From fd1986de3aace2ef51bf28fa76d0162ae2a56e29 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Wed, 30 Jul 2014 07:50:28 +0000
Subject: [PATCH] =?utf8?q?[KS]=20-=20Use=20correct=20buffer=20size=20in=20?=
 =?utf8?q?KspStartBusDevice.=20Spotted=20by=20V=C3=ADctor=20Mart=C3=ADnez?=
 =?utf8?q?=20-=20Avoid=20wcscpy=20in=20kernel=20mode=20while=20we're=20at?=
 =?utf8?q?=20it?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

svn path=/trunk/; revision=63778
---
 reactos/drivers/ksfilter/ks/precomp.h | 1 +
 reactos/drivers/ksfilter/ks/swenum.c  | 8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/reactos/drivers/ksfilter/ks/precomp.h b/reactos/drivers/ksfilter/ks/precomp.h
index 09f35165d5b..738176cf53c 100644
--- a/reactos/drivers/ksfilter/ks/precomp.h
+++ b/reactos/drivers/ksfilter/ks/precomp.h
@@ -7,6 +7,7 @@
 #include <portcls.h>
 #include <kcom.h>
 #include <pseh/pseh2.h>
+#include <ntstrsafe.h>
 
 #include "ksiface.h"
 #include "kstypes.h"
diff --git a/reactos/drivers/ksfilter/ks/swenum.c b/reactos/drivers/ksfilter/ks/swenum.c
index 93dbb41274f..119d13d94c8 100644
--- a/reactos/drivers/ksfilter/ks/swenum.c
+++ b/reactos/drivers/ksfilter/ks/swenum.c
@@ -757,12 +757,13 @@ KspStartBusDevice(
     NTSTATUS Status;
     ULONG ResultLength;
     LPWSTR Name;
+    ULONG NameLength;
     PBUS_DEVICE_ENTRY DeviceEntry;
 
     /* FIXME handle pending remove */
 
     /* get full device name */
-    Status = IoGetDeviceProperty(DeviceObject, DevicePropertyPhysicalDeviceObjectName, sizeof(PDOName), (PVOID)PDOName, &ResultLength);
+    Status = IoGetDeviceProperty(DeviceObject, DevicePropertyPhysicalDeviceObjectName, sizeof(PDOName), PDOName, &ResultLength);
 
     if (!NT_SUCCESS(Status))
     {
@@ -771,7 +772,8 @@ KspStartBusDevice(
     }
 
     /* allocate device name buffer */
-    Name = AllocateItem(NonPagedPool, (ResultLength + 1) * sizeof(WCHAR));
+    NameLength = ResultLength + sizeof(UNICODE_NULL);
+    Name = AllocateItem(NonPagedPool, NameLength);
     if (!Name)
     {
         /* no memory */
@@ -779,7 +781,7 @@ KspStartBusDevice(
     }
 
     /* copy name */
-    wcscpy(Name, PDOName);
+    NT_VERIFY(NT_SUCCESS(RtlStringCbCopyW(Name, NameLength, PDOName)));
 
     /* TODO: time stamp creation time */
 
-- 
2.17.1