[cgutman] 47801: [NTOSKRNL] - Fix a string termination bug in the device interface code - Thanks to janderwald for spotting the bug - Ros-diffs

18 Jun 2010

Author: cgutman
Date: Fri Jun 18 21:57:07 2010
New Revision: 47801
URL: http://svn.reactos.org/svn/reactos?rev=47801&view=rev
Log:
[NTOSKRNL]
- Fix a string termination bug in the device interface code
- Thanks to janderwald for spotting the bug
Modified:
    trunk/reactos/ntoskrnl/io/iomgr/deviface.c
Modified: trunk/reactos/ntoskrnl/io/iomgr/deviface.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/deviface....
==============================================================================

--- trunk/reactos/ntoskrnl/io/iomgr/deviface.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/deviface.c [iso-8859-1] Fri Jun 18 21:57:07 2010
@@ -105,17 +105,19 @@
         goto cleanup;
     }
-    SubKeyName.Buffer = ExAllocatePool(PagedPool, SymbolicLinkName->Length);
+    SubKeyName.MaximumLength = SymbolicLinkName->Length + sizeof(WCHAR);
+    SubKeyName.Length = 0;
+    SubKeyName.Buffer = ExAllocatePool(PagedPool, SubKeyName.MaximumLength);
     if (!SubKeyName.Buffer)
     {
         Status = STATUS_INSUFFICIENT_RESOURCES;
         goto cleanup;
     }
-    SubKeyName.MaximumLength = SymbolicLinkName->Length;
-    SubKeyName.Length = 0;
RtlAppendUnicodeStringToString(&SubKeyName,
                                    SymbolicLinkName);
+
+    SubKeyName.Buffer[SubKeyName.Length / sizeof(WCHAR)] = UNICODE_NULL;
SubKeyName.Buffer[0] = L'#';
     SubKeyName.Buffer[1] = L'#';

    