From 0f55e53480bda66ceddcfef9e8fb30f77af75de0 Mon Sep 17 00:00:00 2001 From: Thomas Bluemel Date: Sat, 1 Oct 2005 12:21:55 +0000 Subject: [PATCH] fixed possible buffer overflow bug: pass correct buffer length (in characters, not bytes) to FileGetString() svn path=/trunk/; revision=18187 --- reactos/subsys/system/cmd/batch.c | 2 +- reactos/subsys/system/cmd/goto.c | 2 +- reactos/subsys/system/cmd/misc.c | 7 +++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/reactos/subsys/system/cmd/batch.c b/reactos/subsys/system/cmd/batch.c index e4148660b73..f15547ccc32 100644 --- a/reactos/subsys/system/cmd/batch.c +++ b/reactos/subsys/system/cmd/batch.c @@ -408,7 +408,7 @@ LPTSTR ReadBatchLine (LPBOOL bLocalEcho) return textline; } - if (!FileGetString (bc->hBatchFile, textline, sizeof (textline))) + if (!FileGetString (bc->hBatchFile, textline, sizeof (textline) / sizeof (textline[0]))) { #ifdef _DEBUG DebugPrintf (_T("ReadBatchLine(): Reached EOF!\n")); diff --git a/reactos/subsys/system/cmd/goto.c b/reactos/subsys/system/cmd/goto.c index e7768d91ea9..4f2cf77d553 100644 --- a/reactos/subsys/system/cmd/goto.c +++ b/reactos/subsys/system/cmd/goto.c @@ -85,7 +85,7 @@ INT cmd_goto (LPTSTR cmd, LPTSTR param) /* jump to begin of the file */ SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN); - while (FileGetString (bc->hBatchFile, textline, sizeof(textline))) + while (FileGetString (bc->hBatchFile, textline, sizeof(textline) / sizeof(textline[0]))) { int pos; int size; diff --git a/reactos/subsys/system/cmd/misc.c b/reactos/subsys/system/cmd/misc.c index 0a62530a757..304dee63031 100644 --- a/reactos/subsys/system/cmd/misc.c +++ b/reactos/subsys/system/cmd/misc.c @@ -381,13 +381,12 @@ BOOL FileGetString (HANDLE hFile, LPTSTR lpBuffer, INT nBufferLength) while ((--nBufferLength > 0) && ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead) { - if ((ch == '\n') || (ch == '\r')) + lpString[len++] = ch; + if ((ch == '\n') || (ch == '\r')) { - /* read it*/ - lpString[len++] = ch; + /* break at new line*/ break; } - lpString[len++] = ch; } if (!dwRead && !len)