[fireball] 56888: [EXPLORER_NEW] - Fix possible buffer overflow: ExpandEnvironmentStrings wants character count size of a buffer, not byte sized. Spotted by Thomas Faber. See issue #6053 for more d... - Ros-diffs

14 Jul 2012

Author: fireball
Date: Sat Jul 14 12:02:19 2012
New Revision: 56888
URL: http://svn.reactos.org/svn/reactos?rev=56888&view=rev
Log:
[EXPLORER_NEW]
- Fix possible buffer overflow: ExpandEnvironmentStrings wants character count size of a buffer, not byte sized. Spotted by Thomas Faber.
See issue #6053 for more details.
Modified:
    trunk/reactos/base/shell/explorer/services/startup.c
Modified: trunk/reactos/base/shell/explorer/services/startup.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/shell/explorer/service...
==============================================================================

--- trunk/reactos/base/shell/explorer/services/startup.c [iso-8859-1] (original)
+++ trunk/reactos/base/shell/explorer/services/startup.c [iso-8859-1] Sat Jul 14 12:02:19 2012
@@ -245,7 +245,7 @@
     DWORD exit_code=0;
     WCHAR szCmdLineExp[MAX_PATH+1]= L"\0";
-    ExpandEnvironmentStrings(cmdline, szCmdLineExp, sizeof(szCmdLineExp));
+    ExpandEnvironmentStringsW(cmdline, szCmdLineExp, sizeof(szCmdLineExp) / sizeof(WCHAR));
memset(&si, 0, sizeof(si));
     si.cb=sizeof(si);

    