Re: fix a too small buffer in CredUnmarshalCredentialW
On Wed, 2012-11-14 at 09:48 +0100, Stefan Leichter wrote:
+ char buffer[6]; + unsigned int buflen, *size = (unsigned int*) buffer;
- if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) || !size || size % sizeof(WCHAR)) + if (len < 9 || !cred_decode( cred + 3, 6, buffer ) || !*size || *size % sizeof(WCHAR))
You're still truncating the decoded size. You should instead make 'size' a ULONGLONG and initialize it to 0. Is this little-endian ARM?
Wednesday 14 November 2012 Hans Leidekker <hans(a)codeweavers.com>
On Wed, 2012-11-14 at 09:48 +0100, Stefan Leichter wrote:
+ char buffer[6]; + unsigned int buflen, *size = (unsigned int*) buffer;
- if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) || !size || size % sizeof(WCHAR)) + if (len < 9 || !cred_decode( cred + 3, 6, buffer ) || !*size || *size % sizeof(WCHAR))
You're still truncating the decoded size. You should instead make 'size' a ULONGLONG and initialize it to 0.
Is this little-endian ARM?
OK, i will send another patch. Platform is ARM, unsure about the endianness but i think it is little-endian
participants (2)
-
Hans Leidekker -
Stefan Leichter