From 2158f31b7128fea95f0ab5e40067dd93e70b8dca Mon Sep 17 00:00:00 2001 From: =?utf8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Sun, 22 Jul 2018 21:32:38 +0200 Subject: [PATCH] [KERNEL32] Use RtlStringCbCopyNW() to correctly fill the WIN32_FIND_DATA.cFileName and cAlternateFileName members without any overflow and with a terminating NULL character. --- dll/win32/kernel32/client/file/disk.c | 1 - dll/win32/kernel32/client/file/find.c | 39 ++++++++++++++------------- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/dll/win32/kernel32/client/file/disk.c b/dll/win32/kernel32/client/file/disk.c index 6d13e64acba..7fe80616662 100644 --- a/dll/win32/kernel32/client/file/disk.c +++ b/dll/win32/kernel32/client/file/disk.c @@ -19,7 +19,6 @@ */ #include -#include #define NDEBUG #include diff --git a/dll/win32/kernel32/client/file/find.c b/dll/win32/kernel32/client/file/find.c index 4a2d1520e66..b5fe7713e53 100644 --- a/dll/win32/kernel32/client/file/find.c +++ b/dll/win32/kernel32/client/file/find.c @@ -5,12 +5,14 @@ * PURPOSE: Find functions * PROGRAMMERS: Ariadne (ariadne@xs4all.nl) * Pierre Schweitzer (pierre.schweitzer@reactos.org) - * Hermes BELUSCA - MAITO (hermes.belusca@sfr.fr) + * Hermes Belusca-Maito */ /* INCLUDES *******************************************************************/ #include +#include + #define NDEBUG #include DEBUG_CHANNEL(kernel32file); @@ -71,7 +73,7 @@ typedef struct _FIND_FILE_DATA /* * For handling STATUS_BUFFER_OVERFLOW errors emitted by - * NtQueryDirectoryFile in the FildNextFile function. + * NtQueryDirectoryFile in the FindNextFile function. */ BOOLEAN HasMoreData; @@ -128,9 +130,9 @@ CopyDeviceFindData(OUT LPWIN32_FIND_DATAW lpFindFileData, /* Return the data */ RtlZeroMemory(lpFindFileData, sizeof(*lpFindFileData)); lpFindFileData->dwFileAttributes = FILE_ATTRIBUTE_ARCHIVE; - RtlCopyMemory(lpFindFileData->cFileName, - DeviceName, - Length); + RtlStringCbCopyNW(lpFindFileData->cFileName, + sizeof(lpFindFileData->cFileName), + DeviceName, Length); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { @@ -175,22 +177,22 @@ do { \ if (fInfoLevelId == FindExInfoStandard) { - RtlCopyMemory(lpFindFileData->cFileName, - DirInfo.BothDirInfo->FileName, - DirInfo.BothDirInfo->FileNameLength); - lpFindFileData->cFileName[DirInfo.BothDirInfo->FileNameLength / sizeof(WCHAR)] = UNICODE_NULL; - - RtlCopyMemory(lpFindFileData->cAlternateFileName, - DirInfo.BothDirInfo->ShortName, - DirInfo.BothDirInfo->ShortNameLength); - lpFindFileData->cAlternateFileName[DirInfo.BothDirInfo->ShortNameLength / sizeof(WCHAR)] = UNICODE_NULL; + RtlStringCbCopyNW(lpFindFileData->cFileName, + sizeof(lpFindFileData->cFileName), + DirInfo.BothDirInfo->FileName, + DirInfo.BothDirInfo->FileNameLength); + + RtlStringCbCopyNW(lpFindFileData->cAlternateFileName, + sizeof(lpFindFileData->cAlternateFileName), + DirInfo.BothDirInfo->ShortName, + DirInfo.BothDirInfo->ShortNameLength); } else if (fInfoLevelId == FindExInfoBasic) { - RtlCopyMemory(lpFindFileData->cFileName, - DirInfo.FullDirInfo->FileName, - DirInfo.FullDirInfo->FileNameLength); - lpFindFileData->cFileName[DirInfo.FullDirInfo->FileNameLength / sizeof(WCHAR)] = UNICODE_NULL; + RtlStringCbCopyNW(lpFindFileData->cFileName, + sizeof(lpFindFileData->cFileName), + DirInfo.FullDirInfo->FileName, + DirInfo.FullDirInfo->FileNameLength); lpFindFileData->cAlternateFileName[0] = UNICODE_NULL; } @@ -554,6 +556,7 @@ FindClose(HANDLE hFindFile) _SEH2_YIELD(return FALSE); } _SEH2_END; + return TRUE; } -- 2.17.1