Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-08-06 11:24:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Manufacturer section names can also be decorated by architecture-specific extension

Browse source 
Fix possible buffer overflow (spotted by w3seek)

svn path=/trunk/; revision=18696
This commit is contained in:
Hervé Poussineau 2005-10-23 10:40:25 +00:00
parent 86a86862c4
commit 177148f7e7
1 changed files with 13 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
reactos/lib/setupapi/devinst.c
View file

@ -3698,7 +3698,8 @@ AddDriverToList(
driverInfo->Details.Reserved = (ULONG_PTR)driverInfo; driverInfo->Details.Reserved = (ULONG_PTR)driverInfo;
/* Copy InfFileName field */ /* Copy InfFileName field */
wcsncpy(driverInfo->Details.InfFileName, InfFile, MAX_PATH); wcsncpy(driverInfo->Details.InfFileName, InfFile, MAX_PATH - 1);
driverInfo->Details.InfFileName[MAX_PATH - 1] = '\0';
/* Fill InfDate field */ /* Fill InfDate field */
/* FIXME: hFile = CreateFile(driverInfo->Details.InfFileName, /* FIXME: hFile = CreateFile(driverInfo->Details.InfFileName,
@ -3942,7 +3943,7 @@ SetupDiBuildDriverInfoList(
HINF hInf = INVALID_HANDLE_VALUE; HINF hInf = INVALID_HANDLE_VALUE;
LPWSTR ProviderName = NULL; LPWSTR ProviderName = NULL;
LPWSTR ManufacturerName = NULL; LPWSTR ManufacturerName = NULL;
LPWSTR ManufacturerSection = NULL; WCHAR ManufacturerSection[LINE_LEN + 1];
LPWSTR HardwareIDs = NULL; LPWSTR HardwareIDs = NULL;
LPWSTR CompatibleIDs = NULL; LPWSTR CompatibleIDs = NULL;
FILETIME DriverDate; FILETIME DriverDate;
@ -4114,29 +4115,24 @@ SetupDiBuildDriverInfoList(
ManufacturerName, RequiredSize, ManufacturerName, RequiredSize,
&RequiredSize); &RequiredSize);
} }
/* Get manufacturer section name */
Result = SetupGetStringFieldW( Result = SetupGetStringFieldW(
&ContextManufacturer, &ContextManufacturer,
1, /* Field index */ 1, /* Field index */
NULL, 0, ManufacturerSection, LINE_LEN,
&RequiredSize); &RequiredSize);
if (Result) if (Result)
{ {
/* We got the needed size for the buffer */ ManufacturerSection[RequiredSize] = 0; /* Final NULL char */
ManufacturerSection = HeapAlloc(GetProcessHeap(), 0, RequiredSize * sizeof(WCHAR)); /* Add (possible) extension to manufacturer section name */
if (!ManufacturerSection) Result = SetupDiGetActualSectionToInstallW(
hInf, ManufacturerSection, ManufacturerSection, LINE_LEN, NULL, NULL);
if (Result)
{ {
SetLastError(ERROR_NOT_ENOUGH_MEMORY); TRACE("Enumerating devices in manufacturer %S\n", ManufacturerSection);
goto done; Result = SetupFindFirstLineW(hInf, ManufacturerSection, NULL, &ContextDevice);
} }
Result = SetupGetStringFieldW(
&ContextManufacturer,
1, /* Field index */
ManufacturerSection, RequiredSize,
&RequiredSize);
} }
TRACE("Enumerating devices in manufacturer %S\n", ManufacturerSection);
Result = SetupFindFirstLineW(hInf, ManufacturerSection, NULL, &ContextDevice);
while (Result) while (Result)
{ {
if (DriverType == SPDIT_CLASSDRIVER) if (DriverType == SPDIT_CLASSDRIVER)
@ -4239,8 +4235,7 @@ SetupDiBuildDriverInfoList(
} }
HeapFree(GetProcessHeap(), 0, ManufacturerName); HeapFree(GetProcessHeap(), 0, ManufacturerName);
HeapFree(GetProcessHeap(), 0, ManufacturerSection); ManufacturerName = NULL;
ManufacturerName = ManufacturerSection = NULL;
Result = SetupFindNextLine(&ContextManufacturer, &ContextManufacturer); Result = SetupFindNextLine(&ContextManufacturer, &ContextManufacturer);
} }
@ -4274,7 +4269,6 @@ done:
HeapFree(GetProcessHeap(), 0, ProviderName); HeapFree(GetProcessHeap(), 0, ProviderName);
HeapFree(GetProcessHeap(), 0, ManufacturerName); HeapFree(GetProcessHeap(), 0, ManufacturerName);
HeapFree(GetProcessHeap(), 0, ManufacturerSection);
HeapFree(GetProcessHeap(), 0, HardwareIDs); HeapFree(GetProcessHeap(), 0, HardwareIDs);
HeapFree(GetProcessHeap(), 0, CompatibleIDs); HeapFree(GetProcessHeap(), 0, CompatibleIDs);
if (hInf != INVALID_HANDLE_VALUE) if (hInf != INVALID_HANDLE_VALUE)