ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ntdll: Avoid overflowing the command line buffer. 

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49314
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2020-06-09 18:34:00 +02:00
parent ff19f21913
commit a240abf12b
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dlls/ntdll/env.c
View File

@ -811,8 +811,7 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
len = 1; len = 1;
for (arg = argv; *arg; arg++) len += 3 + 2 * wcslen( *arg ); for (arg = argv; *arg; arg++) len += 3 + 2 * wcslen( *arg );
cmdline->MaximumLength = len * sizeof(WCHAR); if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return;
if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, cmdline->MaximumLength ))) return;
p = cmdline->Buffer; p = cmdline->Buffer;
for (arg = argv; *arg; arg++) for (arg = argv; *arg; arg++)
@ -858,7 +857,13 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
} }
if (p > cmdline->Buffer) p--; /* remove last space */ if (p > cmdline->Buffer) p--; /* remove last space */
*p = 0; *p = 0;
if (p - cmdline->Buffer >= 32767)
{
ERR( "command line too long (%u)\n", (DWORD)(p - cmdline->Buffer) );
NtTerminateProcess( GetCurrentProcess(), 1 );
}
cmdline->Length = (p - cmdline->Buffer) * sizeof(WCHAR); cmdline->Length = (p - cmdline->Buffer) * sizeof(WCHAR);
cmdline->MaximumLength = cmdline->Length + sizeof(WCHAR);
} }