[gedmurphy] 33725: fix potential buffer overflow - Ros-diffs

27 May 2008

Author: gedmurphy
Date: Tue May 27 03:28:52 2008
New Revision: 33725
URL: http://svn.reactos.org/svn/reactos?rev=33725&view=rev
Log:
fix potential buffer overflow
Modified:
    trunk/reactos/dll/win32/user32/misc/dllmain.c
Modified: trunk/reactos/dll/win32/user32/misc/dllmain.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/user32/misc/dllma...
==============================================================================

--- trunk/reactos/dll/win32/user32/misc/dllmain.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/user32/misc/dllmain.c [iso-8859-1] Tue May 27 03:28:52 2008
@@ -90,9 +90,22 @@
                 LPWSTR lpBuffer = (LPWSTR)kvpInfo->Data;
                 if (lpBuffer != UNICODE_NULL)
                 {
-                    RtlMoveMemory(szAppInit,
-                                  kvpInfo->Data,
-                                  min(kvpInfo->DataLength, KEY_LENGTH));
+                    INT bytesToCopy, nullPos;
+
+                    bytesToCopy = min(kvpInfo->DataLength, KEY_LENGTH * sizeof(WCHAR));
+
+                    if (bytesToCopy != 0)
+                    {
+                        RtlMoveMemory(szAppInit,
+                                      kvpInfo->Data,
+                                      bytesToCopy);
+
+                        nullPos = (bytesToCopy / sizeof(WCHAR)) - 1;
+
+                        /* ensure string is terminated */
+                        szAppInit[nullPos] = UNICODE_NULL;
+                    }
+
                     bRet = TRUE;
                 }
             }

    