Avoid buffer overflows in builtin dll loading (with the help of Dmitry

Timoshkov).
This commit is contained in:
Alexandre Julliard 2000-09-01 01:26:16 +00:00
parent 60cf612b59
commit 07f3844542
2 changed files with 15 additions and 7 deletions

View File

@ -136,16 +136,19 @@ static HMODULE16 BUILTIN_DoLoadModule16( const BUILTIN16_DESCRIPTOR *descr )
*/ */
HMODULE16 BUILTIN_LoadModule( LPCSTR name ) HMODULE16 BUILTIN_LoadModule( LPCSTR name )
{ {
char dllname[16], *p; char dllname[20], *p;
void *handle; void *handle;
int i; int i;
/* Fix the name in case we have a full path and extension */ /* Fix the name in case we have a full path and extension */
if ((p = strrchr( name, '\\' ))) name = p + 1; if ((p = strrchr( name, '\\' ))) name = p + 1;
lstrcpynA( dllname, name, sizeof(dllname) ); if ((p = strrchr( name, '/' ))) name = p + 1;
if (strlen(name) >= sizeof(dllname)-4) return (HMODULE16)2;
strcpy( dllname, name );
p = strrchr( dllname, '.' ); p = strrchr( dllname, '.' );
if (!p) strcat( dllname, ".dll" ); if (!p) strcat( dllname, ".dll" );
for (i = 0; i < nb_dlls; i++) for (i = 0; i < nb_dlls; i++)

View File

@ -264,15 +264,19 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags)
{ {
HMODULE module; HMODULE module;
WINE_MODREF *wm; WINE_MODREF *wm;
char dllname[MAX_PATH], *p; char dllname[20], *p;
LPCSTR name;
void *handle; void *handle;
int i; int i;
/* Fix the name in case we have a full path and extension */ /* Fix the name in case we have a full path and extension */
if ((p = strrchr( path, '\\' ))) p++; name = path;
else p = (char *)path; if ((p = strrchr( name, '\\' ))) name = p + 1;
lstrcpynA( dllname, p, sizeof(dllname) ); if ((p = strrchr( name, '/' ))) name = p + 1;
if (strlen(name) >= sizeof(dllname)-4) goto error;
strcpy( dllname, name );
p = strrchr( dllname, '.' ); p = strrchr( dllname, '.' );
if (!p) strcat( dllname, ".dll" ); if (!p) strcat( dllname, ".dll" );
@ -288,6 +292,7 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags)
BUILTIN32_dlclose( handle ); BUILTIN32_dlclose( handle );
} }
error:
SetLastError( ERROR_FILE_NOT_FOUND ); SetLastError( ERROR_FILE_NOT_FOUND );
return NULL; return NULL;