[janderwald] 35570: - Check if source and destination is the same. Fixes creating a new directory and using the default name - Prevent a potential buffer overflow in the file properties dialog - Ros-diffs

23 Aug 2008

Author: janderwald
Date: Sat Aug 23 12:32:17 2008
New Revision: 35570

URL: http://svn.reactos.org/svn/reactos?rev=35570&view=rev
Log:
- Check if source and destination is the same. Fixes creating a new directory and using
the default name
- Prevent a potential buffer overflow in the file properties dialog

Modified:
    trunk/reactos/dll/win32/shell32/fprop.c
    trunk/reactos/dll/win32/shell32/shfldr_desktop.c

Modified: trunk/reactos/dll/win32/shell32/fprop.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/shell32/fprop.c?…
==============================================================================

--- trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/shell32/fprop.c [iso-8859-1] Sat Aug 23 12:32:17 2008
@@ -664,7 +664,7 @@
 int
 EnumPropSheetExt(LPWSTR wFileName, PROPSHEETHEADERW *pinfo, int NumPages, HPSXA * hpsxa,
IDataObject *pDataObj)
 {
-    WCHAR szName[100];
+    WCHAR szName[MAX_PATH] = {0};
     WCHAR * pOffset;
     UINT Length;
     DWORD dwName;
@@ -675,7 +675,7 @@
     if (!pOffset)
     {
         Length = wcslen(szName);
-        if (Length >=94)
+        if (Length + 6 > sizeof(szName)/sizeof(szName[0]))
            return 0;
 
         if (CLSIDFromString(wFileName, &clsid) == NOERROR)
@@ -691,7 +691,7 @@
     else
     {
         Length = wcslen(pOffset);
-        if (Length  >= 100)
+        if (Length  >= sizeof(szName)/sizeof(szName[0]))
             return 0;
         wcscpy(szName, pOffset);
     }
@@ -799,7 +799,11 @@
     hResult = SHCreateDataObject(pidlFolder, 1, apidl, NULL, &IID_IDataObject,
(LPVOID*)&pDataObj);
     if (hResult == S_OK)
     {
-        EnumPropSheetExt(wFileName, &pinfo, MAX_PROPERTY_SHEET_PAGE-1, hpsxa,
pDataObj);
+        if (!EnumPropSheetExt(wFileName, &pinfo, MAX_PROPERTY_SHEET_PAGE-1, hpsxa,
pDataObj))
+        {
+            hpsxa[0] = NULL;
+            hpsxa[1] = NULL;
+        }
     }
 
     if ( GetFileVersionInfoSizeW(lpf, &dwHandle))
@@ -813,8 +817,8 @@
 
     if (hResult == S_OK)
     {
-        SHDestroyPropSheetExtArray(hpsxa[0]);
-        SHDestroyPropSheetExtArray(hpsxa[1]);
+            SHDestroyPropSheetExtArray(hpsxa[0]);
+            SHDestroyPropSheetExtArray(hpsxa[1]);
         IDataObject_Release(pDataObj);
     }
 

Modified: trunk/reactos/dll/win32/shell32/shfldr_desktop.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/shell32/shfldr_d…
==============================================================================
--- trunk/reactos/dll/win32/shell32/shfldr_desktop.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/shell32/shfldr_desktop.c [iso-8859-1] Sat Aug 23 12:32:17
2008
@@ -864,6 +864,16 @@
         }
     }
 
+    if (!memcmp(szSrc, szDest, (wcslen(szDest)+1) * sizeof(WCHAR)))
+    {
+        /* src and destination is the same */
+        hr = S_OK;
+        if (pPidlOut)
+            hr = _ILCreateFromPathW(szDest, pPidlOut);
+
+        return hr;
+    }
+
     TRACE ("src=%s dest=%s\n", debugstr_w(szSrc), debugstr_w(szDest));
     if (MoveFileW (szSrc, szDest))
     {


    