netapi32: Fix some limits and bounds checking
Andrew Talbot
andrew.talbot at talbotville.com
Mon Jan 19 11:34:54 CST 2009
Note: The checking or where ptr points must be done before its being
dereferenced.
-- Andy.
---
Changelog:
netapi32: Fix some limits and bounds checking.
diff --git a/dlls/netapi32/nbt.c b/dlls/netapi32/nbt.c
index 8db87b4..5042baa 100644
--- a/dlls/netapi32/nbt.c
+++ b/dlls/netapi32/nbt.c
@@ -103,8 +103,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(netbios);
#define MIN_CACHE_TIMEOUT 60000
#define CACHE_TIMEOUT 360000
-#define MAX_NBT_NAME_SZ (NCBNAMSZ * 2 + MAX_DOMAIN_NAME_LEN + 2)
-#define SIMPLE_NAME_QUERY_PKT_SIZE 26 + MAX_NBT_NAME_SZ
+#define MAX_NBT_NAME_SZ 255
+#define SIMPLE_NAME_QUERY_PKT_SIZE 16 + MAX_NBT_NAME_SZ
#define DEFAULT_NBT_SESSIONS 16
@@ -156,7 +156,7 @@ static DWORD gWINSQueries;
static DWORD gWINSQueryTimeout;
static DWORD gWINSServers[MAX_WINS_SERVERS];
static int gNumWINSServers;
-static char gScopeID[MAX_DOMAIN_NAME_LEN];
+static char gScopeID[MAX_SCOPE_ID_LEN];
static DWORD gCacheTimeout;
static struct NBNameCache *gNameCache;
@@ -1493,7 +1493,7 @@ void NetBTInit(void)
(LPBYTE)&dword, &size) == ERROR_SUCCESS && dword >= MIN_QUERY_TIMEOUT
&& dword <= MAX_QUERY_TIMEOUT)
gWINSQueryTimeout = dword;
- size = MAX_DOMAIN_NAME_LEN - 1;
+ size = sizeof(gScopeID) - 1;
if (RegQueryValueExW(hKey, ScopeIDW, NULL, NULL, (LPBYTE)gScopeID + 1, &size)
== ERROR_SUCCESS)
{
@@ -1501,11 +1501,11 @@ void NetBTInit(void)
NetBTNameEncode */
char *ptr, *lenPtr;
- for (ptr = gScopeID + 1; *ptr &&
- ptr - gScopeID < MAX_DOMAIN_NAME_LEN; )
+ for (ptr = gScopeID + 1; ptr - gScopeID < sizeof(gScopeID) && *ptr; )
{
- for (lenPtr = ptr - 1, *lenPtr = 0; *ptr && *ptr != '.' &&
- ptr - gScopeID < MAX_DOMAIN_NAME_LEN; ptr++)
+ for (lenPtr = ptr - 1, *lenPtr = 0;
+ ptr - gScopeID < sizeof(gScopeID) && *ptr && *ptr != '.';
+ ptr++)
*lenPtr += 1;
ptr++;
}
More information about the wine-patches
mailing list