projects
/
reactos.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
97d0595
)
[LDR] Don't dereference a possible nullptr on a malformed forwarded import
author
Mark Jansen
<mark.jansen@reactos.org>
Fri, 28 Dec 2018 18:26:32 +0000
(19:26 +0100)
committer
Mark Jansen
<mark.jansen@reactos.org>
Thu, 3 Jan 2019 21:52:18 +0000
(22:52 +0100)
dll/ntdll/ldr/ldrpe.c
patch
|
blob
|
history
diff --git
a/dll/ntdll/ldr/ldrpe.c
b/dll/ntdll/ldr/ldrpe.c
index
d8d235b
..
1f7fa31
100644
(file)
--- a/
dll/ntdll/ldr/ldrpe.c
+++ b/
dll/ntdll/ldr/ldrpe.c
@@
-962,7
+962,7
@@
LdrpSnapThunk(IN PVOID ExportBase,
PIMAGE_IMPORT_BY_NAME AddressOfData;
PULONG NameTable;
PUSHORT OrdinalTable;
PIMAGE_IMPORT_BY_NAME AddressOfData;
PULONG NameTable;
PUSHORT OrdinalTable;
- LPSTR ImportName = NULL;
+ LPSTR ImportName = NULL
, DotPosition
;
USHORT Hint;
NTSTATUS Status;
ULONG_PTR HardErrorParameters[3];
USHORT Hint;
NTSTATUS Status;
ULONG_PTR HardErrorParameters[3];
@@
-1117,8
+1117,14
@@
FailurePath:
{
/* Get the Import and Forwarder Names */
ImportName = (LPSTR)Thunk->u1.Function;
{
/* Get the Import and Forwarder Names */
ImportName = (LPSTR)Thunk->u1.Function;
+
+ DotPosition = strchr(ImportName, '.');
+ ASSERT(DotPosition != NULL);
+ if (!DotPosition)
+ goto FailurePath;
+
ForwarderName.Buffer = ImportName;
ForwarderName.Buffer = ImportName;
- ForwarderName.Length = (USHORT)(
strchr(ImportName, '.')
- ImportName);
+ ForwarderName.Length = (USHORT)(
DotPosition
- ImportName);
ForwarderName.MaximumLength = ForwarderName.Length;
Status = RtlAnsiStringToUnicodeString(&TempUString,
&ForwarderName,
ForwarderName.MaximumLength = ForwarderName.Length;
Status = RtlAnsiStringToUnicodeString(&TempUString,
&ForwarderName,