Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-06-03 16:30:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

[CONSRV]

Browse source 
- Fix potential Out-of-bounds access during string copy/concatenation. CID 1322098.
- Fix check for NULL after potential dereference. CID 1322175.

svn path=/trunk/; revision=71913
This commit is contained in:
Hermès Bélusca-Maïto 2016-07-13 00:06:09 +00:00
parent a5b76eb779
commit 47d9985bb4
2 changed files with 10 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
reactos/win32ss/user/winsrv/concfg/settings.c
View file

@ -102,13 +102,12 @@ TranslateConsoleName(OUT LPWSTR DestString,
wLength = GetWindowsDirectoryW(DestString, MaxStrLen); wLength = GetWindowsDirectoryW(DestString, MaxStrLen);
if ((wLength > 0) && (_wcsnicmp(ConsoleName, DestString, wLength) == 0)) if ((wLength > 0) && (_wcsnicmp(ConsoleName, DestString, wLength) == 0))
{ {
wcsncpy(DestString, L"%SystemRoot%", MaxStrLen); StringCchCopyW(DestString, MaxStrLen, L"%SystemRoot%");
// FIXME: Fix possible buffer overflows there !!!!! StringCchCatW(DestString, MaxStrLen, ConsoleName + wLength);
wcsncat(DestString, ConsoleName + wLength, MaxStrLen);
} }
else else
{ {
wcsncpy(DestString, ConsoleName, MaxStrLen); StringCchCopyW(DestString, MaxStrLen, ConsoleName);
} }
/* Replace path separators (backslashes) by underscores */ /* Replace path separators (backslashes) by underscores */
@ -155,10 +154,10 @@ ConCfgOpenUserSettings(LPCWSTR ConsoleTitle,
* to make the registry happy, replace all the * to make the registry happy, replace all the
* backslashes by underscores. * backslashes by underscores.
*/ */
TranslateConsoleName(szBuffer2, ConsoleTitle, MAX_PATH); TranslateConsoleName(szBuffer2, ConsoleTitle, ARRAYSIZE(szBuffer2));
/* Create the registry path */ /* Create the registry path */
wcsncat(szBuffer, szBuffer2, MAX_PATH - wcslen(szBuffer) - 1); StringCchCatW(szBuffer, MAX_PATH - wcslen(szBuffer) - 1, szBuffer2);
/* Create or open the registry key */ /* Create or open the registry key */
if (Create) if (Create)

12
reactos/win32ss/user/winsrv/consrv/frontends/gui/conwnd.c
View file

@ -1455,15 +1455,16 @@ OnNcDestroy(HWND hWnd)
{ {
PGUI_CONSOLE_DATA GuiData = GuiGetGuiData(hWnd); PGUI_CONSOLE_DATA GuiData = GuiGetGuiData(hWnd);
if (GuiData->IsWindowVisible) /* Free the GuiData registration */
{ SetWindowLongPtrW(hWnd, GWLP_USERDATA, (DWORD_PTR)NULL);
KillTimer(hWnd, CONGUI_UPDATE_TIMER);
}
GetSystemMenu(hWnd, TRUE); GetSystemMenu(hWnd, TRUE);
if (GuiData) if (GuiData)
{ {
if (GuiData->IsWindowVisible)
KillTimer(hWnd, CONGUI_UPDATE_TIMER);
/* Free the terminal framebuffer */ /* Free the terminal framebuffer */
if (GuiData->hMemDC ) DeleteDC(GuiData->hMemDC); if (GuiData->hMemDC ) DeleteDC(GuiData->hMemDC);
if (GuiData->hBitmap) DeleteObject(GuiData->hBitmap); if (GuiData->hBitmap) DeleteObject(GuiData->hBitmap);
@ -1471,9 +1472,6 @@ OnNcDestroy(HWND hWnd)
DeleteFonts(GuiData); DeleteFonts(GuiData);
} }
/* Free the GuiData registration */
SetWindowLongPtrW(hWnd, GWLP_USERDATA, (DWORD_PTR)NULL);
return DefWindowProcW(hWnd, WM_NCDESTROY, 0, 0); return DefWindowProcW(hWnd, WM_NCDESTROY, 0, 0);
} }