[fireball] 37638: - Fix weird code in RtlGetVersion (inspired by Coverity ID 1355 and Daniel's patch in bug 3906). See issue #3906 for more details.
25 Nov
2008
25 Nov
'08
4:31 p.m.
Author: fireball
Date: Tue Nov 25 10:31:07 2008
New Revision: 37638
URL: http://svn.reactos.org/svn/reactos?rev=37638&view=rev
Log:
- Fix weird code in RtlGetVersion (inspired by Coverity ID 1355 and Daniel's patch in
bug 3906).
See issue #3906 for more details.
Modified:
trunk/reactos/dll/ntdll/rtl/version.c
trunk/reactos/ntoskrnl/rtl/misc.c
Modified: trunk/reactos/dll/ntdll/rtl/version.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/rtl/version.c?re…
==============================================================================
--- trunk/reactos/dll/ntdll/rtl/version.c [iso-8859-1] (original)
+++ trunk/reactos/dll/ntdll/rtl/version.c [iso-8859-1] Tue Nov 25 10:31:07 2008
@@ -104,6 +104,8 @@
NTSTATUS NTAPI
RtlGetVersion(RTL_OSVERSIONINFOW *Info)
{
+ ULONG i, MaxLength;
+
if (Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOW) ||
Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW))
{
@@ -113,17 +115,19 @@
Info->dwMinorVersion = Peb->OSMinorVersion;
Info->dwBuildNumber = Peb->OSBuildNumber;
Info->dwPlatformId = Peb->OSPlatformId;
+ RtlZeroMemory(Info->szCSDVersion, sizeof(Info->szCSDVersion));
if(((Peb->OSCSDVersion >> 8) & 0xFF) != 0)
{
- int i = _snwprintf(Info->szCSDVersion,
- (sizeof(Info->szCSDVersion) /
sizeof(Info->szCSDVersion[0])) - 1,
- L"Service Pack %d",
- ((Peb->OSCSDVersion >> 8) & 0xFF));
- Info->szCSDVersion[i] = L'\0';
- }
- else
- {
- RtlZeroMemory(Info->szCSDVersion, sizeof(Info->szCSDVersion));
+ MaxLength = (sizeof(Info->szCSDVersion) / sizeof(Info->szCSDVersion[0])) -
1;
+ i = _snwprintf(Info->szCSDVersion,
+ MaxLength,
+ L"Service Pack %d",
+ ((Peb->OSCSDVersion >> 8) & 0xFF));
+ if (i < 0)
+ {
+ /* null-terminate if it was overflowed */
+ Info->szCSDVersion[MaxLength] = L'\0';
+ }
}
if (Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW))
{
Modified: trunk/reactos/ntoskrnl/rtl/misc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/rtl/misc.c?rev=37…
==============================================================================
--- trunk/reactos/ntoskrnl/rtl/misc.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/rtl/misc.c [iso-8859-1] Tue Nov 25 10:31:07 2008
@@ -39,6 +39,7 @@
NTSTATUS STDCALL
RtlGetVersion(IN OUT PRTL_OSVERSIONINFOW lpVersionInformation)
{
+ ULONG i, MaxLength;
if (lpVersionInformation->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOW) ||
lpVersionInformation->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW))
{
@@ -46,17 +47,19 @@
lpVersionInformation->dwMinorVersion = NtMinorVersion;
lpVersionInformation->dwBuildNumber = NtBuildNumber;
lpVersionInformation->dwPlatformId = VER_PLATFORM_WIN32_NT;
+ RtlZeroMemory(lpVersionInformation->szCSDVersion,
sizeof(lpVersionInformation->szCSDVersion));
if(((CmNtCSDVersion >> 8) & 0xFF) != 0)
{
- int i = _snwprintf(lpVersionInformation->szCSDVersion,
- (sizeof(lpVersionInformation->szCSDVersion) /
sizeof(lpVersionInformation->szCSDVersion[0])) - 1,
- L"Service Pack %d",
- ((CmNtCSDVersion >> 8) & 0xFF));
- lpVersionInformation->szCSDVersion[i] = L'\0';
- }
- else
- {
- RtlZeroMemory(lpVersionInformation->szCSDVersion,
sizeof(lpVersionInformation->szCSDVersion));
+ MaxLength = (sizeof(lpVersionInformation->szCSDVersion) /
sizeof(lpVersionInformation->szCSDVersion[0])) - 1;
+ i = _snwprintf(lpVersionInformation->szCSDVersion,
+ MaxLength,
+ L"Service Pack %d",
+ ((CmNtCSDVersion >> 8) & 0xFF));
+ if (i < 0)
+ {
+ /* null-terminate if it was overflowed */
+ lpVersionInformation->szCSDVersion[MaxLength] = L'\0';
+ }
}
if (lpVersionInformation->dwOSVersionInfoSize == sizeof(OSVERSIONINFOEXW))
{
5778
days inactive
5778
days old
0 comments
1 participants
participants (1)
-
fireball@svn.reactos.org