[hbelusca] 74493: [NTOS]: Capture the counted BaseDllName unicode string into a local NULL-terminated buffer before calling wcsrchr on it (actually I think it would be better to create & use a simi... - Ros-diffs

7 May 2017

Author: hbelusca
Date: Sun May  7 18:15:12 2017
New Revision: 74493
URL: http://svn.reactos.org/svn/reactos?rev=74493&view=rev
Log:
[NTOS]: Capture the counted BaseDllName unicode string into a local NULL-terminated buffer before calling wcsrchr on it (actually I think it would be better to create & use a similar function that takes counted strings in input).
Also use 'L' prefix for wide characters and UNICODE_NULL for string terminator.
Patch by Lesan Ilie.
CORE-13208 #resolve
Modified:
    trunk/reactos/ntoskrnl/io/iomgr/driver.c
Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c?...
==============================================================================

--- trunk/reactos/ntoskrnl/io/iomgr/driver.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/driver.c	[iso-8859-1] Sun May  7 18:15:12 2017
@@ -884,7 +884,7 @@
     PDEVICE_NODE DeviceNode;
     PDRIVER_OBJECT DriverObject;
     NTSTATUS Status;
-    PWCHAR FileNameWithoutPath;
+    PWCHAR Buffer, FileNameWithoutPath;
     PWSTR FileExtension;
     PUNICODE_STRING ModuleName = &BootLdrEntry->BaseDllName;
     PLDR_DATA_TABLE_ENTRY LdrEntry;
@@ -898,13 +898,19 @@
     IopDisplayLoadingMessage(ModuleName);
     InbvIndicateProgress();
+    Buffer = ExAllocatePool(PagedPool, ModuleName->Length + sizeof(UNICODE_NULL));
+    ASSERT(Buffer);
+
+    RtlCopyMemory(Buffer, ModuleName->Buffer, ModuleName->Length);
+    Buffer[ModuleName->Length / sizeof(WCHAR)] = UNICODE_NULL;
+
     /*
      * Generate filename without path (not needed by freeldr)
      */
-    FileNameWithoutPath = wcsrchr(ModuleName->Buffer, L'\');
+    FileNameWithoutPath = wcsrchr(Buffer, L'\');
     if (FileNameWithoutPath == NULL)
     {
-        FileNameWithoutPath = ModuleName->Buffer;
+        FileNameWithoutPath = Buffer;
     }
     else
     {
@@ -915,6 +921,7 @@
      * Strip the file extension from ServiceName
      */
     Success = RtlCreateUnicodeString(&ServiceName, FileNameWithoutPath);
+    ExFreePool(Buffer);
     if (!Success)
     {
         return STATUS_INSUFFICIENT_RESOURCES;
@@ -924,7 +931,7 @@
     if (FileExtension != NULL)
     {
         ServiceName.Length -= (USHORT)wcslen(FileExtension) * sizeof(WCHAR);
-        FileExtension[0] = 0;
+        FileExtension[0] = UNICODE_NULL;
     }
/*

    