Alexander Farber : cmd: Fixed 3 buffer overflows when fetching environment variables. - wine-commits

1 Mar 2007

Module: wine
Branch: master
Commit: fdeb6d5ae56ca40d3f4f1a7c4d75d31f2e58d6d5
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=fdeb6d5ae56ca40d3f4f1a7c4d...
Author: Alexander Farber Alexander.Farber@nokia.com
Date:   Wed Feb 28 15:23:15 2007 +0100
cmd: Fixed 3 buffer overflows when fetching environment variables.
---
programs/cmd/wcmdmain.c |   14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/programs/cmd/wcmdmain.c b/programs/cmd/wcmdmain.c
index fdf864a..754dec7 100644
--- a/programs/cmd/wcmdmain.c
+++ b/programs/cmd/wcmdmain.c
@@ -672,6 +672,7 @@ void WCMD_run_program (char *command, int called) {
   BOOL  extensionsupplied = FALSE;
   BOOL  launched = FALSE;
   BOOL  status;
+  DWORD len;
WCMD_parse (command, quals, param1, param2);	/* Quick way to get the filename */
@@ -681,8 +682,8 @@ void WCMD_run_program (char *command, int called) {
   /* Calculate the search path and stem to search for */
   if (strpbrk (param1, "/\:") == NULL) {  /* No explicit path given, search path */
     strcpy(pathtosearch,".;");
-    status = GetEnvironmentVariable ("PATH", &pathtosearch[2], sizeof(pathtosearch)-2);
-    if ((status == 0) || (status > sizeof(pathtosearch))) {
+    len = GetEnvironmentVariable ("PATH", &pathtosearch[2], sizeof(pathtosearch)-2);
+    if ((len == 0) || (len >= sizeof(pathtosearch) - 2)) {
       lstrcpy (pathtosearch, ".");
     }
     if (strchr(param1, '.') != NULL) extensionsupplied = TRUE;
@@ -699,8 +700,8 @@ void WCMD_run_program (char *command, int called) {
   }
/* Now extract PATHEXT */
-  status = GetEnvironmentVariable ("PATHEXT", pathext, sizeof(pathext));
-  if ((status == 0) || (status > sizeof(pathext))) {
+  len = GetEnvironmentVariable ("PATHEXT", pathext, sizeof(pathext));
+  if ((len == 0) || (len >= sizeof(pathext))) {
     lstrcpy (pathext, ".bat;.com;.cmd;.exe");
   }
@@ -857,9 +858,10 @@ void WCMD_show_prompt (void) {
 int status;
 char out_string[MAX_PATH], curdir[MAX_PATH], prompt_string[MAX_PATH];
 char *p, *q;
+DWORD len;
-  status = GetEnvironmentVariable ("PROMPT", prompt_string, sizeof(prompt_string));
-  if ((status == 0) || (status > sizeof(prompt_string))) {
+  len = GetEnvironmentVariable ("PROMPT", prompt_string, sizeof(prompt_string));
+  if ((len == 0) || (len >= sizeof(prompt_string))) {
     lstrcpy (prompt_string, "$P$G");
   }
   p = prompt_string;

    