From f1011d8bb590ecf99c926b79af982b36b2fdaa0e Mon Sep 17 00:00:00 2001 From: Johannes Anderwald Date: Thu, 5 Feb 2009 22:23:43 +0000 Subject: [PATCH] - Fix a potential buffer overflow in RChangeServiceConfigA - Make sure that returned buffers are zero terminated in RQueryServiceConfigA svn path=/trunk/; revision=39424 --- reactos/base/system/services/rpcserver.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/reactos/base/system/services/rpcserver.c b/reactos/base/system/services/rpcserver.c index 12df600d854..5419438b8c1 100644 --- a/reactos/base/system/services/rpcserver.c +++ b/reactos/base/system/services/rpcserver.c @@ -2984,7 +2984,7 @@ DWORD RChangeServiceConfigA( lpDisplayName, -1, lpDisplayNameW, - wcslen(lpDisplayNameW) + 1); + strlen(lpDisplayName) + 1); RegSetValueExW(hServiceKey, L"DisplayName", @@ -3620,7 +3620,7 @@ DWORD RQueryServiceConfigA( lpImagePath, -1, lpStr, - wcslen(lpImagePath), + wcslen(lpImagePath)+1, 0, 0); } @@ -3639,7 +3639,7 @@ DWORD RQueryServiceConfigA( lpService->lpGroup->lpGroupName, -1, lpStr, - wcslen(lpService->lpGroup->lpGroupName), + wcslen(lpService->lpGroup->lpGroupName)+1, 0, 0); } @@ -3664,7 +3664,7 @@ DWORD RQueryServiceConfigA( lpServiceStartName, -1, lpStr, - wcslen(lpServiceStartName), + wcslen(lpServiceStartName)+1, 0, 0); } @@ -3683,7 +3683,7 @@ DWORD RQueryServiceConfigA( lpService->lpDisplayName, -1, lpStr, - wcslen(lpService->lpDisplayName), + wcslen(lpService->lpDisplayName)+1, 0, 0); }