[ros-diffs] [pschweitzer] 62618: [RTL] Properly check for total length in LdrpGetProcedureAddress(). It contains more than just a name. Fixes a buffer overrun. CID #716122

Author: pschweitzer Date: Sat Apr 5 13:13:01 2014 New Revision: 62618 URL: http://svn.reactos.org/svn/reactos?rev=62618&view=rev Log: [RTL] Properly check for total length in LdrpGetProcedureAddress(). It contains more than just a name. Fixes a buffer overrun. CID #716122 Modified: trunk/reactos/dll/ntdll/ldr/ldrutils.c Modified: trunk/reactos/dll/ntdll/ldr/ldrutils.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/ldr/ldrutils.c?r… ============================================================================== --- trunk/reactos/dll/ntdll/ldr/ldrutils.c [iso-8859-1] (original) +++ trunk/reactos/dll/ntdll/ldr/ldrutils.c [iso-8859-1] Sat Apr 5 13:13:01 2014 @@ -2267,7 +2267,7 @@ } /* Check if our buffer is large enough */ - if (Name->Length > sizeof(ImportBuffer)) + if (Length > sizeof(ImportBuffer)) { /* Allocate from heap, plus 2 bytes for the Hint */ ImportName = RtlAllocateHeap(RtlGetProcessHeap(),