[SETUPAPI]

- Fix Buffer overflow in FixupServiceBinaryPath

svn path=/trunk/; revision=71379

diff --git a/reactos/dll/win32/setupapi/install.c b/reactos/dll/win32/setupapi/install.c
index bfa6767..8408cb6 100644 (file)
--- a/reactos/dll/win32/setupapi/install.c
+++ b/reactos/dll/win32/setupapi/install.c
@@ -1748,10 +1748,8 @@ static VOID FixupServiceBinaryPath(
         /* Handle Win32-services differently */
         if (ServiceType & SERVICE_WIN32)
         {
-            Win32Length = (ServiceLength -
-                RosDirLength - 1 + 13) * sizeof(WCHAR);
-            /* -1 to not count the separator after C:\ReactOS
-               wcslen(L"%SystemRoot%\\") = 13*sizeof(wchar_t) */
+            Win32Length = (ServiceLength - RosDirLength) * sizeof(WCHAR)
+                        - sizeof(L'\\') + sizeof(L"%SystemRoot%\\");
             Buffer = MyMalloc(Win32Length);
 
             wcscpy(Buffer, L"%SystemRoot%\\");