Author: rharabien Date: Fri Apr 15 14:29:14 2011 New Revision: 51349 URL: http://svn.reactos.org/svn/reactos?rev=51349&view=rev Log: [SYSSETUP] * Computer name length is limited to 15 characters, not 63. Fixes possible buffer overflow * Spotted by Victor Martinez Modified: trunk/reactos/dll/win32/syssetup/globals.h trunk/reactos/dll/win32/syssetup/wizard.c Modified: trunk/reactos/dll/win32/syssetup/globals.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/globals… ============================================================================== --- trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] Fri Apr 15 14:29:14 2011 @@ -43,7 +43,7 @@ WCHAR OwnerName[51]; WCHAR OwnerOrganization[51]; - WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1]; /* max. 63 characters */ + WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1]; /* max. 15 characters */ WCHAR AdminPassword[15]; /* max. 14 characters */ BOOL UnattendSetup; BOOL DisableVmwInst; Modified: trunk/reactos/dll/win32/syssetup/wizard.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/wizard.… ============================================================================== --- trunk/reactos/dll/win32/syssetup/wizard.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/wizard.c [iso-8859-1] Fri Apr 15 14:29:14 2011 @@ -596,7 +596,7 @@ SetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName); /* Set text limits */ - SendDlgItemMessage(hwndDlg, IDC_COMPUTERNAME, EM_LIMITTEXT, 64, 0); + SendDlgItemMessage(hwndDlg, IDC_COMPUTERNAME, EM_LIMITTEXT, MAX_COMPUTERNAME_LENGTH, 0); SendDlgItemMessage(hwndDlg, IDC_ADMINPASSWORD1, EM_LIMITTEXT, 14, 0); SendDlgItemMessage(hwndDlg, IDC_ADMINPASSWORD2, EM_LIMITTEXT, 14, 0); @@ -630,7 +630,7 @@ break; case PSN_WIZNEXT: - if (GetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName, 64) == 0) + if (0 == GetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName, MAX_COMPUTERNAME_LENGTH + 1)) { if (0 == LoadStringW(hDllInstance, IDS_WZD_COMPUTERNAME, EmptyComputerName, sizeof(EmptyComputerName) / sizeof(EmptyComputerName[0])))