mirror of
https://github.com/reactos/reactos.git
synced 2025-08-03 13:56:05 +00:00
[NTSOKRNL]
- use RtlStringCbPrintfA instead of manually calculating required length and checking if the buffer is large enough - Use %wZ as format specifier for a UNICODE_STRING, instead of using %S and making assumptions about zero termination. - Don't "while (TRUE);" on buffer overflow! svn path=/trunk/; revision=53942
This commit is contained in:
Timo Kreuzer
parent
621aa88894
commit
8b7dad6466
1 changed files with 10 additions and 22 deletions
|
|
@ -750,9 +750,9 @@ ExpLoadBootSymbols(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
||||||
ULONG Count, Length;
|
ULONG Count, Length;
|
||||||
PWCHAR Name;
|
PWCHAR Name;
|
||||||
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
||||||
BOOLEAN OverFlow = FALSE;
|
|
||||||
CHAR NameBuffer[256];
|
CHAR NameBuffer[256];
|
||||||
STRING SymbolString;
|
STRING SymbolString;
|
||||||
|
NTSTATUS Status;
|
||||||
|
|
||||||
/* Loop the driver list */
|
/* Loop the driver list */
|
||||||
NextEntry = LoaderBlock->LoadOrderListHead.Flink;
|
NextEntry = LoaderBlock->LoadOrderListHead.Flink;
|
||||||
|
|
@ -775,7 +775,7 @@ ExpLoadBootSymbols(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
||||||
if (sizeof(NameBuffer) < Length + sizeof(ANSI_NULL))
|
if (sizeof(NameBuffer) < Length + sizeof(ANSI_NULL))
|
||||||
{
|
{
|
||||||
/* It's too long */
|
/* It's too long */
|
||||||
OverFlow = TRUE;
|
Status = STATUS_BUFFER_OVERFLOW;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -789,33 +789,21 @@ ExpLoadBootSymbols(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
||||||
|
|
||||||
/* Null-terminate */
|
/* Null-terminate */
|
||||||
NameBuffer[Count] = ANSI_NULL;
|
NameBuffer[Count] = ANSI_NULL;
|
||||||
|
Status = STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* This should be a driver, check if it fits */
|
/* Safely print the string into our buffer */
|
||||||
if (sizeof(NameBuffer) <
|
Status = RtlStringCbPrintfA(NameBuffer,
|
||||||
(sizeof("\\System32\\Drivers\\") +
|
sizeof(NameBuffer),
|
||||||
NtSystemRoot.Length / sizeof(WCHAR) - sizeof(UNICODE_NULL) +
|
"%S\\System32\\Drivers\\%wZ",
|
||||||
LdrEntry->BaseDllName.Length / sizeof(WCHAR) +
|
&SharedUserData->NtSystemRoot[2],
|
||||||
sizeof(ANSI_NULL)))
|
&LdrEntry->BaseDllName);
|
||||||
{
|
|
||||||
/* Buffer too small */
|
|
||||||
OverFlow = TRUE;
|
|
||||||
while (TRUE);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* Otherwise build the name. HACKED for GCC :( */
|
|
||||||
sprintf(NameBuffer,
|
|
||||||
"%S\\System32\\Drivers\\%S",
|
|
||||||
&SharedUserData->NtSystemRoot[2],
|
|
||||||
LdrEntry->BaseDllName.Buffer);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check if the buffer was ok */
|
/* Check if the buffer was ok */
|
||||||
if (!OverFlow)
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
/* Initialize the STRING for the debugger */
|
/* Initialize the STRING for the debugger */
|
||||||
RtlInitString(&SymbolString, NameBuffer);
|
RtlInitString(&SymbolString, NameBuffer);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue