https://git.reactos.org/?p=reactos.git;a=commitdiff;h=708d26acf396d81fa475f3...
commit 708d26acf396d81fa475f3ce7b70d3346279b133 Author: Thomas Faber thomas.faber@reactos.org AuthorDate: Thu Apr 26 14:59:21 2018 +0200 Commit: Thomas Faber thomas.faber@reactos.org CommitDate: Thu Apr 26 15:00:24 2018 +0200
[MSXML3] Fix buffer overflow in BindStatusCallback_GetBindInfo. CORE-14570 --- dll/win32/msxml3/httprequest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dll/win32/msxml3/httprequest.c b/dll/win32/msxml3/httprequest.c index 40a976438d..07eeb74370 100644 --- a/dll/win32/msxml3/httprequest.c +++ b/dll/win32/msxml3/httprequest.c @@ -397,7 +397,7 @@ static HRESULT WINAPI BindStatusCallback_GetBindInfo(IBindStatusCallback *iface, pbindinfo->dwBindVerb = This->request->verb; if (This->request->verb == BINDVERB_CUSTOM) { - pbindinfo->szCustomVerb = CoTaskMemAlloc(SysStringByteLen(This->request->custom)); + pbindinfo->szCustomVerb = CoTaskMemAlloc(SysStringByteLen(This->request->custom)+sizeof(WCHAR)); strcpyW(pbindinfo->szCustomVerb, This->request->custom); }
-
Thomas Faber