[KERNEL32]

- Fix buffer overwrite in GetModuleFileName(). Spotted by DPH.
See issue #5964 for more details.

svn path=/trunk/; revision=50912

diff --git a/reactos/dll/win32/kernel32/misc/ldr.c b/reactos/dll/win32/kernel32/misc/ldr.c
index da2f582..6a954ae 100644 (file)
--- a/reactos/dll/win32/kernel32/misc/ldr.c
+++ b/reactos/dll/win32/kernel32/misc/ldr.c
@@ -431,10 +431,10 @@ GetModuleFileNameA (
                                                             &Module->FullDllName,
                                                             FALSE);
                                
-                       if (nSize < Length)
-                               SetLastErrorByStatus (STATUS_BUFFER_TOO_SMALL);
-                       else
+                       if (Length < nSize)
                                lpFilename[Length] = '\0';
+                       else
+                               SetLastErrorByStatus (STATUS_BUFFER_TOO_SMALL);
 
                        RtlLeaveCriticalSection (Peb->LoaderLock);
                        return Length;
@@ -489,10 +489,10 @@ GetModuleFileNameW (
 
                        RtlCopyUnicodeString (&FileName,
                                              &Module->FullDllName);
-                       if (nSize < Length)
-                               SetLastErrorByStatus (STATUS_BUFFER_TOO_SMALL);
-                       else
+                       if (Length < nSize)
                                lpFilename[Length] = L'\0';
+                       else
+                               SetLastErrorByStatus (STATUS_BUFFER_TOO_SMALL);
 
                        RtlLeaveCriticalSection (Peb->LoaderLock);