Author: cgutman Date: Tue Jun 23 18:47:48 2009 New Revision: 41589

URL: http://svn.reactos.org/svn/reactos?rev=41589&view=rev Log: - We only need 11 chars to hold our 32-bit integer and the trailing NULL char - Make sure we don't overread our buffer

Modified: trunk/reactos/drivers/network/ndis/ndis/config.c

Modified: trunk/reactos/drivers/network/ndis/ndis/config.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/ndis/ndis/c... ============================================================================== --- trunk/reactos/drivers/network/ndis/ndis/config.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/ndis/ndis/config.c [iso-8859-1] Tue Jun 23 18:47:48 2009 @@ -65,7 +65,7 @@ ULONG ParameterType; ULONG DataSize; PVOID Data; - WCHAR Buff[25]; + WCHAR Buff[11];

NDIS_DbgPrint(MAX_TRACE, ("Called.\n"));

@@ -86,6 +86,7 @@ ParameterValue->ParameterData.IntegerData, (ParameterValue->ParameterType == NdisParameterInteger) ? 10 : 16, &Str))) { + NDIS_DbgPrint(MIN_TRACE, ("RtlIntegerToUnicodeString failed (%x)\n", *Status)); *Status = NDIS_STATUS_FAILURE; return; } @@ -674,7 +675,7 @@

if (ParameterValue->ParameterType == NdisParameterInteger) { - WCHAR Buff[25]; + WCHAR Buff[11];

NDIS_DbgPrint(MAX_TRACE, ("Read integer data %lx\n", ParameterValue->ParameterData.IntegerData)); @@ -702,7 +703,7 @@ str = ParameterValue->ParameterData.StringData; }

- while (str.Buffer[j] != '\0') j++; + while (str.Buffer[j] != '\0' && j < str.Length) j++;

*NetworkAddressLength = (UINT)((j/2)+0.5);