Author: hbelusca Date: Tue Jan 13 23:19:21 2015 New Revision: 66036

URL: http://svn.reactos.org/svn/reactos?rev=66036&view=rev Log: [FREELDR]: Addendum to PXE r66034: don't read after Path buffer validity.

Modified: trunk/reactos/boot/freeldr/freeldr/fs/pxe.c

Modified: trunk/reactos/boot/freeldr/freeldr/fs/pxe.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/freeldr/freeldr/fs/pxe... ============================================================================== --- trunk/reactos/boot/freeldr/freeldr/fs/pxe.c [iso-8859-1] (original) +++ trunk/reactos/boot/freeldr/freeldr/fs/pxe.c [iso-8859-1] Tue Jan 13 23:19:21 2015 @@ -142,7 +142,7 @@ if (_OpenFile == NO_FILE || FileId != _OpenFile) return EBADF;

- RtlZeroMemory(Information, sizeof(FILEINFORMATION)); + RtlZeroMemory(Information, sizeof(*Information)); Information->EndingAddress.LowPart = _FileSize; Information->CurrentAddress.LowPart = _FilePosition;

@@ -153,22 +153,27 @@ { t_PXENV_TFTP_GET_FSIZE sizeData; t_PXENV_TFTP_OPEN openData; - ULONG i; + SIZE_T PathLen, i;

if (_OpenFile != NO_FILE) return EIO; if (OpenMode != OpenReadOnly) return EACCES;

- for (i = 0; i < sizeof(_OpenFileName) - 1; i++) + /* Retrieve the path length without NULL terminator */ + PathLen = (Path ? min(strlen(Path), sizeof(_OpenFileName) - 1) : 0); + + /* Zero out the file name */ + RtlZeroMemory(_OpenFileName, sizeof(_OpenFileName)); + + /* Lowercase the path and always use slashes as separators */ + for (i = 0; i < PathLen; i++) { if (Path[i] == '\') _OpenFileName[i] = '/'; else _OpenFileName[i] = tolower(Path[i]); } - while (i < sizeof(_OpenFileName)) - _OpenFileName[i++] = '\0';

RtlZeroMemory(&sizeData, sizeof(sizeData)); sizeData.ServerIPAddress = _ServerIP; @@ -183,7 +188,7 @@ if (_FileSize < 1024 * 1024) { _CachedFile = FrLdrTempAlloc(_FileSize, TAG_PXE_FILE); - // Don't check for allocation failure, we support _CachedFile = NULL + // Don't check for allocation failure, we support _CachedFile == NULL } _CachedLength = 0;