[pschweitzer] 62618: [RTL] Properly check for total length in LdrpGetProcedureAddress(). It contains more than just a name. Fixes a buffer overrun. CID #716122 - Ros-diffs

5 Apr 2014

Author: pschweitzer
Date: Sat Apr  5 13:13:01 2014
New Revision: 62618
URL: http://svn.reactos.org/svn/reactos?rev=62618&view=rev
Log:
[RTL]
Properly check for total length in LdrpGetProcedureAddress().
It contains more than just a name.
Fixes a buffer overrun.
CID #716122
Modified:
    trunk/reactos/dll/ntdll/ldr/ldrutils.c
Modified: trunk/reactos/dll/ntdll/ldr/ldrutils.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/ldr/ldrutils.c?re...
==============================================================================

--- trunk/reactos/dll/ntdll/ldr/ldrutils.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/ntdll/ldr/ldrutils.c	[iso-8859-1] Sat Apr  5 13:13:01 2014
@@ -2267,7 +2267,7 @@
         }
/* Check if our buffer is large enough */
-        if (Name->Length > sizeof(ImportBuffer))
+        if (Length > sizeof(ImportBuffer))
         {
             /* Allocate from heap, plus 2 bytes for the Hint */
             ImportName = RtlAllocateHeap(RtlGetProcessHeap(),

    