[ros-diffs] [gedmurphy] 33725: fix potential buffer overflow

Author: gedmurphy Date: Tue May 27 03:28:52 2008 New Revision: 33725 URL: http://svn.reactos.org/svn/reactos?rev=33725&view=rev Log: fix potential buffer overflow Modified: trunk/reactos/dll/win32/user32/misc/dllmain.c Modified: trunk/reactos/dll/win32/user32/misc/dllmain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/user32/misc/dllm… ============================================================================== --- trunk/reactos/dll/win32/user32/misc/dllmain.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/user32/misc/dllmain.c [iso-8859-1] Tue May 27 03:28:52 2008 @@ -90,9 +90,22 @@ LPWSTR lpBuffer = (LPWSTR)kvpInfo->Data; if (lpBuffer != UNICODE_NULL) { - RtlMoveMemory(szAppInit, - kvpInfo->Data, - min(kvpInfo->DataLength, KEY_LENGTH)); + INT bytesToCopy, nullPos; + + bytesToCopy = min(kvpInfo->DataLength, KEY_LENGTH * sizeof(WCHAR)); + + if (bytesToCopy != 0) + { + RtlMoveMemory(szAppInit, + kvpInfo->Data, + bytesToCopy); + + nullPos = (bytesToCopy / sizeof(WCHAR)) - 1; + + /* ensure string is terminated */ + szAppInit[nullPos] = UNICODE_NULL; + } + bRet = TRUE; } }