https://git.reactos.org/?p=reactos.git;a=commitdiff;h=042646ceaccb13e2bea9b2...
commit 042646ceaccb13e2bea9b2d9a06fadf284ecc0ab Author: Victor Perevertkin victor@perevertkin.ru AuthorDate: Sun Jun 30 15:34:46 2019 +0300 Commit: Victor Perevertkin victor@perevertkin.ru CommitDate: Fri Jul 5 22:49:12 2019 +0300
[IPHLPAPI] Use if_descrlen field for determining the length of if_descr in IFEntry structure. This fixes heap corruption on GCC8. CORE-16088 --- dll/win32/iphlpapi/ifenum_reactos.c | 18 +++++++++--------- dll/win32/iphlpapi/iphlpapi_main.c | 9 +++++---- 2 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/dll/win32/iphlpapi/ifenum_reactos.c b/dll/win32/iphlpapi/ifenum_reactos.c index 8bbdd63a503..41958ea1361 100644 --- a/dll/win32/iphlpapi/ifenum_reactos.c +++ b/dll/win32/iphlpapi/ifenum_reactos.c @@ -97,13 +97,14 @@ NTSTATUS tdiGetMibForIfEntity entry->ent.if_speed, entry->ent.if_physaddrlen); TRACE(" if_physaddr .................... %02x:%02x:%02x:%02x:%02x:%02x\n" - " if_descr ....................... %s\n", + " if_descr ....................... %*s\n", entry->ent.if_physaddr[0] & 0xff, entry->ent.if_physaddr[1] & 0xff, entry->ent.if_physaddr[2] & 0xff, entry->ent.if_physaddr[3] & 0xff, entry->ent.if_physaddr[4] & 0xff, entry->ent.if_physaddr[5] & 0xff, + entry->ent.if_descrlen, entry->ent.if_descr); TRACE("} status %08x\n",status);
@@ -332,7 +333,7 @@ NTSTATUS getInterfaceInfoByName( HANDLE tcpFile, char *name, IFInfo *info ) { if( NT_SUCCESS(status) ) { for( i = 0; i < numInterfaces; i++ ) { - if( !strcmp((PCHAR)ifInfo[i].if_info.ent.if_descr, name) ) { + if( !strncmp((PCHAR)ifInfo[i].if_info.ent.if_descr, name, ifInfo[i].if_info.ent.if_descrlen) ) { memcpy( info, &ifInfo[i], sizeof(*info) ); break; } @@ -352,20 +353,19 @@ const char *getInterfaceNameByIndex(DWORD index) { IFInfo ifInfo; HANDLE tcpFile; - char *interfaceName = 0, *adapter_name = 0; + char *interfaceName = NULL; NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA );
if( NT_SUCCESS(status) ) { status = getInterfaceInfoByIndex( tcpFile, index, &ifInfo );
if( NT_SUCCESS(status) ) { - adapter_name = (char *)ifInfo.if_info.ent.if_descr; - interfaceName = HeapAlloc( GetProcessHeap(), 0, - strlen(adapter_name) + 1 ); - if (!interfaceName) return NULL; - - strcpy( interfaceName, adapter_name ); + ifInfo.if_info.ent.if_descrlen + 1 ); + if( interfaceName ) { + memcpy(interfaceName, ifInfo.if_info.ent.if_descr, ifInfo.if_info.ent.if_descrlen); + interfaceName[ifInfo.if_info.ent.if_descrlen] = '\0'; + } }
closeTcpFile( tcpFile ); diff --git a/dll/win32/iphlpapi/iphlpapi_main.c b/dll/win32/iphlpapi/iphlpapi_main.c index 242fb3bbd55..8bcde12b52b 100644 --- a/dll/win32/iphlpapi/iphlpapi_main.c +++ b/dll/win32/iphlpapi/iphlpapi_main.c @@ -3200,10 +3200,10 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetAdaptersAddresses(ULONG Family,ULONG Flags,PVO
/* Friendly name */ if (!(Flags & GAA_FLAG_SKIP_FRIENDLY_NAME)) - requiredSize += strlen((char *)ifInfo.if_info.ent.if_descr) + 1; //FIXME + requiredSize += ifInfo.if_info.ent.if_descrlen + 1; //FIXME
/* Adapter name */ - requiredSize += strlen((char *)ifInfo.if_info.ent.if_descr) + 1; + requiredSize += ifInfo.if_info.ent.if_descrlen + 1;
/* Unicast address */ if (!(Flags & GAA_FLAG_SKIP_UNICAST)) @@ -3248,7 +3248,7 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetAdaptersAddresses(ULONG Family,ULONG Flags,PVO
/* Adapter name */ currentAddress->AdapterName = (PVOID)currentLocation; - currentLocation += strlen((char *)ifInfo.if_info.ent.if_descr) + 1; + currentLocation += ifInfo.if_info.ent.if_descrlen + 1;
/* Unicast address */ if (!(Flags & GAA_FLAG_SKIP_UNICAST)) @@ -3297,7 +3297,8 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetAdaptersAddresses(ULONG Family,ULONG Flags,PVO currentAddress->IfIndex = indexTable->indexes[i];
/* Adapter name */ - strcpy(currentAddress->AdapterName, (char *)ifInfo.if_info.ent.if_descr); + memcpy(currentAddress->AdapterName, ifInfo.if_info.ent.if_descr, ifInfo.if_info.ent.if_descrlen); + currentAddress->AdapterName[ifInfo.if_info.ent.if_descrlen] = '\0';
if (!(Flags & GAA_FLAG_SKIP_UNICAST)) {