Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-31 19:42:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[RTL]

Browse source 
- Fix two bugs revealed by the newly added test in r54114.
 * Original length of the passed string should be used when checking for out-of-buffer access in the loop
 * PathChars should be updated if a DOS device name was found in the given string.
See issue #6390 for more details.

svn path=/trunk/; revision=54116
This commit is contained in:
Aleksey Bragin 2011-10-13 18:15:50 +00:00
parent d9f8633b4e
commit 360430be4d
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
reactos/lib/rtl/path.c
View file

@ -48,7 +48,7 @@ RtlIsDosDeviceName_Ustr(IN PUNICODE_STRING PathString)
UNICODE_STRING PathCopy;
PWCHAR Start, End;
USHORT PathChars, ColonCount = 0;
USHORT ReturnOffset = 0, ReturnLength;
USHORT ReturnOffset = 0, ReturnLength, OriginalLength;
WCHAR c;
/* Validate the input */
@ -77,6 +77,7 @@ RtlIsDosDeviceName_Ustr(IN PUNICODE_STRING PathString)
/* Make a copy of the string */
PathCopy = *PathString;
OriginalLength = PathString->Length;
/* Return if there's no characters */
PathChars = PathCopy.Length / sizeof(WCHAR);
@ -124,16 +125,19 @@ RtlIsDosDeviceName_Ustr(IN PUNICODE_STRING PathString)
c = *End | ' '; // ' ' == ('z' - 'Z')
/* Check if it's a DOS device (LPT, COM, PRN, AUX, or NUL) */
if ((End < &PathCopy.Buffer[PathCopy.Length / sizeof(WCHAR)]) &&
if ((End < &PathCopy.Buffer[OriginalLength / sizeof(WCHAR)]) &&
((c == 'l') || (c == 'c') || (c == 'p') || (c == 'a') || (c == 'n')))
{
/* Calculate the offset */
ReturnOffset = (PCHAR)End - (PCHAR)PathCopy.Buffer;
/* Build the final string */
PathCopy.Length -= ReturnOffset;
PathCopy.Length -= (ColonCount * sizeof(WCHAR));
PathCopy.Length = OriginalLength - ReturnOffset - (ColonCount * sizeof(WCHAR));
PathCopy.Buffer = End;
/* Save new amount of chars in the path */
PathChars = PathCopy.Length / sizeof(WCHAR);
break;
}
else