[ros-diffs] [fireball] 37638: - Fix weird code in RtlGetVersion (inspired by Coverity ID 1355 and Daniel's patch in bug 3906). See issue #3906 for more details.

Author: fireball Date: Tue Nov 25 10:31:07 2008 New Revision: 37638 URL: http://svn.reactos.org/svn/reactos?rev=37638&view=rev Log: - Fix weird code in RtlGetVersion (inspired by Coverity ID 1355 and Daniel's patch in bug 3906). See issue #3906 for more details. Modified: trunk/reactos/dll/ntdll/rtl/version.c trunk/reactos/ntoskrnl/rtl/misc.c Modified: trunk/reactos/dll/ntdll/rtl/version.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/rtl/version.c?re… ============================================================================== --- trunk/reactos/dll/ntdll/rtl/version.c [iso-8859-1] (original) +++ trunk/reactos/dll/ntdll/rtl/version.c [iso-8859-1] Tue Nov 25 10:31:07 2008 @@ -104,6 +104,8 @@ NTSTATUS NTAPI RtlGetVersion(RTL_OSVERSIONINFOW *Info) { + ULONG i, MaxLength; + if (Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOW) || Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW)) { @@ -113,17 +115,19 @@ Info->dwMinorVersion = Peb->OSMinorVersion; Info->dwBuildNumber = Peb->OSBuildNumber; Info->dwPlatformId = Peb->OSPlatformId; + RtlZeroMemory(Info->szCSDVersion, sizeof(Info->szCSDVersion)); if(((Peb->OSCSDVersion >> 8) & 0xFF) != 0) { - int i = _snwprintf(Info->szCSDVersion, - (sizeof(Info->szCSDVersion) / sizeof(Info->szCSDVersion[0])) - 1, - L"Service Pack %d", - ((Peb->OSCSDVersion >> 8) & 0xFF)); - Info->szCSDVersion[i] = L'\0'; - } - else - { - RtlZeroMemory(Info->szCSDVersion, sizeof(Info->szCSDVersion)); + MaxLength = (sizeof(Info->szCSDVersion) / sizeof(Info->szCSDVersion[0])) - 1; + i = _snwprintf(Info->szCSDVersion, + MaxLength, + L"Service Pack %d", + ((Peb->OSCSDVersion >> 8) & 0xFF)); + if (i < 0) + { + /* null-terminate if it was overflowed */ + Info->szCSDVersion[MaxLength] = L'\0'; + } } if (Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW)) { Modified: trunk/reactos/ntoskrnl/rtl/misc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/rtl/misc.c?rev=37… ============================================================================== --- trunk/reactos/ntoskrnl/rtl/misc.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/rtl/misc.c [iso-8859-1] Tue Nov 25 10:31:07 2008 @@ -39,6 +39,7 @@ NTSTATUS STDCALL RtlGetVersion(IN OUT PRTL_OSVERSIONINFOW lpVersionInformation) { + ULONG i, MaxLength; if (lpVersionInformation->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOW) || lpVersionInformation->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW)) { @@ -46,17 +47,19 @@ lpVersionInformation->dwMinorVersion = NtMinorVersion; lpVersionInformation->dwBuildNumber = NtBuildNumber; lpVersionInformation->dwPlatformId = VER_PLATFORM_WIN32_NT; + RtlZeroMemory(lpVersionInformation->szCSDVersion, sizeof(lpVersionInformation->szCSDVersion)); if(((CmNtCSDVersion >> 8) & 0xFF) != 0) { - int i = _snwprintf(lpVersionInformation->szCSDVersion, - (sizeof(lpVersionInformation->szCSDVersion) / sizeof(lpVersionInformation->szCSDVersion[0])) - 1, - L"Service Pack %d", - ((CmNtCSDVersion >> 8) & 0xFF)); - lpVersionInformation->szCSDVersion[i] = L'\0'; - } - else - { - RtlZeroMemory(lpVersionInformation->szCSDVersion, sizeof(lpVersionInformation->szCSDVersion)); + MaxLength = (sizeof(lpVersionInformation->szCSDVersion) / sizeof(lpVersionInformation->szCSDVersion[0])) - 1; + i = _snwprintf(lpVersionInformation->szCSDVersion, + MaxLength, + L"Service Pack %d", + ((CmNtCSDVersion >> 8) & 0xFF)); + if (i < 0) + { + /* null-terminate if it was overflowed */ + lpVersionInformation->szCSDVersion[MaxLength] = L'\0'; + } } if (lpVersionInformation->dwOSVersionInfoSize == sizeof(OSVERSIONINFOEXW)) {