Skip to content

W
wine-cw
Commit 07f38445 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

Avoid buffer overflows in builtin dll loading (with the help of Dmitry

Timoshkov).
parent 60cf612b
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 7 deletions
if1632/builtin.c
View file @ 07f38445
......@@ -136,16 +136,19 @@ static HMODULE16 BUILTIN_DoLoadModule16( const BUILTIN16_DESCRIPTOR *descr )
*/
HMODULE16 BUILTIN_LoadModule( LPCSTR name )
{
char dllname[16], *p;
char dllname[20], *p;
void *handle;
int i;
/* Fix the name in case we have a full path and extension */
if ((p = strrchr( name, '\\' ))) name = p + 1;
lstrcpynA( dllname, name, sizeof(dllname) );
if ((p = strrchr( name, '/' ))) name = p + 1;
if (strlen(name) >= sizeof(dllname)-4) return (HMODULE16)2;
strcpy( dllname, name );
p = strrchr( dllname, '.' );
if (!p) strcat( dllname, ".dll" );
for (i = 0; i < nb_dlls; i++)
......
relay32/builtin32.c
View file @ 07f38445
......@@ -264,15 +264,19 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags)
{
HMODULE module;
WINE_MODREF *wm;
char dllname[MAX_PATH], *p;
char dllname[20], *p;
LPCSTR name;
void *handle;
int i;
/* Fix the name in case we have a full path and extension */
if ((p = strrchr( path, '\\' ))) p++;
else p = (char *)path;
lstrcpynA( dllname, p, sizeof(dllname) );
name = path;
if ((p = strrchr( name, '\\' ))) name = p + 1;
if ((p = strrchr( name, '/' ))) name = p + 1;
if (strlen(name) >= sizeof(dllname)-4) goto error;
strcpy( dllname, name );
p = strrchr( dllname, '.' );
if (!p) strcat( dllname, ".dll" );
......@@ -288,6 +292,7 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags)
BUILTIN32_dlclose( handle );
}
error:
SetLastError( ERROR_FILE_NOT_FOUND );
return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment