[cwittich] 68799: [ADVAPI32] prevent buffer overflow in ParseStringSecurityDescriptorToSecurityDescriptor (wine-patch by Alistair Leslie-Hughes) - Ros-diffs

23 Aug 2015

Author: cwittich
Date: Sun Aug 23 07:07:25 2015
New Revision: 68799
URL: http://svn.reactos.org/svn/reactos?rev=68799&view=rev
Log:
[ADVAPI32] prevent buffer overflow in ParseStringSecurityDescriptorToSecurityDescriptor (wine-patch by Alistair Leslie-Hughes)
Modified:
    trunk/reactos/dll/win32/advapi32/wine/security.c
Modified: trunk/reactos/dll/win32/advapi32/wine/security.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/wine/sec...
==============================================================================

--- trunk/reactos/dll/win32/advapi32/wine/security.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/wine/security.c	[iso-8859-1] Sun Aug 23 07:07:25 2015
@@ -2544,12 +2544,14 @@
 {
     BOOL bret = FALSE;
     WCHAR toktype;
-    WCHAR tok[MAX_PATH];
+    WCHAR *tok;
     LPCWSTR lptoken;
     LPBYTE lpNext = NULL;
     DWORD len;
*cBytes = sizeof(SECURITY_DESCRIPTOR);
+
+    tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
if (SecurityDescriptor)
         lpNext = (LPBYTE)(SecurityDescriptor + 1);
@@ -2672,6 +2674,7 @@
     bret = TRUE;
lend:
+    heap_free(tok);
     return bret;
 }

    