From 837c766030ff147140f068ad4d1e3919a9d93f7a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Sun, 7 May 2017 18:15:12 +0000 Subject: [PATCH] [NTOS]: Capture the counted BaseDllName unicode string into a local NULL-terminated buffer before calling wcsrchr on it (actually I think it would be better to create & use a similar function that takes counted strings in input). Also use 'L' prefix for wide characters and UNICODE_NULL for string terminator. Patch by Lesan Ilie. CORE-13208 #resolve svn path=/trunk/; revision=74493 --- reactos/ntoskrnl/io/iomgr/driver.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/reactos/ntoskrnl/io/iomgr/driver.c b/reactos/ntoskrnl/io/iomgr/driver.c index e69b7bd8e13..be0a0b2df43 100644 --- a/reactos/ntoskrnl/io/iomgr/driver.c +++ b/reactos/ntoskrnl/io/iomgr/driver.c @@ -884,7 +884,7 @@ IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry) PDEVICE_NODE DeviceNode; PDRIVER_OBJECT DriverObject; NTSTATUS Status; - PWCHAR FileNameWithoutPath; + PWCHAR Buffer, FileNameWithoutPath; PWSTR FileExtension; PUNICODE_STRING ModuleName = &BootLdrEntry->BaseDllName; PLDR_DATA_TABLE_ENTRY LdrEntry; @@ -898,13 +898,19 @@ IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry) IopDisplayLoadingMessage(ModuleName); InbvIndicateProgress(); + Buffer = ExAllocatePool(PagedPool, ModuleName->Length + sizeof(UNICODE_NULL)); + ASSERT(Buffer); + + RtlCopyMemory(Buffer, ModuleName->Buffer, ModuleName->Length); + Buffer[ModuleName->Length / sizeof(WCHAR)] = UNICODE_NULL; + /* * Generate filename without path (not needed by freeldr) */ - FileNameWithoutPath = wcsrchr(ModuleName->Buffer, L'\\'); + FileNameWithoutPath = wcsrchr(Buffer, L'\\'); if (FileNameWithoutPath == NULL) { - FileNameWithoutPath = ModuleName->Buffer; + FileNameWithoutPath = Buffer; } else { @@ -915,6 +921,7 @@ IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry) * Strip the file extension from ServiceName */ Success = RtlCreateUnicodeString(&ServiceName, FileNameWithoutPath); + ExFreePool(Buffer); if (!Success) { return STATUS_INSUFFICIENT_RESOURCES; @@ -924,7 +931,7 @@ IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry) if (FileExtension != NULL) { ServiceName.Length -= (USHORT)wcslen(FileExtension) * sizeof(WCHAR); - FileExtension[0] = 0; + FileExtension[0] = UNICODE_NULL; } /* -- 2.17.1