Author: tfaber Date: Mon Oct 5 11:25:49 2015 New Revision: 69456
URL: http://svn.reactos.org/svn/reactos?rev=69456&view=rev Log: [RAPPS] - Fix another potential buffer overflow
Modified: trunk/reactos/base/applications/rapps/loaddlg.c
Modified: trunk/reactos/base/applications/rapps/loaddlg.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/rapps/loa... ============================================================================== --- trunk/reactos/base/applications/rapps/loaddlg.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/rapps/loaddlg.c [iso-8859-1] Mon Oct 5 11:25:49 2015 @@ -408,10 +408,11 @@ if(FAILED(StringCbLengthW(AppInfo->szUrlDownload, sizeof(AppInfo->szUrlDownload), &urlLength))) goto end;
- urlComponents.dwSchemeLength = urlLength*sizeof(WCHAR); - urlComponents.lpszScheme = malloc(urlComponents.dwSchemeLength); - urlComponents.dwHostNameLength = urlLength*sizeof(WCHAR); - urlComponents.lpszHostName = malloc(urlComponents.dwHostNameLength); + urlLength /= sizeof(WCHAR); + urlComponents.dwSchemeLength = urlLength + 1; + urlComponents.lpszScheme = malloc(urlComponents.dwSchemeLength * sizeof(WCHAR)); + urlComponents.dwHostNameLength = urlLength + 1; + urlComponents.lpszHostName = malloc(urlComponents.dwHostNameLength * sizeof(WCHAR));
if(!InternetCrackUrlW(AppInfo->szUrlDownload, urlLength+1, ICU_DECODE | ICU_ESCAPE, &urlComponents)) goto end;