[akhaldi] 66634: [VMWINST] Use StringCb{Copy, Cat} instead of wcs{cpy, cat} to ensure that no buffer overflows occur. CID 514272s and 515210. By Ricardo Hanke. CORE-9347 - Ros-diffs

9 Mar 2015

Author: akhaldi
Date: Mon Mar  9 20:50:42 2015
New Revision: 66634
URL: http://svn.reactos.org/svn/reactos?rev=66634&view=rev
Log:
[VMWINST] Use StringCb{Copy,Cat} instead of wcs{cpy,cat} to ensure that no buffer overflows occur. CID 514272s and 515210. By Ricardo Hanke. CORE-9347
Modified:
    trunk/reactos/base/setup/vmwinst/vmwinst.c
Modified: trunk/reactos/base/setup/vmwinst/vmwinst.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/setup/vmwinst/vmwinst....
==============================================================================

--- trunk/reactos/base/setup/vmwinst/vmwinst.c	[iso-8859-1] (original)
+++ trunk/reactos/base/setup/vmwinst/vmwinst.c	[iso-8859-1] Mon Mar  9 20:50:42 2015
@@ -31,6 +31,7 @@
 #include <winreg.h>
 #include <wingdi.h>
 #include <winuser.h>
+#include <strsafe.h>
 #include <newdev.h>
 #include <pseh/pseh2.h>
 #include <debug.h>
@@ -124,8 +125,8 @@
     HANDLE FileHandle;
FileName[0] = L'\0';
-    wcscat(FileName, Path);
-    wcscat(FileName, File);
+    StringCbCat(FileName, sizeof(FileName), Path);
+    StringCbCat(FileName, sizeof(FileName), File);
FileHandle = CreateFile(FileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
@@ -495,8 +496,8 @@
     if(AbortInstall != 0) goto done;
     PostMessage(hInstallationNotifyWnd, WM_INSTSTATUSUPDATE, IDS_COPYINGFILES, 0);
-    wcscpy(InfFileName, SrcPath);
-    wcscat(InfFileName, L"vmx_svga.inf");
+    StringCbCopy(InfFileName, sizeof(InfFileName), SrcPath);
+    StringCbCat(InfFileName, sizeof(InfFileName), L"vmx_svga.inf");
     DPRINT1("Calling UpdateDriverForPlugAndPlayDevices()\n");
     if (!UpdateDriverForPlugAndPlayDevices(
         hInstallationNotifyWnd,
@@ -1071,11 +1072,11 @@
     lc += GetSystemDirectory(DestinationPath, MAX_PATH) - 1;
     if(lc >= DestinationPath && *lc != L'\')
     {
-        wcscat(DestinationPath, L"\");
+        StringCbCat(DestinationPath, sizeof(DestinationPath), L"\");
     }
     DestinationDriversPath[0] = L'\0';
-    wcscat(DestinationDriversPath, DestinationPath);
-    wcscat(DestinationDriversPath, L"drivers\");
+    StringCbCat(DestinationDriversPath, sizeof(DestinationDriversPath), DestinationPath);
+    StringCbCat(DestinationDriversPath, sizeof(DestinationDriversPath), L"drivers\");
SetCurrentDirectory(DestinationPath);

    