kernel32: fix ExpandEnvironmentStrings to not overflow
UNICODE_STRING buffer size (with test)
Robert Reif
reif at earthlink.net
Sat Aug 19 12:27:01 CDT 2006
-------------- next part --------------
diff -p -u -r1.11 environ.c
--- dlls/kernel/environ.c 23 May 2006 12:48:03 -0000 1.11
+++ dlls/kernel/environ.c 19 Aug 2006 17:22:07 -0000
@@ -345,6 +345,11 @@ DWORD WINAPI ExpandEnvironmentStringsW(
TRACE("(%s %p %lu)\n", debugstr_w(src), dst, len);
RtlInitUnicodeString(&us_src, src);
+
+ /* make sure we don't overflow maximum UNICODE_STRING size */
+ if (len > 0x7fff)
+ len = 0x7fff;
+
us_dst.Length = 0;
us_dst.MaximumLength = len * sizeof(WCHAR);
us_dst.Buffer = dst;
diff -p -u -r1.12 environ.c
--- dlls/kernel/tests/environ.c 23 May 2006 12:48:07 -0000 1.12
+++ dlls/kernel/tests/environ.c 19 Aug 2006 17:22:08 -0000
@@ -213,9 +213,14 @@ static void test_GetSetEnvironmentVariab
static void test_ExpandEnvironmentStringsA(void)
{
- char buf[256], buf1[256];
+ char buf[256], buf1[256], buf2[0x8000];
DWORD ret_size, ret_size1;
+ /* test a large destination size */
+ strcpy(buf, "12345");
+ ret_size = ExpandEnvironmentStringsA(buf, buf2, sizeof(buf2));
+ ok(!strcmp(buf, buf2), "ExpandEnvironmentStrings failed %s vs %s. ret_size = %ld\n", buf, buf2, ret_size);
+
ret_size1 = GetWindowsDirectoryA(buf1,256);
ok ((ret_size1 >0) && (ret_size1<256), "GetWindowsDirectory Failed\n");
ret_size = ExpandEnvironmentStringsA("%SystemRoot%",buf,sizeof(buf));
More information about the wine-patches
mailing list