[ros-diffs] [reactos] 01/01: [IPHLPAPI] Use if_descrlen field for determining the length of if_descr in IFEntry structure. This fixes heap corruption on GCC8. CORE-16088

5 Jul 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=042646ceaccb13e2bea9b…

commit 042646ceaccb13e2bea9b2d9a06fadf284ecc0ab
Author:     Victor Perevertkin &lt;victor(a)perevertkin.ru&gt;
AuthorDate: Sun Jun 30 15:34:46 2019 +0300
Commit:     Victor Perevertkin &lt;victor(a)perevertkin.ru&gt;
CommitDate: Fri Jul 5 22:49:12 2019 +0300

    [IPHLPAPI] Use if_descrlen field for determining the length of
    if_descr in IFEntry structure. This fixes heap corruption on GCC8.
    CORE-16088
---
 dll/win32/iphlpapi/ifenum_reactos.c | 18 +++++++++---------
 dll/win32/iphlpapi/iphlpapi_main.c  |  9 +++++----
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/dll/win32/iphlpapi/ifenum_reactos.c b/dll/win32/iphlpapi/ifenum_reactos.c
index 8bbdd63a503..41958ea1361 100644
--- a/dll/win32/iphlpapi/ifenum_reactos.c
+++ b/dll/win32/iphlpapi/ifenum_reactos.c
@@ -97,13 +97,14 @@ NTSTATUS tdiGetMibForIfEntity
            entry->ent.if_speed,
            entry->ent.if_physaddrlen);
     TRACE("  if_physaddr .................... %02x:%02x:%02x:%02x:%02x:%02x\n"
-           "  if_descr ....................... %s\n",
+           "  if_descr ....................... %*s\n",
            entry->ent.if_physaddr[0] & 0xff,
            entry->ent.if_physaddr[1] & 0xff,
            entry->ent.if_physaddr[2] & 0xff,
            entry->ent.if_physaddr[3] & 0xff,
            entry->ent.if_physaddr[4] & 0xff,
            entry->ent.if_physaddr[5] & 0xff,
+           entry->ent.if_descrlen,
            entry->ent.if_descr);
     TRACE("} status %08x\n",status);
 
@@ -332,7 +333,7 @@ NTSTATUS getInterfaceInfoByName( HANDLE tcpFile, char *name, IFInfo
*info ) {
     if( NT_SUCCESS(status) )
     {
         for( i = 0; i < numInterfaces; i++ ) {
-            if( !strcmp((PCHAR)ifInfo[i].if_info.ent.if_descr, name) ) {
+            if( !strncmp((PCHAR)ifInfo[i].if_info.ent.if_descr, name,
ifInfo[i].if_info.ent.if_descrlen) ) {
                 memcpy( info, &ifInfo[i], sizeof(*info) );
                 break;
             }
@@ -352,20 +353,19 @@ const char *getInterfaceNameByIndex(DWORD index)
 {
     IFInfo ifInfo;
     HANDLE tcpFile;
-    char *interfaceName = 0, *adapter_name = 0;
+    char *interfaceName = NULL;
     NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA );
 
     if( NT_SUCCESS(status) ) {
         status = getInterfaceInfoByIndex( tcpFile, index, &ifInfo );
 
         if( NT_SUCCESS(status) ) {
-            adapter_name = (char *)ifInfo.if_info.ent.if_descr;
-
             interfaceName = HeapAlloc( GetProcessHeap(), 0,
-                                       strlen(adapter_name) + 1 );
-            if (!interfaceName) return NULL;
-
-            strcpy( interfaceName, adapter_name );
+                                       ifInfo.if_info.ent.if_descrlen + 1 );
+            if( interfaceName ) {
+              memcpy(interfaceName, ifInfo.if_info.ent.if_descr,
ifInfo.if_info.ent.if_descrlen);
+              interfaceName[ifInfo.if_info.ent.if_descrlen] = '\0';
+            }
         }
 
         closeTcpFile( tcpFile );
diff --git a/dll/win32/iphlpapi/iphlpapi_main.c b/dll/win32/iphlpapi/iphlpapi_main.c
index 242fb3bbd55..8bcde12b52b 100644
--- a/dll/win32/iphlpapi/iphlpapi_main.c
+++ b/dll/win32/iphlpapi/iphlpapi_main.c
@@ -3200,10 +3200,10 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetAdaptersAddresses(ULONG
Family,ULONG Flags,PVO
 
             /* Friendly name */
             if (!(Flags & GAA_FLAG_SKIP_FRIENDLY_NAME))
-                requiredSize += strlen((char *)ifInfo.if_info.ent.if_descr) + 1; //FIXME
+                requiredSize += ifInfo.if_info.ent.if_descrlen + 1; //FIXME
 
             /* Adapter name */
-            requiredSize += strlen((char *)ifInfo.if_info.ent.if_descr) + 1;
+            requiredSize += ifInfo.if_info.ent.if_descrlen + 1;
 
             /* Unicast address */
             if (!(Flags & GAA_FLAG_SKIP_UNICAST))
@@ -3248,7 +3248,7 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetAdaptersAddresses(ULONG
Family,ULONG Flags,PVO
 
             /* Adapter name */
             currentAddress->AdapterName = (PVOID)currentLocation;
-            currentLocation += strlen((char *)ifInfo.if_info.ent.if_descr) + 1;
+            currentLocation += ifInfo.if_info.ent.if_descrlen + 1;
 
             /* Unicast address */
             if (!(Flags & GAA_FLAG_SKIP_UNICAST))
@@ -3297,7 +3297,8 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetAdaptersAddresses(ULONG
Family,ULONG Flags,PVO
             currentAddress->IfIndex = indexTable->indexes[i];
 
             /* Adapter name */
-            strcpy(currentAddress->AdapterName, (char *)ifInfo.if_info.ent.if_descr);
+            memcpy(currentAddress->AdapterName, ifInfo.if_info.ent.if_descr,
ifInfo.if_info.ent.if_descrlen);
+            currentAddress->AdapterName[ifInfo.if_info.ent.if_descrlen] =
'\0';
 
             if (!(Flags & GAA_FLAG_SKIP_UNICAST))
             {


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 01/01: [IPHLPAPI] Use if_descrlen field for determining the length of if_descr in IFEntry structure. This fixes heap corruption on GCC8. CORE-16088