[rharabien] 51138: [NTOSKRNL] Change strncpy calls to RtlStringSbCopyA (PART 1/x) Fix bug in MmLoadSystemImage which caused FileName parameter to be freed - Ros-diffs

25 Mar 2011

Author: rharabien
Date: Fri Mar 25 22:28:15 2011
New Revision: 51138
URL: http://svn.reactos.org/svn/reactos?rev=51138&view=rev
Log:
[NTOSKRNL]
Change strncpy calls to RtlStringSbCopyA (PART 1/x)
Fix bug in MmLoadSystemImage which caused FileName parameter to be freed
Modified:
    trunk/reactos/ntoskrnl/kdbg/kdb_cli.c
    trunk/reactos/ntoskrnl/ke/freeldr.c
    trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c
Modified: trunk/reactos/ntoskrnl/kdbg/kdb_cli.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/kdbg/kdb_cli.c?rev...
==============================================================================

--- trunk/reactos/ntoskrnl/kdbg/kdb_cli.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/kdbg/kdb_cli.c [iso-8859-1] Fri Mar 25 22:28:15 2011
@@ -2490,14 +2490,12 @@
              */
             if (Buffer == Orig)
             {
-                strncpy(Buffer, LastCommand, Size);
-                Buffer[Size - 1] = '\0';
+                RtlStringCbCopyA(Buffer, Size, LastCommand);
             }
             else
             {
                 *Buffer = '\0';
-                strncpy(LastCommand, Orig, sizeof (LastCommand));
-                LastCommand[sizeof (LastCommand) - 1] = '\0';
+                RtlStringCbCopyA(LastCommand, sizeof(LastCommand), Orig);
             }
return;
@@ -2614,8 +2612,7 @@
     static PCH Argv[256];
     static CHAR OrigCommand[1024];
-    strncpy(OrigCommand, Command, sizeof(OrigCommand) - 1);
-    OrigCommand[sizeof(OrigCommand) - 1] = '\0';
+    RtlStringCbCopyA(OrigCommand, sizeof(OrigCommand), Command);
Argc = 0;
     p = Command;
Modified: trunk/reactos/ntoskrnl/ke/freeldr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/freeldr.c?rev=5...
==============================================================================
--- trunk/reactos/ntoskrnl/ke/freeldr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ke/freeldr.c [iso-8859-1] Fri Mar 25 22:28:15 2011
@@ -947,6 +947,8 @@
     WCHAR PathSetup[] = L"\SystemRoot\";
     CHAR DriverNameLow[256];
     ULONG Base;
+    size_t Remaining;
+    WCHAR *StringEnd;
 #if defined(_PPC_)
     ULONG KernelBase = RosLoaderBlock->ModsAddr[0].ModStart;
 #endif
@@ -1123,7 +1125,7 @@
/* Construct a correct full name */
         BldrModuleStringsFull[i][0] = 0;
-        LdrEntry->FullDllName.MaximumLength = 260 * sizeof(WCHAR);
+        LdrEntry->FullDllName.MaximumLength = sizeof(BldrModuleStringsFull[i]);
         LdrEntry->FullDllName.Length = 0;
         LdrEntry->FullDllName.Buffer = BldrModuleStringsFull[i];
@@ -1256,25 +1258,26 @@
     /* Find the first , separating the ARC path from NT path */
     BootPath = strchr(CommandLine, '\');
     *BootPath = ANSI_NULL;
-    strncpy(BldrArcBootPath, CommandLine, 63);
+    RtlStringCbCopyA(BldrArcBootPath, sizeof(BldrArcBootPath), CommandLine);
     LoaderBlock->ArcBootDeviceName = BldrArcBootPath;
/* The rest of the string is the NT path */
     HalPath = strchr(BootPath + 1, ' ');
     *HalPath = ANSI_NULL;
-    BldrNtBootPath[0] = '\';
-    strncat(BldrNtBootPath, BootPath + 1, 61);
-    strcat(BldrNtBootPath,"\");
+    Remaining = sizeof(BldrNtBootPath);
+    RtlStringCbCopyExA(BldrNtBootPath, Remaining, "\", &StringEnd, &Remaining, 0);
+    RtlStringCbCopyExA(StringEnd, Remaining, BootPath + 1, &StringEnd, &Remaining, 0);
+    RtlStringCbCopyA(StringEnd, Remaining, "\");
     LoaderBlock->NtBootPathName = BldrNtBootPath;
/* Set the HAL paths */
-    strncpy(BldrArcHalPath, BldrArcBootPath, 63);
+    RtlStringCbCopyA(BldrArcHalPath, sizeof(BldrArcHalPath), BldrArcBootPath);
     LoaderBlock->ArcHalDeviceName = BldrArcHalPath;
     strcpy(BldrNtHalPath, "\");
     LoaderBlock->NtHalPathName = BldrNtHalPath;
/* Use this new command line */
-    strncpy(LoaderBlock->LoadOptions, HalPath + 2, 255);
+    RtlStringCbCopyA(LoaderBlock->LoadOptions, 255, HalPath + 2);
/* Parse it and change every slash to a space */
     BootPath = LoaderBlock->LoadOptions;
Modified: trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c?r...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c [iso-8859-1] Fri Mar 25 22:28:15 2011
@@ -710,9 +710,9 @@
         NameImport = (PIMAGE_IMPORT_BY_NAME)Name->u1.AddressOfData;
/* Copy the procedure name */
-        strncpy(*MissingApi,
-                (PCHAR)&NameImport->Name[0],
-                MAXIMUM_FILENAME_LENGTH - 1);
+        RtlStringCbCopyA(*MissingApi,
+                         MAXIMUM_FILENAME_LENGTH,
+						 (PCHAR)&NameImport->Name[0]);
/* Setup name tables */
         DPRINT("Import name: %s\n", NameImport->Name);
@@ -3000,8 +3000,8 @@
     /* If we have a file handle, close it */
     if (FileHandle) ZwClose(FileHandle);
-    /* Check if we had a prefix */
-    if (NamePrefix) ExFreePool(PrefixName.Buffer);
+    /* Check if we had a prefix (not supported yet - PrefixName == *FileName now) */
+    /* if (NamePrefix) ExFreePool(PrefixName.Buffer); */
/* Free the name buffer and return status */
     ExFreePoolWithTag(Buffer, TAG_LDR_WSTR);

    