Octavian Voicu : ntdll: Fix two buffer overflow conditions in RtlDosPathNameToNtPathName_U.
Alexandre Julliard
julliard at winehq.org
Tue Sep 6 11:35:53 CDT 2011
Module: wine
Branch: master
Commit: ce60eb845968d80e693566dd9bbf284fed31bc1c
URL: http://source.winehq.org/git/wine.git/?a=commit;h=ce60eb845968d80e693566dd9bbf284fed31bc1c
Author: Octavian Voicu <octavian.voicu at gmail.com>
Date: Tue Sep 6 15:23:42 2011 +0300
ntdll: Fix two buffer overflow conditions in RtlDosPathNameToNtPathName_U.
---
dlls/ntdll/path.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/dlls/ntdll/path.c b/dlls/ntdll/path.c
index 3207720..6138fa8 100644
--- a/dlls/ntdll/path.c
+++ b/dlls/ntdll/path.c
@@ -383,8 +383,14 @@ BOOLEAN WINAPI RtlDosPathNameToNtPathName_U(PCWSTR dos_path,
if (!(ptr = RtlAllocateHeap(GetProcessHeap(), 0, sz))) return FALSE;
sz = RtlGetFullPathName_U(dos_path, sz, ptr, file_part);
}
+ sz += (1 /* NUL */ + 4 /* unc\ */ + 4 /* \??\ */) * sizeof(WCHAR);
+ if (sz > MAXWORD)
+ {
+ if (ptr != local) RtlFreeHeap(GetProcessHeap(), 0, ptr);
+ return FALSE;
+ }
- ntpath->MaximumLength = sz + (4 /* unc\ */ + 4 /* \??\ */) * sizeof(WCHAR);
+ ntpath->MaximumLength = sz;
ntpath->Buffer = RtlAllocateHeap(GetProcessHeap(), 0, ntpath->MaximumLength);
if (!ntpath->Buffer)
{
More information about the wine-cvs
mailing list