[ros-diffs] [tkreuzer] 53942: [NTSOKRNL] - use RtlStringCbPrintfA instead of manually calculating required length and checking if the buffer is large enough - Use %wZ as format specifier for a UNICODE_STRING, ...

Author: tkreuzer Date: Sun Oct 2 21:42:00 2011 New Revision: 53942 URL: http://svn.reactos.org/svn/reactos?rev=53942&view=rev Log: [NTSOKRNL] - use RtlStringCbPrintfA instead of manually calculating required length and checking if the buffer is large enough - Use %wZ as format specifier for a UNICODE_STRING, instead of using %S and making assumptions about zero termination. - Don't "while (TRUE);" on buffer overflow! Modified: trunk/reactos/ntoskrnl/ex/init.c Modified: trunk/reactos/ntoskrnl/ex/init.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/init.c?rev=539… ============================================================================== --- trunk/reactos/ntoskrnl/ex/init.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/init.c [iso-8859-1] Sun Oct 2 21:42:00 2011 @@ -750,9 +750,9 @@ ULONG Count, Length; PWCHAR Name; PLDR_DATA_TABLE_ENTRY LdrEntry; - BOOLEAN OverFlow = FALSE; CHAR NameBuffer[256]; STRING SymbolString; + NTSTATUS Status; /* Loop the driver list */ NextEntry = LoaderBlock->LoadOrderListHead.Flink; @@ -775,7 +775,7 @@ if (sizeof(NameBuffer) < Length + sizeof(ANSI_NULL)) { /* It's too long */ - OverFlow = TRUE; + Status = STATUS_BUFFER_OVERFLOW; } else { @@ -789,33 +789,21 @@ /* Null-terminate */ NameBuffer[Count] = ANSI_NULL; + Status = STATUS_SUCCESS; } } else { - /* This should be a driver, check if it fits */ - if (sizeof(NameBuffer) < - (sizeof("\\System32\\Drivers\\") + - NtSystemRoot.Length / sizeof(WCHAR) - sizeof(UNICODE_NULL) + - LdrEntry->BaseDllName.Length / sizeof(WCHAR) + - sizeof(ANSI_NULL))) - { - /* Buffer too small */ - OverFlow = TRUE; - while (TRUE); - } - else - { - /* Otherwise build the name. HACKED for GCC :( */ - sprintf(NameBuffer, - "%S\\System32\\Drivers\\%S", - &SharedUserData->NtSystemRoot[2], - LdrEntry->BaseDllName.Buffer); - } + /* Safely print the string into our buffer */ + Status = RtlStringCbPrintfA(NameBuffer, + sizeof(NameBuffer), + "%S\\System32\\Drivers\\%wZ", + &SharedUserData->NtSystemRoot[2], + &LdrEntry->BaseDllName); } /* Check if the buffer was ok */ - if (!OverFlow) + if (NT_SUCCESS(Status)) { /* Initialize the STRING for the debugger */ RtlInitString(&SymbolString, NameBuffer);