Fix a couple of overflowing heap allocations revealed by the previous change.

2007-05-22 11:59:36 +02:00 · 2007-05-22 11:59:36 +02:00 · be59e2bb53
parent cc54b7d9bd
commit be59e2bb53
2 changed files with 10 additions and 2 deletions
--- a/dlls/ntdll/file.c
+++ b/dlls/ntdll/file.c
@ -1449,9 +1449,10 @@ NTSTATUS WINAPI NtQueryInformationFile( HANDLE hFile, PIO_STATUS_BLOCK io,
            SERVER_END_REQ;
            if (!io->u.Status)
            {
+                char *tmpbuf;
                ULONG size = info->MaximumMessageSize ? info->MaximumMessageSize : 0x10000;
-                char *tmpbuf = RtlAllocateHeap( GetProcessHeap(), 0, size );
-                if (tmpbuf)
+                if (size > 0x10000) size = 0x10000;
+                if ((tmpbuf = RtlAllocateHeap( GetProcessHeap(), 0, size )))
                {
                    int fd, needs_close;
                    if (!server_get_unix_fd( hFile, FILE_READ_DATA, &fd, &needs_close, NULL, NULL ))
--- a/dlls/wininet/internet.c
+++ b/dlls/wininet/internet.c
@ -1044,6 +1044,13 @@ BOOL WINAPI InternetCrackUrlA(LPCSTR lpszUrl, DWORD dwUrlLength, DWORD dwFlags,
  WCHAR* lpwszUrl;

  TRACE("(%s %u %x %p)\n", debugstr_a(lpszUrl), dwUrlLength, dwFlags, lpUrlComponents);
+
+  if (!lpszUrl || !*lpszUrl)
+  {
+      INTERNET_SetLastError(ERROR_INVALID_PARAMETER);
+      return FALSE;
+  }
+
  if(dwUrlLength<=0)
      dwUrlLength=-1;
  nLength=MultiByteToWideChar(CP_ACP,0,lpszUrl,dwUrlLength,NULL,0);