[KERNEL32] Use RtlStringCbCopyNW() to correctly fill the WIN32_FIND_DATA.cFileName and cAlternateFileName members without any overflow and with a terminating NULL character.

2024-10-01 15:07:53 +00:00 · 2018-07-22 21:32:38 +02:00 · 2018-07-22 21:32:38 +02:00 · 2158f31b71
parent b003d68ca5
commit 2158f31b71
2 changed files with 20 additions and 18 deletions
--- a/dll/win32/kernel32/client/file/disk.c
+++ b/dll/win32/kernel32/client/file/disk.c
@ -19,7 +19,6 @@
 */

 #include <k32.h>
-#include <strsafe.h>

 #define NDEBUG
 #include <debug.h>
--- a/dll/win32/kernel32/client/file/find.c
+++ b/dll/win32/kernel32/client/file/find.c
@ -5,12 +5,14 @@
 * PURPOSE:         Find functions
 * PROGRAMMERS:     Ariadne (ariadne@xs4all.nl)
 *                  Pierre Schweitzer (pierre.schweitzer@reactos.org)
- *                  Hermes BELUSCA - MAITO (hermes.belusca@sfr.fr)
+ *                  Hermes Belusca-Maito
 */

 /* INCLUDES *******************************************************************/

 #include <k32.h>
+#include <ntstrsafe.h>
+
 #define NDEBUG
 #include <debug.h>
 DEBUG_CHANNEL(kernel32file);
@ -71,7 +73,7 @@ typedef struct _FIND_FILE_DATA

    /*
     * For handling STATUS_BUFFER_OVERFLOW errors emitted by
-     * NtQueryDirectoryFile in the FildNextFile function.
+     * NtQueryDirectoryFile in the FindNextFile function.
     */
    BOOLEAN HasMoreData;

@ -128,9 +130,9 @@ CopyDeviceFindData(OUT LPWIN32_FIND_DATAW lpFindFileData,
        /* Return the data */
        RtlZeroMemory(lpFindFileData, sizeof(*lpFindFileData));
        lpFindFileData->dwFileAttributes = FILE_ATTRIBUTE_ARCHIVE;
-        RtlCopyMemory(lpFindFileData->cFileName,
-                      DeviceName,
-                      Length);
+        RtlStringCbCopyNW(lpFindFileData->cFileName,
+                          sizeof(lpFindFileData->cFileName),
+                          DeviceName, Length);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
@ -175,22 +177,22 @@ do { \

        if (fInfoLevelId == FindExInfoStandard)
        {
-            RtlCopyMemory(lpFindFileData->cFileName,
-                          DirInfo.BothDirInfo->FileName,
-                          DirInfo.BothDirInfo->FileNameLength);
-            lpFindFileData->cFileName[DirInfo.BothDirInfo->FileNameLength / sizeof(WCHAR)] = UNICODE_NULL;
+            RtlStringCbCopyNW(lpFindFileData->cFileName,
+                              sizeof(lpFindFileData->cFileName),
+                              DirInfo.BothDirInfo->FileName,
+                              DirInfo.BothDirInfo->FileNameLength);

-            RtlCopyMemory(lpFindFileData->cAlternateFileName,
-                          DirInfo.BothDirInfo->ShortName,
-                          DirInfo.BothDirInfo->ShortNameLength);
-            lpFindFileData->cAlternateFileName[DirInfo.BothDirInfo->ShortNameLength / sizeof(WCHAR)] = UNICODE_NULL;
+            RtlStringCbCopyNW(lpFindFileData->cAlternateFileName,
+                              sizeof(lpFindFileData->cAlternateFileName),
+                              DirInfo.BothDirInfo->ShortName,
+                              DirInfo.BothDirInfo->ShortNameLength);
        }
        else if (fInfoLevelId == FindExInfoBasic)
        {
-            RtlCopyMemory(lpFindFileData->cFileName,
-                          DirInfo.FullDirInfo->FileName,
-                          DirInfo.FullDirInfo->FileNameLength);
-            lpFindFileData->cFileName[DirInfo.FullDirInfo->FileNameLength / sizeof(WCHAR)] = UNICODE_NULL;
+            RtlStringCbCopyNW(lpFindFileData->cFileName,
+                              sizeof(lpFindFileData->cFileName),
+                              DirInfo.FullDirInfo->FileName,
+                              DirInfo.FullDirInfo->FileNameLength);

            lpFindFileData->cAlternateFileName[0] = UNICODE_NULL;
        }
@ -554,6 +556,7 @@ FindClose(HANDLE hFindFile)
        _SEH2_YIELD(return FALSE);
    }
    _SEH2_END;
+
    return TRUE;
 }