[cwittich] 68799: [ADVAPI32] prevent buffer overflow in ParseStringSecurityDescriptorToSecurityDescriptor (wine-patch by Alistair Leslie-Hughes)
23 Aug
2015
23 Aug
'15
7:07 a.m.
Author: cwittich
Date: Sun Aug 23 07:07:25 2015
New Revision: 68799
URL: http://svn.reactos.org/svn/reactos?rev=68799&view=rev
Log:
[ADVAPI32] prevent buffer overflow in ParseStringSecurityDescriptorToSecurityDescriptor
(wine-patch by Alistair Leslie-Hughes)
Modified:
trunk/reactos/dll/win32/advapi32/wine/security.c
Modified: trunk/reactos/dll/win32/advapi32/wine/security.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/wine/se…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/wine/security.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/wine/security.c [iso-8859-1] Sun Aug 23 07:07:25
2015
@@ -2544,12 +2544,14 @@
{
BOOL bret = FALSE;
WCHAR toktype;
- WCHAR tok[MAX_PATH];
+ WCHAR *tok;
LPCWSTR lptoken;
LPBYTE lpNext = NULL;
DWORD len;
*cBytes = sizeof(SECURITY_DESCRIPTOR);
+
+ tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
if (SecurityDescriptor)
lpNext = (LPBYTE)(SecurityDescriptor + 1);
@@ -2672,6 +2674,7 @@
bret = TRUE;
lend:
+ heap_free(tok);
return bret;
}
3413
days inactive
3413
days old
0 comments
1 participants
participants (1)
-
cwittich@svn.reactos.org