From abb09e14a3931d819b733b0e4ce954e48d44eaab Mon Sep 17 00:00:00 2001
From: Saveliy Tretiakov <saveliyt@gmail.com>
Date: Fri, 23 Jun 2006 14:55:52 +0000
Subject: [PATCH] Fix buffer overflow vulnerability (bug 1528)

svn path=/trunk/; revision=22525
---
 reactos/base/services/umpnpmgr/umpnpmgr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reactos/base/services/umpnpmgr/umpnpmgr.c b/reactos/base/services/umpnpmgr/umpnpmgr.c
index 74e9a2d42e7..e2e6e8d089c 100644
--- a/reactos/base/services/umpnpmgr/umpnpmgr.c
+++ b/reactos/base/services/umpnpmgr/umpnpmgr.c
@@ -832,7 +832,9 @@ PNP_GetClassName(handle_t BindingHandle,
 
     lstrcpyW(szKeyName, L"System\\CurrentControlSet\\Control\\Class");
     lstrcatW(szKeyName, L"\\");
-    lstrcatW(szKeyName, ClassGuid);
+    if(lstrlenW(ClassGuid) < sizeof(szKeyName)-lstrlenW(szKeyName))
+    	lstrcatW(szKeyName, ClassGuid);
+    else return CR_INVALID_DATA;
 
     if (RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                       szKeyName,