-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 2015-01-06 um 21:07 schrieb Stefan Dösinger:
Am 2014-12-13 um 18:06 schrieb Jonathan Vollebregt:
+static LSTATUS sane_path(const WCHAR *key) +{ + if (key[0] == '\\' && key[1] == '\\' && key[2] != '\\') + return ERROR_NO_REMOTE; + + return ERROR_SUCCESS; +} This adds (or rather extends) a possible out of bound array access. Actually, never mind that, as discussed on IRC. If the string is too short key[0] or key[1] won't be '\\'. Still it looks somewhat odd, but the next patch adds an explicit length check.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUrEEAAAoJEN0/YqbEcdMw1FUQAIZWTWbqtX8CvA+26vpsRDKL sY96cCXSONaWSgYK/8ScIE1wFM2VEzvCe8y3ShsJjtrjOTpKy/lNn+S46RsDzanC PlXdr9j8h2QO8pJRVVRgqkO6Ch+QZYI2Sk8ICOEumVMERE8KzSQNLLqSDzO/+JOO cnQsswRqvC4Mai9pEMx/jLD0fSNJAALzJt8aQDv2S8C2pZdaTWCQPGDJboPewGjL JmsrtorcS6VMFgW7lFobIw476sJ9gBaqykyiEkwSV/+kTN0rRLZJDTvzs9a3kwMD VzVuxNbxig/udxJnOW1yyRCMEIimBui/Apotbhg/FdpIatKvL5X4CEz3ms9b93Dp 8wCUNTuE4zblmNfr09c+bGmD157DwV02C6FfXLBoxMbLaNVkhe2zN6CONHxJDgkk 5UShkHhT8xKclnSpt9Uw77+4T/swcaae02mO9OfqbxnQrBahkQ3GbGy8Qs8uENlh HAKXuFMRe2BZBmnGPOx1wG0L3kUIBxB/zpZb8ByAGD/xxlvef+QXtznWsqaCes3m kG8/ndc+0ZpDAlNjsXIXXUrTOFguchS3tjMsivjVfFgt8o4WwcWCmPsoYHNAWNGD tl31KlRIAtq7elSv1zGq4Bwntg1gUdNk5yqCZBjMflZB3gr4MqRPqu56P/hionpr KCq+v5IRqUGrJhlExrV9 =FL8R -----END PGP SIGNATURE-----