Commit 07f38445 authored by Alexandre Julliard's avatar Alexandre Julliard

Avoid buffer overflows in builtin dll loading (with the help of Dmitry

Timoshkov).
parent 60cf612b
...@@ -136,16 +136,19 @@ static HMODULE16 BUILTIN_DoLoadModule16( const BUILTIN16_DESCRIPTOR *descr ) ...@@ -136,16 +136,19 @@ static HMODULE16 BUILTIN_DoLoadModule16( const BUILTIN16_DESCRIPTOR *descr )
*/ */
HMODULE16 BUILTIN_LoadModule( LPCSTR name ) HMODULE16 BUILTIN_LoadModule( LPCSTR name )
{ {
char dllname[16], *p; char dllname[20], *p;
void *handle; void *handle;
int i; int i;
/* Fix the name in case we have a full path and extension */ /* Fix the name in case we have a full path and extension */
if ((p = strrchr( name, '\\' ))) name = p + 1; if ((p = strrchr( name, '\\' ))) name = p + 1;
lstrcpynA( dllname, name, sizeof(dllname) ); if ((p = strrchr( name, '/' ))) name = p + 1;
if (strlen(name) >= sizeof(dllname)-4) return (HMODULE16)2;
strcpy( dllname, name );
p = strrchr( dllname, '.' ); p = strrchr( dllname, '.' );
if (!p) strcat( dllname, ".dll" ); if (!p) strcat( dllname, ".dll" );
for (i = 0; i < nb_dlls; i++) for (i = 0; i < nb_dlls; i++)
......
...@@ -264,15 +264,19 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags) ...@@ -264,15 +264,19 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags)
{ {
HMODULE module; HMODULE module;
WINE_MODREF *wm; WINE_MODREF *wm;
char dllname[MAX_PATH], *p; char dllname[20], *p;
LPCSTR name;
void *handle; void *handle;
int i; int i;
/* Fix the name in case we have a full path and extension */ /* Fix the name in case we have a full path and extension */
if ((p = strrchr( path, '\\' ))) p++; name = path;
else p = (char *)path; if ((p = strrchr( name, '\\' ))) name = p + 1;
lstrcpynA( dllname, p, sizeof(dllname) ); if ((p = strrchr( name, '/' ))) name = p + 1;
if (strlen(name) >= sizeof(dllname)-4) goto error;
strcpy( dllname, name );
p = strrchr( dllname, '.' ); p = strrchr( dllname, '.' );
if (!p) strcat( dllname, ".dll" ); if (!p) strcat( dllname, ".dll" );
...@@ -288,6 +292,7 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags) ...@@ -288,6 +292,7 @@ WINE_MODREF *BUILTIN32_LoadLibraryExA(LPCSTR path, DWORD flags)
BUILTIN32_dlclose( handle ); BUILTIN32_dlclose( handle );
} }
error:
SetLastError( ERROR_FILE_NOT_FOUND ); SetLastError( ERROR_FILE_NOT_FOUND );
return NULL; return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment