[PATCH 0/1] MR8058: nsiproxy: Avoid buffer overflow in ipv4_neighbour_enumerate_all.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=57613 By writing beyond the end of the buffer some heap block list pointer gets partially overwritten, and therefore crashes on a later call to `RtlAllocateHeap`. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8058
From: Bernhard Übelacker <bernhardu(a)mailbox.org> Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=57613 --- dlls/nsiproxy.sys/ip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/nsiproxy.sys/ip.c b/dlls/nsiproxy.sys/ip.c index 32ba6241761..1a810f70584 100644 --- a/dlls/nsiproxy.sys/ip.c +++ b/dlls/nsiproxy.sys/ip.c @@ -1215,7 +1215,7 @@ static NTSTATUS ipv4_neighbour_enumerate_all( void *key_data, UINT key_size, voi for (j = 0; j < ARRAY_SIZE(ipv4_multicast_addresses); ++j) { if (iface_static[i].unk & (1 << j)) continue; - if (num <= *count) + if (num < *count) { entry.addr.s_addr = ipv4_multicast_addresses[j]; ipv4_neighbour_fill_entry( &entry, key_data, rw_data, dynamic_data, static_data ); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/8058
This merge request was approved by Huw Davies. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8058
participants (2)
-
Bernhard Übelacker -
Huw Davies (@huw)