projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d9f8633)
[RTL]
authorAleksey Bragin <aleksey@reactos.org>
Thu, 13 Oct 2011 18:15:50 +0000 (18:15 +0000)
committerAleksey Bragin <aleksey@reactos.org>
Thu, 13 Oct 2011 18:15:50 +0000 (18:15 +0000)
- Fix two bugs revealed by the newly added test in r54114.
 * Original length of the passed string should be used when checking for out-of-buffer access in the loop
 * PathChars should be updated if a DOS device name was found in the given string.
See issue #6390 for more details.

svn path=/trunk/; revision=54116

reactos/lib/rtl/path.c patch | blob | history

diff --git a/reactos/lib/rtl/path.c b/reactos/lib/rtl/path.c
index 778cef4..dd2b3a2 100644 (file)
--- a/reactos/lib/rtl/path.c
+++ b/reactos/lib/rtl/path.c
@@ -48,7 +48,7 @@ RtlIsDosDeviceName_Ustr(IN PUNICODE_STRING PathString)
     UNICODE_STRING PathCopy;
     PWCHAR Start, End;
     USHORT PathChars, ColonCount = 0;
-    USHORT ReturnOffset = 0, ReturnLength;
+    USHORT ReturnOffset = 0, ReturnLength, OriginalLength;
     WCHAR c;
 
     /* Validate the input */
@@ -77,6 +77,7 @@ RtlIsDosDeviceName_Ustr(IN PUNICODE_STRING PathString)
 
     /* Make a copy of the string */
     PathCopy = *PathString;
+    OriginalLength = PathString->Length;
 
     /* Return if there's no characters */
     PathChars = PathCopy.Length / sizeof(WCHAR);
@@ -124,16 +125,19 @@ RtlIsDosDeviceName_Ustr(IN PUNICODE_STRING PathString)
                 c = *End | ' '; // ' ' == ('z' - 'Z')
 
                 /* Check if it's a DOS device (LPT, COM, PRN, AUX, or NUL) */
-                if ((End < &PathCopy.Buffer[PathCopy.Length / sizeof(WCHAR)]) &&
+                if ((End < &PathCopy.Buffer[OriginalLength / sizeof(WCHAR)]) &&
                     ((c == 'l') || (c == 'c') || (c == 'p') || (c == 'a') || (c == 'n')))
                 {
                     /* Calculate the offset */
                     ReturnOffset = (PCHAR)End - (PCHAR)PathCopy.Buffer;
 
                     /* Build the final string */
-                    PathCopy.Length -= ReturnOffset;
-                    PathCopy.Length -= (ColonCount * sizeof(WCHAR));
+                    PathCopy.Length = OriginalLength - ReturnOffset - (ColonCount * sizeof(WCHAR));
                     PathCopy.Buffer = End;
+
+                    /* Save new amount of chars in the path */
+                    PathChars = PathCopy.Length / sizeof(WCHAR);
+
                     break;
                 }
                 else
A free Windows-compatible Operating System