ntdll: Avoid overflowing the command line buffer.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49314Signed-off-by: Alexandre Julliard <julliard@winehq.org>

ntdll: Avoid overflowing the command line buffer.
a240abf1 · Alexandre Julliard · ff19f219 · a240abf1
Commit a240abf1 authored Jun 09, 2020 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

env.c dlls/ntdll/env.c +7 -2

No files found.
--- a/dlls/ntdll/env.c
+++ b/dlls/ntdll/env.c
@@ -811,8 +811,7 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )

    len = 1;
    for (arg = argv; *arg; arg++) len += 3 + 2 * wcslen( *arg );
-    cmdline->MaximumLength = len * sizeof(WCHAR);
-    if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, cmdline->MaximumLength ))) return;
+    if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return;

    p = cmdline->Buffer;
    for (arg = argv; *arg; arg++)
@@ -858,7 +857,13 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
    }
    if (p > cmdline->Buffer) p--;  /* remove last space */
    *p = 0;
+    if (p - cmdline->Buffer >= 32767)
+    {
+        ERR( "command line too long (%u)\n", (DWORD)(p - cmdline->Buffer) );
+        NtTerminateProcess( GetCurrentProcess(), 1 );
+    }
    cmdline->Length = (p - cmdline->Buffer) * sizeof(WCHAR);
+    cmdline->MaximumLength = cmdline->Length + sizeof(WCHAR);
 }