[janderwald] 47805: [PORTCLS] - Fix buffer overflow - Ros-diffs

19 Jun 2010

Author: janderwald
Date: Sat Jun 19 07:43:45 2010
New Revision: 47805
URL: http://svn.reactos.org/svn/reactos?rev=47805&view=rev
Log:
[PORTCLS]
- Fix buffer overflow
Modified:
    trunk/reactos/drivers/wdm/audio/backpln/portcls/connection.cpp
Modified: trunk/reactos/drivers/wdm/audio/backpln/portcls/connection.cpp
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/wdm/audio/backpln/p...
==============================================================================

--- trunk/reactos/drivers/wdm/audio/backpln/portcls/connection.cpp [iso-8859-1] (original)
+++ trunk/reactos/drivers/wdm/audio/backpln/portcls/connection.cpp [iso-8859-1] Sat Jun 19 07:43:45 2010
@@ -207,7 +207,7 @@
if (FromSubDeviceDescriptor)
     {
-        FromEntry = (PPHYSICAL_CONNECTION_ENTRY)AllocateItem(NonPagedPool, sizeof(PHYSICAL_CONNECTION_ENTRY) + ToString->MaximumLength, TAG_PORTCLASS);
+        FromEntry = (PPHYSICAL_CONNECTION_ENTRY)AllocateItem(NonPagedPool, sizeof(PHYSICAL_CONNECTION_ENTRY) + ToString->MaximumLength + sizeof(WCHAR), TAG_PORTCLASS);
         if (!FromEntry)
         {
             Status = STATUS_INSUFFICIENT_RESOURCES;
@@ -217,7 +217,7 @@
if (ToSubDeviceDescriptor)
     {
-        ToEntry = (PPHYSICAL_CONNECTION_ENTRY)AllocateItem(NonPagedPool, sizeof(PHYSICAL_CONNECTION_ENTRY) + FromString->MaximumLength, TAG_PORTCLASS);
+        ToEntry = (PPHYSICAL_CONNECTION_ENTRY)AllocateItem(NonPagedPool, sizeof(PHYSICAL_CONNECTION_ENTRY) + FromString->MaximumLength + sizeof(WCHAR), TAG_PORTCLASS);
         if (!ToEntry)
         {
             Status = STATUS_INSUFFICIENT_RESOURCES;
@@ -229,9 +229,9 @@
     {
         FromEntry->FromPin = FromPin;
         FromEntry->Connection.Pin = ToPin;
-        FromEntry->Connection.Size = sizeof(KSPIN_PHYSICALCONNECTION) + ToString->MaximumLength;
+        FromEntry->Connection.Size = sizeof(KSPIN_PHYSICALCONNECTION) + ToString->MaximumLength + sizeof(WCHAR);
         RtlMoveMemory(&FromEntry->Connection.SymbolicLinkName, ToString->Buffer, ToString->MaximumLength);
-        FromEntry->Connection.SymbolicLinkName[ToString->Length / sizeof(WCHAR)] = L'\0';
+        FromEntry->Connection.SymbolicLinkName[ToString->Length / sizeof(WCHAR)] = UNICODE_NULL;
InsertTailList(&FromSubDeviceDescriptor->PhysicalConnectionList, &FromEntry->Entry);
     }
@@ -241,9 +241,9 @@
     {
         ToEntry->FromPin = ToPin;
         ToEntry->Connection.Pin = FromPin;
-        ToEntry->Connection.Size = sizeof(KSPIN_PHYSICALCONNECTION) + FromString->MaximumLength;
+        ToEntry->Connection.Size = sizeof(KSPIN_PHYSICALCONNECTION) + FromString->MaximumLength + sizeof(WCHAR);
         RtlMoveMemory(&ToEntry->Connection.SymbolicLinkName, FromString->Buffer, FromString->MaximumLength);
-        ToEntry->Connection.SymbolicLinkName[FromString->Length /  sizeof(WCHAR)] = L'\0';
+        ToEntry->Connection.SymbolicLinkName[FromString->Length /  sizeof(WCHAR)] = UNICODE_NULL;
InsertTailList(&ToSubDeviceDescriptor->PhysicalConnectionList, &ToEntry->Entry);

    