26 Oct
2015
26 Oct
'15
9:42 a.m.
Hi, On 10/15/15 06:57, YongHao Hu wrote:
+ char temppath[MAX_PATH]; + TRACE("(%s %s %p %p)\n", debugstr_a(target), debugstr_a(dest), err_code, type); + if(strlen(dest) > MAX_PATH) { + *err_code = ERROR_BAD_PATHNAME; + return NULL; + } + strcpy(temppath, dest); + strcat(temppath, "\\*.*"); There's still possible buffer overflow if e.g. strlen(dest)==MAX_PATH-2.
Thanks, Piotr