Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-11-20 06:15:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

[KERNEL32]

Browse source 
- Fix buffer overflow in PeekNamedPipe

svn path=/trunk/; revision=57360
This commit is contained in:
Thomas Faber 2012-09-22 09:18:34 +00:00
parent 46029920aa
commit 1cc975ea63
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
reactos/dll/win32/kernel32/client/file/npipe.c
View file

@ -1173,7 +1173,7 @@ PeekNamedPipe(HANDLE hNamedPipe,
NTSTATUS Status;
/* Calculate the buffer space that we'll need and allocate it */
BufferSize = nBufferSize + sizeof(FILE_PIPE_PEEK_BUFFER);
BufferSize = FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[nBufferSize]);
Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferSize);
if (Buffer == NULL)
{
@ -1215,11 +1215,15 @@ PeekNamedPipe(HANDLE hNamedPipe,
/* Check if caller requested bytes available */
if (lpTotalBytesAvail)
{
/* Return bytes available */
*lpTotalBytesAvail = Buffer->ReadDataAvailable;
}
/* Calculate the bytes returned, minus our structure overhead */
BytesRead = (ULONG)(Iosb.Information -
FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]));
ASSERT(BytesRead <= nBufferSize);
/* Check if caller requested bytes read */
if (lpBytesRead)