fixed possible buffer overflow bug: pass correct buffer length (in characters, not bytes) to FileGetString() Modified: trunk/reactos/subsys/system/cmd/batch.c Modified: trunk/reactos/subsys/system/cmd/goto.c Modified: trunk/reactos/subsys/system/cmd/misc.c _____ Modified: trunk/reactos/subsys/system/cmd/batch.c --- trunk/reactos/subsys/system/cmd/batch.c 2005-10-01 10:10:39 UTC (rev 18186) +++ trunk/reactos/subsys/system/cmd/batch.c 2005-10-01 12:21:55 UTC (rev 18187) @@ -408,7 +408,7 @@ return textline; } - if (!FileGetString (bc->hBatchFile, textline, sizeof (textline))) + if (!FileGetString (bc->hBatchFile, textline, sizeof (textline) / sizeof (textline[0]))) { #ifdef _DEBUG DebugPrintf (_T("ReadBatchLine(): Reached EOF!\n")); _____ Modified: trunk/reactos/subsys/system/cmd/goto.c --- trunk/reactos/subsys/system/cmd/goto.c 2005-10-01 10:10:39 UTC (rev 18186) +++ trunk/reactos/subsys/system/cmd/goto.c 2005-10-01 12:21:55 UTC (rev 18187) @@ -85,7 +85,7 @@ /* jump to begin of the file */ SetFilePointer (bc->hBatchFile, 0, &lNewPosHigh, FILE_BEGIN); - while (FileGetString (bc->hBatchFile, textline, sizeof(textline))) + while (FileGetString (bc->hBatchFile, textline, sizeof(textline) / sizeof(textline[0]))) { int pos; int size; _____ Modified: trunk/reactos/subsys/system/cmd/misc.c --- trunk/reactos/subsys/system/cmd/misc.c 2005-10-01 10:10:39 UTC (rev 18186) +++ trunk/reactos/subsys/system/cmd/misc.c 2005-10-01 12:21:55 UTC (rev 18187) @@ -381,13 +381,12 @@ while ((--nBufferLength > 0) && ReadFile(hFile, &ch, 1, &dwRead, NULL) && dwRead) { - if ((ch == '\n') || (ch == '\r')) + lpString[len++] = ch; + if ((ch == '\n') || (ch == '\r')) { - /* read it*/ - lpString[len++] = ch; + /* break at new line*/ break; } - lpString[len++] = ch; } if (!dwRead && !len)