fixed possible buffer overflow bug: pass correct buffer length (in
characters, not bytes) to FileGetString()
Modified: trunk/reactos/subsys/system/cmd/batch.c
Modified: trunk/reactos/subsys/system/cmd/goto.c
Modified: trunk/reactos/subsys/system/cmd/misc.c
_____
Modified: trunk/reactos/subsys/system/cmd/batch.c
--- trunk/reactos/subsys/system/cmd/batch.c 2005-10-01 10:10:39 UTC
(rev 18186)
+++ trunk/reactos/subsys/system/cmd/batch.c 2005-10-01 12:21:55 UTC
(rev 18187)
@@ -408,7 +408,7 @@
return textline;
}
- if (!FileGetString (bc->hBatchFile, textline, sizeof
(textline)))
+ if (!FileGetString (bc->hBatchFile, textline, sizeof
(textline) / sizeof (textline[0])))
{
#ifdef _DEBUG
DebugPrintf (_T("ReadBatchLine(): Reached
EOF!\n"));
_____
Modified: trunk/reactos/subsys/system/cmd/goto.c
--- trunk/reactos/subsys/system/cmd/goto.c 2005-10-01 10:10:39 UTC
(rev 18186)
+++ trunk/reactos/subsys/system/cmd/goto.c 2005-10-01 12:21:55 UTC
(rev 18187)
@@ -85,7 +85,7 @@
/* jump to begin of the file */
SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN);
- while (FileGetString (bc->hBatchFile, textline,
sizeof(textline)))
+ while (FileGetString (bc->hBatchFile, textline, sizeof(textline)
/ sizeof(textline[0])))
{
int pos;
int size;
_____
Modified: trunk/reactos/subsys/system/cmd/misc.c
--- trunk/reactos/subsys/system/cmd/misc.c 2005-10-01 10:10:39 UTC
(rev 18186)
+++ trunk/reactos/subsys/system/cmd/misc.c 2005-10-01 12:21:55 UTC
(rev 18187)
@@ -381,13 +381,12 @@
while ((--nBufferLength > 0) &&
ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead)
{
- if ((ch == '\n') || (ch == '\r'))
+ lpString[len++] = ch;
+ if ((ch == '\n') || (ch == '\r'))
{
- /* read it*/
- lpString[len++] = ch;
+ /* break at new line*/
break;
}
- lpString[len++] = ch;
}
if (!dwRead && !len)
Show replies by date