From f682bf63e7cd653fdc4168a966d58ff0e7be4d8e Mon Sep 17 00:00:00 2001 From: Thomas Bluemel Date: Sun, 15 Oct 2006 12:41:48 +0000 Subject: [PATCH] Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug. svn path=/trunk/; revision=24520 --- reactos/ntoskrnl/ke/i386/cpu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/reactos/ntoskrnl/ke/i386/cpu.c b/reactos/ntoskrnl/ke/i386/cpu.c index 8996231d1ae..6d21150dc19 100644 --- a/reactos/ntoskrnl/ke/i386/cpu.c +++ b/reactos/ntoskrnl/ke/i386/cpu.c @@ -183,6 +183,7 @@ KiGetCpuVendor(VOID) { PKPRCB Prcb = KeGetCurrentPrcb(); ULONG Vendor[5]; + ULONG Temp; /* Assume no Vendor ID and fail if no CPUID Support. */ Prcb->VendorString[0] = 0; @@ -193,13 +194,13 @@ KiGetCpuVendor(VOID) Vendor[4] = 0; /* Re-arrange vendor string */ - Vendor[5] = Vendor[2]; + Temp = Vendor[2]; Vendor[2] = Vendor[3]; - Vendor[3] = Vendor[5]; + Vendor[3] = Temp; /* Copy it to the PRCB and null-terminate it again */ RtlCopyMemory(Prcb->VendorString, - &Vendor[1], + &Vendor[0], sizeof(Prcb->VendorString) - sizeof(CHAR)); Prcb->VendorString[sizeof(Prcb->VendorString) - sizeof(CHAR)] = ANSI_NULL;