fixed possible buffer overflow bug: pass correct buffer length (in characters, not bytes) to FileGetString()
Modified: trunk/reactos/subsys/system/cmd/batch.c
Modified: trunk/reactos/subsys/system/cmd/goto.c
Modified: trunk/reactos/subsys/system/cmd/misc.c

Modified: trunk/reactos/subsys/system/cmd/batch.c
--- trunk/reactos/subsys/system/cmd/batch.c	2005-10-01 10:10:39 UTC (rev 18186)
+++ trunk/reactos/subsys/system/cmd/batch.c	2005-10-01 12:21:55 UTC (rev 18187)
@@ -408,7 +408,7 @@
 			return textline;
 		}
 
-		if (!FileGetString (bc->hBatchFile, textline, sizeof (textline)))
+		if (!FileGetString (bc->hBatchFile, textline, sizeof (textline) / sizeof (textline[0])))
 		{
 #ifdef _DEBUG
 			DebugPrintf (_T("ReadBatchLine(): Reached EOF!\n"));

Modified: trunk/reactos/subsys/system/cmd/goto.c
--- trunk/reactos/subsys/system/cmd/goto.c	2005-10-01 10:10:39 UTC (rev 18186)
+++ trunk/reactos/subsys/system/cmd/goto.c	2005-10-01 12:21:55 UTC (rev 18187)
@@ -85,7 +85,7 @@
   /* jump to begin of the file */
   SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN);
 
-	while (FileGetString (bc->hBatchFile, textline, sizeof(textline)))
+	while (FileGetString (bc->hBatchFile, textline, sizeof(textline) / sizeof(textline[0])))
 	{
      int pos;
      int size;     

Modified: trunk/reactos/subsys/system/cmd/misc.c
--- trunk/reactos/subsys/system/cmd/misc.c	2005-10-01 10:10:39 UTC (rev 18186)
+++ trunk/reactos/subsys/system/cmd/misc.c	2005-10-01 12:21:55 UTC (rev 18187)
@@ -381,13 +381,12 @@
 	while ((--nBufferLength >  0) &&
 		   ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead)
 	{
-		if ((ch == '\n') || (ch == '\r'))
+        lpString[len++] = ch;
+        if ((ch == '\n') || (ch == '\r'))
 		{
-			/* read it*/
-			lpString[len++] = ch;
+			/* break at new line*/
 			break;
 		}
-		lpString[len++] = ch;
 	}
 
 	if (!dwRead && !len)