[cwittich] 30599: limit length of szValue to LF_FACESIZE to prevent a buffer overflow initialize szValue
20 Nov
2007
20 Nov
'07
4:06 p.m.
Author: cwittich
Date: Tue Nov 20 19:05:59 2007
New Revision: 30599
URL: http://svn.reactos.org/svn/reactos?rev=30599&view=rev
Log:
limit length of szValue to LF_FACESIZE to prevent a buffer overflow
initialize szValue
Modified:
trunk/reactos/subsystems/win32/csrss/win32csr/guiconsole.c
Modified: trunk/reactos/subsystems/win32/csrss/win32csr/guiconsole.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/csrss/win…
==============================================================================
--- trunk/reactos/subsystems/win32/csrss/win32csr/guiconsole.c (original)
+++ trunk/reactos/subsystems/win32/csrss/win32csr/guiconsole.c Tue Nov 20 19:05:59 2007
@@ -506,7 +506,7 @@
DWORD dwValue;
DWORD dwType;
WCHAR szValueName[MAX_PATH];
- WCHAR szValue[MAX_PATH];
+ WCHAR szValue[LF_FACESIZE] = L"\0";
DWORD Value;
if (RegQueryInfoKey(hKey, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumSubKeys, NULL,
NULL, NULL, NULL) != ERROR_SUCCESS)
@@ -530,7 +530,7 @@
* retry in case of string value
*/
dwValue = sizeof(szValue);
- dwValueName = MAX_PATH;
+ dwValueName = LF_FACESIZE;
if (RegEnumValueW(hKey, dwIndex, szValueName, &dwValueName, NULL, NULL,
(BYTE*)szValue, &dwValue) != ERROR_SUCCESS)
break;
}
6149
days inactive
6149
days old
0 comments
1 participants
participants (1)
-
cwittich@svn.reactos.org