Module: wine Branch: master Commit: 8418115edfc785242c16ba1eca5c5a14f6e663b9 URL: http://source.winehq.org/git/wine.git/?a=commit;h=8418115edfc785242c16ba1eca...
Author: Alexandre Julliard julliard@winehq.org Date: Fri Oct 12 11:21:14 2012 +0200
setupapi: Fix buffer overflow in load_fake_dll.
Found by Daniel Lehman.
---
dlls/setupapi/fakedll.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/setupapi/fakedll.c b/dlls/setupapi/fakedll.c index 645b7e8..7393e40 100644 --- a/dlls/setupapi/fakedll.c +++ b/dlls/setupapi/fakedll.c @@ -394,13 +394,13 @@ static void *load_fake_dll( const WCHAR *name, SIZE_T *size ) if ((p = strrchrW( name, '\' ))) name = p + 1;
i = 0; - if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + strlenW(name); + len = strlenW( name ); + if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + len; while ((path = wine_dll_enum_load_path( i++ ))) maxlen = max( maxlen, strlen(path) ); - maxlen += sizeof("/fakedlls") + strlenW(name) + 2; + maxlen += sizeof("/fakedlls") + len + sizeof(".fake");
if (!(file = HeapAlloc( GetProcessHeap(), 0, maxlen ))) return NULL;
- len = strlenW( name ); pos = maxlen - len - sizeof(".fake"); if (!dll_name_WtoA( file + pos, name, len )) goto done; file[--pos] = '/';