ntdll: Fix two buffer overflow conditions in RtlDosPathNameToNtPathName_U.
Vitaliy Margolen
wine-devel at kievinfo.com
Wed Sep 7 08:36:58 CDT 2011
On 09/06/2011 08:46 AM, Octavian Voicu wrote:
> On Tue, Sep 6, 2011 at 4:40 PM, Vitaliy Margolen
> <wine-devel at kievinfo.com> wrote:
>> The fix is not entirely correct. UNICODE_STRING does not have to have a
>> terminating \0 character. The code should not use str* functions on not
>> zero-terminated strings.
>
> I was also unsure about this when coding the patch, but I read here [1] that:
>
> "Specifies the length, in bytes, of the string pointed to by the
> Buffer member, not including the terminating NULL character, if any."
>
> So it's not a mistake to include a NULL character. I figured it's not
> worth the trouble to change the last strcpy into memcpy, especially
> because it could also be the case that it would introduce regressions
> (in case some other code wrongly depends on that NULL).
>
> Should I change offending strcpyW to memcpy?
Some ntdll functions do put terminating \0 character into UNICODE_STRINGs.
You can write a test to see if RtlDosPathNameToNtPathName_U is one of them.
But by definition U_S does not require terminating \0. And many places don't
put it there.
Regardless, last strcpy & strlen should go and be replaced with memcpy &
pointer arithmetic.
Vitaliy.
More information about the wine-devel
mailing list