Author: cgutman Date: Tue Jun 23 18:47:48 2009 New Revision: 41589 URL: http://svn.reactos.org/svn/reactos?rev=41589&view=rev Log: - We only need 11 chars to hold our 32-bit integer and the trailing NULL char - Make sure we don't overread our buffer Modified: trunk/reactos/drivers/network/ndis/ndis/config.c Modified: trunk/reactos/drivers/network/ndis/ndis/config.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/ndis/ndis/… ============================================================================== --- trunk/reactos/drivers/network/ndis/ndis/config.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/ndis/ndis/config.c [iso-8859-1] Tue Jun 23 18:47:48 2009 @@ -65,7 +65,7 @@ ULONG ParameterType; ULONG DataSize; PVOID Data; - WCHAR Buff[25]; + WCHAR Buff[11]; NDIS_DbgPrint(MAX_TRACE, ("Called.\n")); @@ -86,6 +86,7 @@ ParameterValue->ParameterData.IntegerData, (ParameterValue->ParameterType == NdisParameterInteger) ? 10 : 16, &Str))) { + NDIS_DbgPrint(MIN_TRACE, ("RtlIntegerToUnicodeString failed (%x)\n", *Status)); *Status = NDIS_STATUS_FAILURE; return; } @@ -674,7 +675,7 @@ if (ParameterValue->ParameterType == NdisParameterInteger) { - WCHAR Buff[25]; + WCHAR Buff[11]; NDIS_DbgPrint(MAX_TRACE, ("Read integer data %lx\n", ParameterValue->ParameterData.IntegerData)); @@ -702,7 +703,7 @@ str = ParameterValue->ParameterData.StringData; } - while (str.Buffer[j] != '\0') j++; + while (str.Buffer[j] != '\0' && j < str.Length) j++; *NetworkAddressLength = (UINT)((j/2)+0.5);