Author: rharabien Date: Fri Mar 25 22:28:15 2011 New Revision: 51138 URL: http://svn.reactos.org/svn/reactos?rev=51138&view=rev Log: [NTOSKRNL] Change strncpy calls to RtlStringSbCopyA (PART 1/x) Fix bug in MmLoadSystemImage which caused FileName parameter to be freed Modified: trunk/reactos/ntoskrnl/kdbg/kdb_cli.c trunk/reactos/ntoskrnl/ke/freeldr.c trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c Modified: trunk/reactos/ntoskrnl/kdbg/kdb_cli.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/kdbg/kdb_cli.c?re… ============================================================================== --- trunk/reactos/ntoskrnl/kdbg/kdb_cli.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/kdbg/kdb_cli.c [iso-8859-1] Fri Mar 25 22:28:15 2011 @@ -2490,14 +2490,12 @@ */ if (Buffer == Orig) { - strncpy(Buffer, LastCommand, Size); - Buffer[Size - 1] = '\0'; + RtlStringCbCopyA(Buffer, Size, LastCommand); } else { *Buffer = '\0'; - strncpy(LastCommand, Orig, sizeof (LastCommand)); - LastCommand[sizeof (LastCommand) - 1] = '\0'; + RtlStringCbCopyA(LastCommand, sizeof(LastCommand), Orig); } return; @@ -2614,8 +2612,7 @@ static PCH Argv[256]; static CHAR OrigCommand[1024]; - strncpy(OrigCommand, Command, sizeof(OrigCommand) - 1); - OrigCommand[sizeof(OrigCommand) - 1] = '\0'; + RtlStringCbCopyA(OrigCommand, sizeof(OrigCommand), Command); Argc = 0; p = Command; Modified: trunk/reactos/ntoskrnl/ke/freeldr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/freeldr.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/ke/freeldr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/freeldr.c [iso-8859-1] Fri Mar 25 22:28:15 2011 @@ -947,6 +947,8 @@ WCHAR PathSetup[] = L"\\SystemRoot\\"; CHAR DriverNameLow[256]; ULONG Base; + size_t Remaining; + WCHAR *StringEnd; #if defined(_PPC_) ULONG KernelBase = RosLoaderBlock->ModsAddr[0].ModStart; #endif @@ -1123,7 +1125,7 @@ /* Construct a correct full name */ BldrModuleStringsFull[i][0] = 0; - LdrEntry->FullDllName.MaximumLength = 260 * sizeof(WCHAR); + LdrEntry->FullDllName.MaximumLength = sizeof(BldrModuleStringsFull[i]); LdrEntry->FullDllName.Length = 0; LdrEntry->FullDllName.Buffer = BldrModuleStringsFull[i]; @@ -1256,25 +1258,26 @@ /* Find the first \, separating the ARC path from NT path */ BootPath = strchr(CommandLine, '\\'); *BootPath = ANSI_NULL; - strncpy(BldrArcBootPath, CommandLine, 63); + RtlStringCbCopyA(BldrArcBootPath, sizeof(BldrArcBootPath), CommandLine); LoaderBlock->ArcBootDeviceName = BldrArcBootPath; /* The rest of the string is the NT path */ HalPath = strchr(BootPath + 1, ' '); *HalPath = ANSI_NULL; - BldrNtBootPath[0] = '\\'; - strncat(BldrNtBootPath, BootPath + 1, 61); - strcat(BldrNtBootPath,"\\"); + Remaining = sizeof(BldrNtBootPath); + RtlStringCbCopyExA(BldrNtBootPath, Remaining, "\\", &StringEnd, &Remaining, 0); + RtlStringCbCopyExA(StringEnd, Remaining, BootPath + 1, &StringEnd, &Remaining, 0); + RtlStringCbCopyA(StringEnd, Remaining, "\\"); LoaderBlock->NtBootPathName = BldrNtBootPath; /* Set the HAL paths */ - strncpy(BldrArcHalPath, BldrArcBootPath, 63); + RtlStringCbCopyA(BldrArcHalPath, sizeof(BldrArcHalPath), BldrArcBootPath); LoaderBlock->ArcHalDeviceName = BldrArcHalPath; strcpy(BldrNtHalPath, "\\"); LoaderBlock->NtHalPathName = BldrNtHalPath; /* Use this new command line */ - strncpy(LoaderBlock->LoadOptions, HalPath + 2, 255); + RtlStringCbCopyA(LoaderBlock->LoadOptions, 255, HalPath + 2); /* Parse it and change every slash to a space */ BootPath = LoaderBlock->LoadOptions; Modified: trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c?… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/sysldr.c [iso-8859-1] Fri Mar 25 22:28:15 2011 @@ -710,9 +710,9 @@ NameImport = (PIMAGE_IMPORT_BY_NAME)Name->u1.AddressOfData; /* Copy the procedure name */ - strncpy(*MissingApi, - (PCHAR)&NameImport->Name[0], - MAXIMUM_FILENAME_LENGTH - 1); + RtlStringCbCopyA(*MissingApi, + MAXIMUM_FILENAME_LENGTH, + (PCHAR)&NameImport->Name[0]); /* Setup name tables */ DPRINT("Import name: %s\n", NameImport->Name); @@ -3000,8 +3000,8 @@ /* If we have a file handle, close it */ if (FileHandle) ZwClose(FileHandle); - /* Check if we had a prefix */ - if (NamePrefix) ExFreePool(PrefixName.Buffer); + /* Check if we had a prefix (not supported yet - PrefixName == *FileName now) */ + /* if (NamePrefix) ExFreePool(PrefixName.Buffer); */ /* Free the name buffer and return status */ ExFreePoolWithTag(Buffer, TAG_LDR_WSTR);