 >0) && (ret_size1<256), "GetWindowsDirectory Failed\n");
     ret_size = ExpandEnvironmentStringsA("%SystemRoot%",buf,sizeof(buf));