https://git.reactos.org/?p=reactos.git;a=commitdiff;h=708d26acf396d81fa475f… commit 708d26acf396d81fa475f3ce7b70d3346279b133 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Thu Apr 26 14:59:21 2018 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Thu Apr 26 15:00:24 2018 +0200 [MSXML3] Fix buffer overflow in BindStatusCallback_GetBindInfo. CORE-14570 --- dll/win32/msxml3/httprequest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dll/win32/msxml3/httprequest.c b/dll/win32/msxml3/httprequest.c index 40a976438d..07eeb74370 100644 --- a/dll/win32/msxml3/httprequest.c +++ b/dll/win32/msxml3/httprequest.c @@ -397,7 +397,7 @@ static HRESULT WINAPI BindStatusCallback_GetBindInfo(IBindStatusCallback *iface, pbindinfo->dwBindVerb = This->request->verb; if (This->request->verb == BINDVERB_CUSTOM) { - pbindinfo->szCustomVerb = CoTaskMemAlloc(SysStringByteLen(This->request->custom)); + pbindinfo->szCustomVerb = CoTaskMemAlloc(SysStringByteLen(This->request->custom)+sizeof(WCHAR)); strcpyW(pbindinfo->szCustomVerb, This->request->custom); }