ntdll: Fix two buffer overflow conditions in RtlDosPathNameToNtPathName_U.

Vitaliy Margolen wine-devel at kievinfo.com
Wed Sep 7 08:36:58 CDT 2011

On 09/06/2011 08:46 AM, Octavian Voicu wrote:
> On Tue, Sep 6, 2011 at 4:40 PM, Vitaliy Margolen
> <wine-devel at kievinfo.com>  wrote:
>> The fix is not entirely correct. UNICODE_STRING does not have to have a
>> terminating \0 character. The code should not use str* functions on not
>> zero-terminated strings.
> I was also unsure about this when coding the patch, but I read here [1] that:
> "Specifies the length, in bytes, of the string pointed to by the
> Buffer member, not including the terminating NULL character, if any."
> So it's not a mistake to include a NULL character. I figured it's not
> worth the trouble to change the last strcpy into memcpy, especially
> because it could also be the case that it would introduce regressions
> (in case some other code wrongly depends on that NULL).
> Should I change offending strcpyW to memcpy?

Some ntdll functions do put terminating \0 character into UNICODE_STRINGs. 
You can write a test to see if RtlDosPathNameToNtPathName_U is one of them. 
But by definition U_S does not require terminating \0. And many places don't 
put it there.

Regardless, last strcpy & strlen should go and be replaced with memcpy & 
pointer arithmetic.


More information about the wine-devel mailing list