From: Jeffrey Altman Date: Tue, 29 Nov 2011 19:59:24 +0000 (-0500) Subject: Windows: NPGetConnectionCommon buffer too small X-Git-Tag: upstream/1.8.0_pre1^2~3001 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=31d80e64683a6e7ce33ab714759e74a18454110d;p=packages%2Fo%2Fopenafs.git Windows: NPGetConnectionCommon buffer too small If the specified buffer size is too small, say so. Do not attempt to copy data in that won't fit. Do not walk beyond the end of the allocated memory. Change-Id: Id4a75273d8ec9e9cc8471a963bc32f6cad59163e Reviewed-on: http://gerrit.openafs.org/6140 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman --- diff --git a/src/WINNT/afsrdr/npdll/AFS_Npdll.c b/src/WINNT/afsrdr/npdll/AFS_Npdll.c index 51fe57a04..e412d91ba 100644 --- a/src/WINNT/afsrdr/npdll/AFS_Npdll.c +++ b/src/WINNT/afsrdr/npdll/AFS_Npdll.c @@ -1253,17 +1253,21 @@ NPGetConnectionCommon( LPWSTR lpLocalName, HRESULT hr; WCHAR *pwch; DWORD dwCount = 0; + DWORD dwRequiredSize; #ifdef AFS_DEBUG_TRACE AFSDbgPrint( L"NPGetConnection drive substitution %s is AFS\n", wchSubstName); #endif + dwRequiredSize = wcslen( wchSubstName) * sizeof( WCHAR) + sizeof( WCHAR); + if ( lpRemoteName == NULL || - dwPassedSize == 0) + dwPassedSize == 0 || + dwRequiredSize > *lpBufferSize) { - *lpBufferSize = wcslen( wchSubstName) * sizeof( WCHAR) + sizeof( WCHAR); + *lpBufferSize = dwRequiredSize; try_return( dwStatus = WN_MORE_DATA); @@ -1274,7 +1278,7 @@ NPGetConnectionCommon( LPWSTR lpLocalName, if ( SUCCEEDED(hr)) { - for ( dwCount = 0, pwch = lpRemoteName; *pwch; pwch++ ) + for ( dwCount = 0, pwch = lpRemoteName; *pwch && pwch < lpRemoteName + (*lpBufferSize); pwch++ ) { if ( *pwch == L'\\' ) {