mirror of
https://github.com/reactos/reactos.git
synced 2024-07-06 20:55:16 +00:00
[ADVAPI32] prevent buffer overflow in ParseStringSecurityDescriptorToSecurityDescriptor (wine-patch by Alistair Leslie-Hughes)
svn path=/trunk/; revision=68799
This commit is contained in:
parent
3f801dad23
commit
4f9474e3ec
|
@ -2544,13 +2544,15 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
|
||||||
{
|
{
|
||||||
BOOL bret = FALSE;
|
BOOL bret = FALSE;
|
||||||
WCHAR toktype;
|
WCHAR toktype;
|
||||||
WCHAR tok[MAX_PATH];
|
WCHAR *tok;
|
||||||
LPCWSTR lptoken;
|
LPCWSTR lptoken;
|
||||||
LPBYTE lpNext = NULL;
|
LPBYTE lpNext = NULL;
|
||||||
DWORD len;
|
DWORD len;
|
||||||
|
|
||||||
*cBytes = sizeof(SECURITY_DESCRIPTOR);
|
*cBytes = sizeof(SECURITY_DESCRIPTOR);
|
||||||
|
|
||||||
|
tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
|
||||||
|
|
||||||
if (SecurityDescriptor)
|
if (SecurityDescriptor)
|
||||||
lpNext = (LPBYTE)(SecurityDescriptor + 1);
|
lpNext = (LPBYTE)(SecurityDescriptor + 1);
|
||||||
|
|
||||||
|
@ -2672,6 +2674,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
|
||||||
bret = TRUE;
|
bret = TRUE;
|
||||||
|
|
||||||
lend:
|
lend:
|
||||||
|
heap_free(tok);
|
||||||
return bret;
|
return bret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue