Alistair Leslie-Hughes : advapi32: Prevent buffer overrun. - wine-commits

19 Aug 2015

Module: wine
Branch: master
Commit: 3b5107d06305972beaa9c5ff147ecbcd99949a75
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=3b5107d06305972beaa9c5ff14...
Author: Alistair Leslie-Hughes leslie_alistair@hotmail.com
Date:   Wed Aug 19 12:18:11 2015 +1000
advapi32: Prevent buffer overrun.
---
dlls/advapi32/security.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index d1e2bb4..a40e639 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -4512,13 +4512,15 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
 {
     BOOL bret = FALSE;
     WCHAR toktype;
-    WCHAR tok[MAX_PATH];
+    WCHAR *tok;
     LPCWSTR lptoken;
     LPBYTE lpNext = NULL;
     DWORD len;
*cBytes = sizeof(SECURITY_DESCRIPTOR);
+    tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
+
     if (SecurityDescriptor)
         lpNext = (LPBYTE)(SecurityDescriptor + 1);
@@ -4640,6 +4642,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
     bret = TRUE;
lend:
+    heap_free(tok);
     return bret;
 }

    