Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Andrey Korotaev <unc0rr@mail.ru>:

Browse source 
- Never trust MaximumLength passed from usermode when copying a unicode string (fixes a wide amount of crashes, tested with CdrLabel 4.1).

svn path=/trunk/; revision=31010
This commit is contained in:
Aleksey Bragin 2007-12-04 22:52:05 +00:00
parent 98a17200e4
commit 729df301cd
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
reactos/subsystems/win32/win32k/ntuser/misc.c
View file

@ -2397,10 +2397,10 @@ IntSafeCopyUnicodeString(PUNICODE_STRING Dest,
Src = Dest->Buffer;
Dest->Buffer = NULL;
Dest->MaximumLength = Dest->Length;
if(Dest->Length > 0 && Src)
{
Dest->MaximumLength = Dest->Length;
Dest->Buffer = ExAllocatePoolWithTag(PagedPool, Dest->MaximumLength, TAG_STRING);
if(!Dest->Buffer)
{
@ -2443,6 +2443,7 @@ IntSafeCopyUnicodeStringTerminateNULL(PUNICODE_STRING Dest,
Src = Dest->Buffer;
Dest->Buffer = NULL;
Dest->MaximumLength = 0;
if(Dest->Length > 0 && Src)
{