[SYSSETUP]
authorRafal Harabien <rafalh@reactos.org>
Fri, 15 Apr 2011 14:29:14 +0000 (14:29 +0000)
committerRafal Harabien <rafalh@reactos.org>
Fri, 15 Apr 2011 14:29:14 +0000 (14:29 +0000)
* Computer name length is limited to 15 characters, not 63. Fixes possible buffer overflow
* Spotted by Victor Martinez

svn path=/trunk/; revision=51349

reactos/dll/win32/syssetup/globals.h
reactos/dll/win32/syssetup/wizard.c

index 0e94ff1..fe60318 100644 (file)
@@ -43,7 +43,7 @@ typedef struct _SETUPDATA
 
   WCHAR OwnerName[51];
   WCHAR OwnerOrganization[51];
-  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];     /* max. 63 characters */
+  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];     /* max. 15 characters */
   WCHAR AdminPassword[15];                             /* max. 14 characters */
   BOOL  UnattendSetup;
   BOOL  DisableVmwInst;
index de46e55..fc37c40 100644 (file)
@@ -596,7 +596,7 @@ ComputerPageDlgProc(HWND hwndDlg,
           SetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName);
 
           /* Set text limits */
-          SendDlgItemMessage(hwndDlg, IDC_COMPUTERNAME, EM_LIMITTEXT, 64, 0);
+          SendDlgItemMessage(hwndDlg, IDC_COMPUTERNAME, EM_LIMITTEXT, MAX_COMPUTERNAME_LENGTH, 0);
           SendDlgItemMessage(hwndDlg, IDC_ADMINPASSWORD1, EM_LIMITTEXT, 14, 0);
           SendDlgItemMessage(hwndDlg, IDC_ADMINPASSWORD2, EM_LIMITTEXT, 14, 0);
 
@@ -630,7 +630,7 @@ ComputerPageDlgProc(HWND hwndDlg,
                 break;
 
               case PSN_WIZNEXT:
-                if (GetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName, 64) == 0)
+                if (0 == GetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName, MAX_COMPUTERNAME_LENGTH + 1))
                 {
                   if (0 == LoadStringW(hDllInstance, IDS_WZD_COMPUTERNAME, EmptyComputerName,
                                        sizeof(EmptyComputerName) / sizeof(EmptyComputerName[0])))