Fixed a few length calculation in NtEnumerateValueKey, which has resulted in a overflow, if the given buffer was too small.
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
--- trunk/reactos/ntoskrnl/cm/ntfunc.c	2005-11-14 17:33:38 UTC (rev 19226)
+++ trunk/reactos/ntoskrnl/cm/ntfunc.c	2005-11-14 17:46:00 UTC (rev 19227)
@@ -1135,18 +1135,16 @@

                   ROUND_UP(ValueFullInformation->DataOffset, sizeof(PVOID));
               ValueFullInformation->DataLength = ValueCell->DataSize & REG_DATA_SIZE_MASK;
 

-	      if (Length - FIELD_OFFSET(KEY_VALUE_FULL_INFORMATION, Name[0]) <
-	          NameSize)

+              if (Length < ValueFullInformation->DataOffset)

 	        {
 	          NameSize = Length - FIELD_OFFSET(KEY_VALUE_FULL_INFORMATION, Name[0]);
 	          DataSize = 0;
 	          Status = STATUS_BUFFER_OVERFLOW;
 	          CHECKPOINT;
 	        }

-              else if (ROUND_UP(Length - FIELD_OFFSET(KEY_VALUE_FULL_INFORMATION,
-                       Name[0]) - NameSize, sizeof(PVOID)) < DataSize)

+              else if (Length - ValueFullInformation->DataOffset < DataSize) 

 	        {

-	          DataSize = ROUND_UP(Length - FIELD_OFFSET(KEY_VALUE_FULL_INFORMATION, Name[0]) - NameSize, sizeof(PVOID));

+	          DataSize = Length - ValueFullInformation->DataOffset;

 	          Status = STATUS_BUFFER_OVERFLOW;
 	          CHECKPOINT;
 	        }