fixed possible buffer overflow bug: pass correct buffer length (in characters, not bytes) to FileGetString()
Modified: trunk/reactos/subsys/system/cmd/batch.c
Modified: trunk/reactos/subsys/system/cmd/goto.c
Modified: trunk/reactos/subsys/system/cmd/misc.c
Modified: trunk/reactos/subsys/system/cmd/batch.c
--- trunk/reactos/subsys/system/cmd/batch.c	2005-10-01 10:10:39 UTC (rev 18186)
+++ trunk/reactos/subsys/system/cmd/batch.c	2005-10-01 12:21:55 UTC (rev 18187)
@@ -408,7 +408,7 @@

 			return textline;
 		}
 

-		if (!FileGetString (bc->hBatchFile, textline, sizeof (textline)))

+		if (!FileGetString (bc->hBatchFile, textline, sizeof (textline) / sizeof (textline[0])))

 		{
 #ifdef _DEBUG
 			DebugPrintf (_T("ReadBatchLine(): Reached EOF!\n"));
Modified: trunk/reactos/subsys/system/cmd/goto.c
--- trunk/reactos/subsys/system/cmd/goto.c	2005-10-01 10:10:39 UTC (rev 18186)
+++ trunk/reactos/subsys/system/cmd/goto.c	2005-10-01 12:21:55 UTC (rev 18187)
@@ -85,7 +85,7 @@

   /* jump to begin of the file */
   SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN);
 

-	while (FileGetString (bc->hBatchFile, textline, sizeof(textline)))

+	while (FileGetString (bc->hBatchFile, textline, sizeof(textline) / sizeof(textline[0])))

 	{
      int pos;
      int size;    
Modified: trunk/reactos/subsys/system/cmd/misc.c
--- trunk/reactos/subsys/system/cmd/misc.c	2005-10-01 10:10:39 UTC (rev 18186)
+++ trunk/reactos/subsys/system/cmd/misc.c	2005-10-01 12:21:55 UTC (rev 18187)
@@ -381,13 +381,12 @@

 	while ((--nBufferLength >  0) &&
 		   ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead)
 	{

-		if ((ch == '\n') || (ch == '\r'))

+        lpString[len++] = ch;
+        if ((ch == '\n') || (ch == '\r'))

 		{

-			/* read it*/
-			lpString[len++] = ch;

+			/* break at new line*/

 			break;
 		}

-		lpString[len++] = ch;

 	}
 
 	if (!dwRead && !len)