[reactos] 02/04: [LDR] Don't dereference a possible nullptr on a malformed forwarded import - Ros-diffs

3 Jan 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=3e9cf62470c4b8cd5f7212...
commit 3e9cf62470c4b8cd5f7212c6bfe05d45bcaea4a2
Author:     Mark Jansen mark.jansen@reactos.org
AuthorDate: Fri Dec 28 19:26:32 2018 +0100
Commit:     Mark Jansen mark.jansen@reactos.org
CommitDate: Thu Jan 3 22:52:18 2019 +0100
[LDR] Don't dereference a possible nullptr on a malformed forwarded import
---
 dll/ntdll/ldr/ldrpe.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dll/ntdll/ldr/ldrpe.c b/dll/ntdll/ldr/ldrpe.c
index d8d235b34b..1f7fa31236 100644
--- a/dll/ntdll/ldr/ldrpe.c
+++ b/dll/ntdll/ldr/ldrpe.c
@@ -962,7 +962,7 @@ LdrpSnapThunk(IN PVOID ExportBase,
     PIMAGE_IMPORT_BY_NAME AddressOfData;
     PULONG NameTable;
     PUSHORT OrdinalTable;
-    LPSTR ImportName = NULL;
+    LPSTR ImportName = NULL, DotPosition;
     USHORT Hint;
     NTSTATUS Status;
     ULONG_PTR HardErrorParameters[3];
@@ -1117,8 +1117,14 @@ FailurePath:
         {
             /* Get the Import and Forwarder Names */
             ImportName = (LPSTR)Thunk->u1.Function;
+
+            DotPosition = strchr(ImportName, '.');
+            ASSERT(DotPosition != NULL);
+            if (!DotPosition)
+                goto FailurePath;
+
             ForwarderName.Buffer = ImportName;
-            ForwarderName.Length = (USHORT)(strchr(ImportName, '.') - ImportName);
+            ForwarderName.Length = (USHORT)(DotPosition - ImportName);
             ForwarderName.MaximumLength = ForwarderName.Length;
             Status = RtlAnsiStringToUnicodeString(&TempUString,
                                                   &ForwarderName,

    