13 Jan
2015
13 Jan
'15
11:19 p.m.
Author: hbelusca
Date: Tue Jan 13 23:19:21 2015
New Revision: 66036
URL: http://svn.reactos.org/svn/reactos?rev=66036&view=rev
Log:
[FREELDR]: Addendum to PXE r66034: don't read after Path buffer validity.
Modified:
trunk/reactos/boot/freeldr/freeldr/fs/pxe.c
Modified: trunk/reactos/boot/freeldr/freeldr/fs/pxe.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/boot/freeldr/freeldr/fs/px…
==============================================================================
--- trunk/reactos/boot/freeldr/freeldr/fs/pxe.c [iso-8859-1] (original)
+++ trunk/reactos/boot/freeldr/freeldr/fs/pxe.c [iso-8859-1] Tue Jan 13 23:19:21 2015
@@ -142,7 +142,7 @@
if (_OpenFile == NO_FILE || FileId != _OpenFile)
return EBADF;
- RtlZeroMemory(Information, sizeof(FILEINFORMATION));
+ RtlZeroMemory(Information, sizeof(*Information));
Information->EndingAddress.LowPart = _FileSize;
Information->CurrentAddress.LowPart = _FilePosition;
@@ -153,22 +153,27 @@
{
t_PXENV_TFTP_GET_FSIZE sizeData;
t_PXENV_TFTP_OPEN openData;
- ULONG i;
+ SIZE_T PathLen, i;
if (_OpenFile != NO_FILE)
return EIO;
if (OpenMode != OpenReadOnly)
return EACCES;
- for (i = 0; i < sizeof(_OpenFileName) - 1; i++)
+ /* Retrieve the path length without NULL terminator */
+ PathLen = (Path ? min(strlen(Path), sizeof(_OpenFileName) - 1) : 0);
+
+ /* Zero out the file name */
+ RtlZeroMemory(_OpenFileName, sizeof(_OpenFileName));
+
+ /* Lowercase the path and always use slashes as separators */
+ for (i = 0; i < PathLen; i++)
{
if (Path[i] == '\\')
_OpenFileName[i] = '/';
else
_OpenFileName[i] = tolower(Path[i]);
}
- while (i < sizeof(_OpenFileName))
- _OpenFileName[i++] = '\0';
RtlZeroMemory(&sizeData, sizeof(sizeData));
sizeData.ServerIPAddress = _ServerIP;
@@ -183,7 +188,7 @@
if (_FileSize < 1024 * 1024)
{
_CachedFile = FrLdrTempAlloc(_FileSize, TAG_PXE_FILE);
- // Don't check for allocation failure, we support _CachedFile = NULL
+ // Don't check for allocation failure, we support _CachedFile == NULL
}
_CachedLength = 0;