Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-07 10:23:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

- Fix a few bugs

Browse source 
- Bug1 - BufferOverflow
- Bug2 - ks expects a '\\' for each pin creation request
- Bug3 - ObjectLength was not correctly set, thus truncating the request
- Bug4 - Zero byte was not set at correct offset, potentialy leading to a heap overflow

svn path=/trunk/; revision=42832
This commit is contained in:
Johannes Anderwald 2009-08-21 18:36:43 +00:00
parent cd731afde1
commit 6f2463f07d
1 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
reactos/dll/directx/ksuser/ksuser.c
View file

@ -44,18 +44,19 @@ KsiCreateObjectType( HANDLE hHandle,
Length = wcslen(IID); Length = wcslen(IID);
TotalSize = (Length * sizeof(WCHAR)) + BufferSize + 2 * sizeof(WCHAR); TotalSize = (Length * sizeof(WCHAR)) + BufferSize + 4 * sizeof(WCHAR);
pStr = HeapAlloc(GetProcessHeap(), 0, TotalSize); pStr = HeapAlloc(GetProcessHeap(), 0, TotalSize);
if (!pStr) if (!pStr)
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
pStr[0] = L'\\';
wcscpy(pStr, (LPWSTR)IID); wcscpy(&pStr[1], (LPWSTR)IID);
pStr[Length] = L'\\'; pStr[Length+1] = L'\\';
memcpy(&pStr[Length+1], Buffer, BufferSize); memcpy(&pStr[Length+2], Buffer, BufferSize);
pStr[Length+1+BufferSize] = L'\0'; pStr[Length+3+(BufferSize/sizeof(WCHAR))] = L'\0';
RtlInitUnicodeString(&ObjectName, pStr); RtlInitUnicodeString(&ObjectName, pStr);
ObjectName.Length = ObjectName.MaximumLength = TotalSize;
InitializeObjectAttributes(&ObjectAttributes, &ObjectName, OBJ_CASE_INSENSITIVE, hHandle, NULL); InitializeObjectAttributes(&ObjectAttributes, &ObjectName, OBJ_CASE_INSENSITIVE, hHandle, NULL);