Commit ce60eb84 authored by Octavian Voicu's avatar Octavian Voicu Committed by Alexandre Julliard

ntdll: Fix two buffer overflow conditions in RtlDosPathNameToNtPathName_U.

parent 4e760d89
...@@ -383,8 +383,14 @@ BOOLEAN WINAPI RtlDosPathNameToNtPathName_U(PCWSTR dos_path, ...@@ -383,8 +383,14 @@ BOOLEAN WINAPI RtlDosPathNameToNtPathName_U(PCWSTR dos_path,
if (!(ptr = RtlAllocateHeap(GetProcessHeap(), 0, sz))) return FALSE; if (!(ptr = RtlAllocateHeap(GetProcessHeap(), 0, sz))) return FALSE;
sz = RtlGetFullPathName_U(dos_path, sz, ptr, file_part); sz = RtlGetFullPathName_U(dos_path, sz, ptr, file_part);
} }
sz += (1 /* NUL */ + 4 /* unc\ */ + 4 /* \??\ */) * sizeof(WCHAR);
if (sz > MAXWORD)
{
if (ptr != local) RtlFreeHeap(GetProcessHeap(), 0, ptr);
return FALSE;
}
ntpath->MaximumLength = sz + (4 /* unc\ */ + 4 /* \??\ */) * sizeof(WCHAR); ntpath->MaximumLength = sz;
ntpath->Buffer = RtlAllocateHeap(GetProcessHeap(), 0, ntpath->MaximumLength); ntpath->Buffer = RtlAllocateHeap(GetProcessHeap(), 0, ntpath->MaximumLength);
if (!ntpath->Buffer) if (!ntpath->Buffer)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment