Author: weiden Date: Sun Oct 15 16:41:48 2006 New Revision: 24520 URL: http://svn.reactos.org/svn/reactos?rev=24520&view=rev Log: Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug. Modified: trunk/reactos/ntoskrnl/ke/i386/cpu.c Modified: trunk/reactos/ntoskrnl/ke/i386/cpu.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/cpu.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/cpu.c (original) +++ trunk/reactos/ntoskrnl/ke/i386/cpu.c Sun Oct 15 16:41:48 2006 @@ -183,6 +183,7 @@ { PKPRCB Prcb = KeGetCurrentPrcb(); ULONG Vendor[5]; + ULONG Temp; /* Assume no Vendor ID and fail if no CPUID Support. */ Prcb->VendorString[0] = 0; @@ -193,13 +194,13 @@ Vendor[4] = 0; /* Re-arrange vendor string */ - Vendor[5] = Vendor[2]; + Temp = Vendor[2]; Vendor[2] = Vendor[3]; - Vendor[3] = Vendor[5]; + Vendor[3] = Temp; /* Copy it to the PRCB and null-terminate it again */ RtlCopyMemory(Prcb->VendorString, - &Vendor[1], + &Vendor[0], sizeof(Prcb->VendorString) - sizeof(CHAR)); Prcb->VendorString[sizeof(Prcb->VendorString) - sizeof(CHAR)] = ANSI_NULL;