fixed possible buffer overflow bug: pass correct buffer length (in characters, not bytes) to FileGetString() Modified: trunk/reactos/subsys/system/cmd/batch.c Modified: trunk/reactos/subsys/system/cmd/goto.c Modified: trunk/reactos/subsys/system/cmd/misc.c _____
Modified: trunk/reactos/subsys/system/cmd/batch.c --- trunk/reactos/subsys/system/cmd/batch.c 2005-10-01 10:10:39 UTC (rev 18186) +++ trunk/reactos/subsys/system/cmd/batch.c 2005-10-01 12:21:55 UTC (rev 18187) @@ -408,7 +408,7 @@
return textline; }
- if (!FileGetString (bc->hBatchFile, textline, sizeof (textline))) + if (!FileGetString (bc->hBatchFile, textline, sizeof (textline) / sizeof (textline[0]))) { #ifdef _DEBUG DebugPrintf (_T("ReadBatchLine(): Reached EOF!\n")); _____
Modified: trunk/reactos/subsys/system/cmd/goto.c --- trunk/reactos/subsys/system/cmd/goto.c 2005-10-01 10:10:39 UTC (rev 18186) +++ trunk/reactos/subsys/system/cmd/goto.c 2005-10-01 12:21:55 UTC (rev 18187) @@ -85,7 +85,7 @@
/* jump to begin of the file */ SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN);
- while (FileGetString (bc->hBatchFile, textline, sizeof(textline))) + while (FileGetString (bc->hBatchFile, textline, sizeof(textline) / sizeof(textline[0]))) { int pos; int size; _____
Modified: trunk/reactos/subsys/system/cmd/misc.c --- trunk/reactos/subsys/system/cmd/misc.c 2005-10-01 10:10:39 UTC (rev 18186) +++ trunk/reactos/subsys/system/cmd/misc.c 2005-10-01 12:21:55 UTC (rev 18187) @@ -381,13 +381,12 @@
while ((--nBufferLength > 0) && ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead) { - if ((ch == '\n') || (ch == '\r')) + lpString[len++] = ch; + if ((ch == '\n') || (ch == '\r')) { - /* read it*/ - lpString[len++] = ch; + /* break at new line*/ break; } - lpString[len++] = ch; }
if (!dwRead && !len)