Re: [advapi32] QueryServiceConfig2 (2nd try)

Stefan Leichter Stefan.Leichter@camline.com writes:

• • Note
• • observed unter win2k:
• • 1. when the function is called to get the required buffer size, the value of
• • the returned parameter needed is big enough to hold the strings as WCHARs(!)

It's not WCHARs, it's two A chars per W char to leave enough room for the conversion. I don't see you doing that in the code.

•    case SERVICE_CONFIG_DESCRIPTION:
  

•        {   LPSERVICE_DESCRIPTIONA configA = (LPSERVICE_DESCRIPTIONA) buffer;
  

•            LPSERVICE_DESCRIPTIONW configW = (LPSERVICE_DESCRIPTIONW) bufferW;
  

•            *needed = sizeof(SERVICE_DESCRIPTIONA);
  

•            if (configW->lpDescription) {
  

•                DWORD sz;
  

•                configA->lpDescription = (LPSTR)(configA + 1);
  

•                sz = WideCharToMultiByte( CP_ACP, 0, configW->lpDescription, -1,
  

•                         configA->lpDescription, size - sizeof(SERVICE_DESCRIPTIONA), NULL, NULL );
  

•                if (!sz) {
  

•                    FIXME("WideCharToMultiByte failed for configW->lpDescription\n");
  

•                    ret = FALSE;
  

•                    configA->lpDescription = NULL;
  

•                    goto cleanup;
  

You need to update the needed size on buffer overflow.