[NTDLL:LDR]

- Do not assume null termination of DllName and optimize extension search in LdrpLoadDll. Patch by Alexander Yastrebov (menone7 at gmail dot com).
See issue #7251 for more details.

svn path=/trunk/; revision=57092

diff --git a/reactos/dll/ntdll/ldr/ldrutils.c b/reactos/dll/ntdll/ldr/ldrutils.c
index e553e5f..e1dc5f1 100644 (file)
--- a/reactos/dll/ntdll/ldr/ldrutils.c
+++ b/reactos/dll/ntdll/ldr/ldrutils.c
@@ -2415,37 +2415,38 @@ LdrpLoadDll(IN BOOLEAN Redirected,
 {
     PPEB Peb = NtCurrentPeb();
     NTSTATUS Status = STATUS_SUCCESS;
-    PWCHAR p1, p2;
+    PWCHAR p1, p2, p1min;
     WCHAR c;
-    WCHAR NameBuffer[266];
+    WCHAR NameBuffer[MAX_PATH+6];
     LPWSTR RawDllName;
     UNICODE_STRING RawDllNameString;
     PLDR_DATA_TABLE_ENTRY LdrEntry;
     BOOLEAN InInit = LdrpInLdrInit;
 
+    /* Save the Raw DLL Name */
+    RawDllName = NameBuffer;
+    if (DllName->Length >= sizeof(NameBuffer)) return STATUS_NAME_TOO_LONG;
+    RtlMoveMemory(RawDllName, DllName->Buffer, DllName->Length);
+
     /* Find the name without the extension */
-    p1 = DllName->Buffer;
+    p1 = DllName->Buffer + DllName->Length / sizeof(WCHAR) - 1;
     p2 = NULL;
-    while (*p1)
+    for (p1min = DllName->Buffer; p1 >= p1min; p1--)
     {
-        c = *p1++;
+        c = *p1;
         if (c == L'.')
         {
             p2 = p1;
+            break;
         }
         else if (c == L'\\')
         {
-            p2 = NULL;
+            break;
         }
     }
 
-    /* Save the Raw DLL Name */
-    RawDllName = NameBuffer;
-    if (DllName->Length >= sizeof(NameBuffer)) return STATUS_NAME_TOO_LONG;
-    RtlMoveMemory(RawDllName, DllName->Buffer, DllName->Length);
-
-    /* Check if no extension was found or if we got a slash */
-    if (!(p2) || (*p2 == '\\'))
+    /* Check if no extension was found */
+    if (!p2)
     {
         /* Check that we have space to add one */
         if ((DllName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=