mirror of
https://github.com/reactos/reactos.git
synced 2024-08-20 18:35:32 +00:00
Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug.
svn path=/trunk/; revision=24520
This commit is contained in:
parent
809d98521c
commit
f682bf63e7
|
@ -183,6 +183,7 @@ KiGetCpuVendor(VOID)
|
||||||
{
|
{
|
||||||
PKPRCB Prcb = KeGetCurrentPrcb();
|
PKPRCB Prcb = KeGetCurrentPrcb();
|
||||||
ULONG Vendor[5];
|
ULONG Vendor[5];
|
||||||
|
ULONG Temp;
|
||||||
|
|
||||||
/* Assume no Vendor ID and fail if no CPUID Support. */
|
/* Assume no Vendor ID and fail if no CPUID Support. */
|
||||||
Prcb->VendorString[0] = 0;
|
Prcb->VendorString[0] = 0;
|
||||||
|
@ -193,13 +194,13 @@ KiGetCpuVendor(VOID)
|
||||||
Vendor[4] = 0;
|
Vendor[4] = 0;
|
||||||
|
|
||||||
/* Re-arrange vendor string */
|
/* Re-arrange vendor string */
|
||||||
Vendor[5] = Vendor[2];
|
Temp = Vendor[2];
|
||||||
Vendor[2] = Vendor[3];
|
Vendor[2] = Vendor[3];
|
||||||
Vendor[3] = Vendor[5];
|
Vendor[3] = Temp;
|
||||||
|
|
||||||
/* Copy it to the PRCB and null-terminate it again */
|
/* Copy it to the PRCB and null-terminate it again */
|
||||||
RtlCopyMemory(Prcb->VendorString,
|
RtlCopyMemory(Prcb->VendorString,
|
||||||
&Vendor[1],
|
&Vendor[0],
|
||||||
sizeof(Prcb->VendorString) - sizeof(CHAR));
|
sizeof(Prcb->VendorString) - sizeof(CHAR));
|
||||||
Prcb->VendorString[sizeof(Prcb->VendorString) - sizeof(CHAR)] = ANSI_NULL;
|
Prcb->VendorString[sizeof(Prcb->VendorString) - sizeof(CHAR)] = ANSI_NULL;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue