Author: janderwald Date: Sun Jul 6 15:52:11 2008 New Revision: 34344 URL: http://svn.reactos.org/svn/reactos?rev=34344&view=rev Log: - fix potential buffer overflows spotted by Christoph Modified: trunk/reactos/dll/win32/shell32/fprop.c Modified: trunk/reactos/dll/win32/shell32/fprop.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/shell32/fprop.c?… ============================================================================== --- trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] Sun Jul 6 15:52:11 2008 @@ -678,13 +678,16 @@ pOffset = wcsrchr(wFileName, L'.'); if (!pOffset) { + Length = wcslen(szName); + if (Length >=94) + return 0; wcscpy(szName, L"CLSID\\"); wcscpy(&szName[6], wFileName); } else { Length = wcslen(pOffset); - if (Length >= 70) + if (Length >= 100) return 0; wcscpy(szName, pOffset); } @@ -700,6 +703,7 @@ if (RegGetValueW(HKEY_CLASSES_ROOT, pOffset, NULL, RRF_RT_REG_SZ, NULL, szName, &dwName) == ERROR_SUCCESS) { TRACE("EnumPropSheetExt szName %s, pOffset %s\n", debugstr_w(szName), debugstr_w(pOffset)); + szName[(sizeof(szName)/sizeof(WCHAR))-1] = L'\0'; hpsxa[1] = SHCreatePropSheetExtArrayEx(HKEY_CLASSES_ROOT, szName, NumPages - Pages, pDataObj); Pages +=SHAddFromPropSheetExtArray(hpsxa[1], AddShellPropSheetExCallback, (LPARAM)hppages); }