Alexandre Julliard : ntdll: Avoid overflowing the command line buffer.

[Alexandre Julliard]

Module: wine
Branch: oldstable
Commit: 4a4acbe9777ed3c6d045f771000a7d73f0233488
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=4a4acbe9777ed3c6d045f771000a7d73f0233488

Author: Alexandre Julliard <julliard at winehq.org>
Date:   Tue Jun  9 18:34:00 2020 +0200

ntdll: Avoid overflowing the command line buffer.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49314
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
(cherry picked from commit a240abf12b615a50105e4567951df7c1e01d5a03)
Conflicts:
	dlls/ntdll/env.c
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>

---

 dlls/ntdll/env.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/dlls/ntdll/env.c b/dlls/ntdll/env.c
index d7010cf8b7f..ae82f702763 100644
--- a/dlls/ntdll/env.c
+++ b/dlls/ntdll/env.c
@@ -800,8 +800,7 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
 
     len = 1;
     for (arg = argv; *arg; arg++) len += 3 + 2 * strlenW( *arg );
-    cmdline->MaximumLength = len * sizeof(WCHAR);
-    if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, cmdline->MaximumLength ))) return;
+    if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return;
 
     p = cmdline->Buffer;
     for (arg = argv; *arg; arg++)
@@ -847,7 +846,13 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
     }
     if (p > cmdline->Buffer) p--;  /* remove last space */
     *p = 0;
+    if (p - cmdline->Buffer >= 32767)
+    {
+        ERR( "command line too long (%u)\n", (DWORD)(p - cmdline->Buffer) );
+        NtTerminateProcess( GetCurrentProcess(), 1 );
+    }
     cmdline->Length = (p - cmdline->Buffer) * sizeof(WCHAR);
+    cmdline->MaximumLength = cmdline->Length + sizeof(WCHAR);
 }