setupapi: Fix buffer overflow in load_fake_dll.

Found by Daniel Lehman.

setupapi: Fix buffer overflow in load_fake_dll.
8418115e · Alexandre Julliard · 8ed96ab0 · 8418115e
Commit 8418115e authored Oct 12, 2012 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

fakedll.c dlls/setupapi/fakedll.c +3 -3

No files found.
--- a/dlls/setupapi/fakedll.c
+++ b/dlls/setupapi/fakedll.c
@@ -394,13 +394,13 @@ static void *load_fake_dll( const WCHAR *name, SIZE_T *size )
    if ((p = strrchrW( name, '\\' ))) name = p + 1;

    i = 0;
-    if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + strlenW(name);
+    len = strlenW( name );
+    if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + len;
    while ((path = wine_dll_enum_load_path( i++ ))) maxlen = max( maxlen, strlen(path) );
-    maxlen += sizeof("/fakedlls") + strlenW(name) + 2;
+    maxlen += sizeof("/fakedlls") + len + sizeof(".fake");

    if (!(file = HeapAlloc( GetProcessHeap(), 0, maxlen ))) return NULL;

-    len = strlenW( name );
    pos = maxlen - len - sizeof(".fake");
    if (!dll_name_WtoA( file + pos, name, len )) goto done;
    file[--pos] = '/';