[hbelusca] 74616: [USETUP]: Use secure "StringCchPrintfW" function instead of swprintf. - Ros-diffs

21 May 2017

Author: hbelusca
Date: Sun May 21 23:34:03 2017
New Revision: 74616

URL: http://svn.reactos.org/svn/reactos?rev=74616&view=rev
Log:
[USETUP]: Use secure "StringCchPrintfW" function instead of swprintf.

Modified:
    branches/setup_improvements/base/setup/lib/fsutil.c
    branches/setup_improvements/base/setup/lib/partlist.c

Modified: branches/setup_improvements/base/setup/lib/fsutil.c
URL:
http://svn.reactos.org/svn/reactos/branches/setup_improvements/base/setup/l…
==============================================================================

--- branches/setup_improvements/base/setup/lib/fsutil.c	[iso-8859-1] (original)
+++ branches/setup_improvements/base/setup/lib/fsutil.c	[iso-8859-1] Sun May 21 23:34:03
2017
@@ -119,11 +119,11 @@
     FileFsAttribute = (PFILE_FS_ATTRIBUTE_INFORMATION)Buffer;
 
     /* Set PartitionRootPath */
-    swprintf(PathBuffer,
-             // L"\\Device\\Harddisk%lu\\Partition%lu", // Should work! But
because ReactOS sucks atm. it actually doesn't work!!
-             L"\\Device\\Harddisk%lu\\Partition%lu\\",  // HACK: Use this as a
temporary hack!
-             PartEntry->DiskEntry->DiskNumber,
-             PartEntry->PartitionNumber);
+    StringCchPrintfW(PathBuffer, ARRAYSIZE(PathBuffer),
+                     // L"\\Device\\Harddisk%lu\\Partition%lu", // Should work!
But because ReactOS sucks atm. it actually doesn't work!!
+                     L"\\Device\\Harddisk%lu\\Partition%lu\\",  // HACK: Use
this as a temporary hack!
+                     PartEntry->DiskEntry->DiskNumber,
+                     PartEntry->PartitionNumber);
     RtlInitUnicodeString(&PartitionRootPath, PathBuffer);
     DPRINT("PartitionRootPath: %wZ\n", &PartitionRootPath);
 

Modified: branches/setup_improvements/base/setup/lib/partlist.c
URL:
http://svn.reactos.org/svn/reactos/branches/setup_improvements/base/setup/l…
==============================================================================
--- branches/setup_improvements/base/setup/lib/partlist.c	[iso-8859-1] (original)
+++ branches/setup_improvements/base/setup/lib/partlist.c	[iso-8859-1] Sun May 21 23:34:03
2017
@@ -109,15 +109,13 @@
     WCHAR KeyName[32];
     NTSTATUS Status;
 
-    RtlInitUnicodeString(&DiskEntry->DriverName,
-                         NULL);
-
-    swprintf(KeyName,
-             L"\\Scsi\\Scsi Port %hu",
-             DiskEntry->Port);
-
-    RtlZeroMemory(&QueryTable,
-                  sizeof(QueryTable));
+    RtlInitUnicodeString(&DiskEntry->DriverName, NULL);
+
+    StringCchPrintfW(KeyName, ARRAYSIZE(KeyName),
+                     L"\\Scsi\\Scsi Port %hu",
+                     DiskEntry->Port);
+
+    RtlZeroMemory(&QueryTable, sizeof(QueryTable));
 
     QueryTable[0].Name = L"Driver";
     QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
@@ -366,9 +364,10 @@
     }
 
     AdapterCount = 0;
-    while (1)
-    {
-        swprintf(Name, L"%s\\%lu", ROOT_NAME, AdapterCount);
+    while (TRUE)
+    {
+        StringCchPrintfW(Name, ARRAYSIZE(Name),
+                         L"%s\\%lu", ROOT_NAME, AdapterCount);
         Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                         Name,
                                         &QueryTable[2],
@@ -379,7 +378,8 @@
             break;
         }
 
-        swprintf(Name, L"%s\\%lu\\DiskController", ROOT_NAME, AdapterCount);
+        StringCchPrintfW(Name, ARRAYSIZE(Name),
+                         L"%s\\%lu\\DiskController", ROOT_NAME, AdapterCount);
         Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                         Name,
                                         &QueryTable[2],
@@ -387,9 +387,10 @@
                                         NULL);
         if (NT_SUCCESS(Status))
         {
-            while (1)
+            while (TRUE)
             {
-                swprintf(Name, L"%s\\%lu\\DiskController\\0", ROOT_NAME,
AdapterCount);
+                StringCchPrintfW(Name, ARRAYSIZE(Name),
+                                 L"%s\\%lu\\DiskController\\0", ROOT_NAME,
AdapterCount);
                 Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                                 Name,
                                                 &QueryTable[2],
@@ -401,7 +402,8 @@
                     return;
                 }
 
-                swprintf(Name, L"%s\\%lu\\DiskController\\0\\DiskPeripheral",
ROOT_NAME, AdapterCount);
+                StringCchPrintfW(Name, ARRAYSIZE(Name),
+                                 L"%s\\%lu\\DiskController\\0\\DiskPeripheral",
ROOT_NAME, AdapterCount);
                 Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                                 Name,
                                                 &QueryTable[2],
@@ -415,7 +417,7 @@
                     QueryTable[1].QueryRoutine = DiskConfigurationDataQueryRoutine;
 
                     DiskCount = 0;
-                    while (1)
+                    while (TRUE)
                     {
                         BiosDiskEntry = (BIOSDISKENTRY*)RtlAllocateHeap(ProcessHeap,
HEAP_ZERO_MEMORY, sizeof(BIOSDISKENTRY));
                         if (BiosDiskEntry == NULL)
@@ -423,7 +425,8 @@
                             break;
                         }
 
-                        swprintf(Name,
L"%s\\%lu\\DiskController\\0\\DiskPeripheral\\%lu", ROOT_NAME, AdapterCount,
DiskCount);
+                        StringCchPrintfW(Name, ARRAYSIZE(Name),
+                                        
L"%s\\%lu\\DiskController\\0\\DiskPeripheral\\%lu", ROOT_NAME, AdapterCount,
DiskCount);
                         Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                                         Name,
                                                         QueryTable,
@@ -820,7 +823,7 @@
 
     Buffer = (PUCHAR)&DiskEntry->LayoutBuffer->Signature;
 
-    while (1)
+    while (TRUE)
     {
         NtQuerySystemTime(&SystemTime);
         RtlTimeToTimeFields(&SystemTime, &TimeFields);
@@ -976,7 +979,8 @@
     }
     Checksum = ~Checksum + 1;
 
-    swprintf(Identifier, L"%08x-%08x-A", Checksum, Signature);
+    StringCchPrintfW(Identifier, ARRAYSIZE(Identifier),
+                     L"%08x-%08x-A", Checksum, Signature);
     DPRINT("Identifier: %S\n", Identifier);
 
     DiskEntry = RtlAllocateHeap(ProcessHeap,
@@ -1217,11 +1221,10 @@
 
     for (DiskNumber = 0; DiskNumber < Sdi.NumberOfDisks; DiskNumber++)
     {
-        swprintf(Buffer,
-                 L"\\Device\\Harddisk%d\\Partition0",
-                 DiskNumber);
-        RtlInitUnicodeString(&Name,
-                             Buffer);
+        StringCchPrintfW(Buffer, ARRAYSIZE(Buffer),
+                         L"\\Device\\Harddisk%lu\\Partition0",
+                         DiskNumber);
+        RtlInitUnicodeString(&Name, Buffer);
 
         InitializeObjectAttributes(&ObjectAttributes,
                                    &Name,
@@ -1238,7 +1241,6 @@
         if (NT_SUCCESS(Status))
         {
             AddDiskToList(FileHandle, DiskNumber, List);
-
             NtClose(FileHandle);
         }
     }
@@ -1313,7 +1315,6 @@
         /* Release layout buffer */
         if (DiskEntry->LayoutBuffer != NULL)
             RtlFreeHeap(ProcessHeap, 0, DiskEntry->LayoutBuffer);
-
 
         /* Release disk entry */
         RtlFreeHeap(ProcessHeap, 0, DiskEntry);
@@ -1570,7 +1571,8 @@
     return NULL;
 }
 
-static
+// static
+FORCEINLINE
 BOOLEAN
 IsEmptyLayoutEntry(
     IN PPARTITION_INFORMATION PartitionInfo)
@@ -1582,7 +1584,8 @@
     return FALSE;
 }
 
-static
+// static
+FORCEINLINE
 BOOLEAN
 IsSamePrimaryLayoutEntry(
     IN PPARTITION_INFORMATION PartitionInfo,
@@ -2585,11 +2588,10 @@
 
     DPRINT("WritePartitions() Disk: %lu\n", DiskEntry->DiskNumber);
 
-    swprintf(DstPath,
-             L"\\Device\\Harddisk%d\\Partition0",
-             DiskEntry->DiskNumber);
-    RtlInitUnicodeString(&Name,
-                         DstPath);
+    StringCchPrintfW(DstPath, ARRAYSIZE(DstPath),
+                     L"\\Device\\Harddisk%lu\\Partition0",
+                     DiskEntry->DiskNumber);
+    RtlInitUnicodeString(&Name, DstPath);
     InitializeObjectAttributes(&ObjectAttributes,
                                &Name,
                                0,
@@ -2686,7 +2688,8 @@
     NTSTATUS Status;
     HANDLE KeyHandle;
 
-    swprintf(ValueNameBuffer, L"\\DosDevices\\%C:", Letter);
+    StringCchPrintfW(ValueNameBuffer, ARRAYSIZE(ValueNameBuffer),
+                     L"\\DosDevices\\%C:", Letter);
     RtlInitUnicodeString(&ValueName, ValueNameBuffer);
 
     InitializeObjectAttributes(&ObjectAttributes,



    