Wednesday 14 November 2012 Stefan Leichter Stefan.Leichter@camline.com
Wednesday 14 November 2012 Hans Leidekker hans@codeweavers.com
On Wed, 2012-11-14 at 16:28 +0100, Stefan Leichter wrote:
@@ -2053,6 +2053,8 @@ static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf )
char c0, c1, c2, c3; const WCHAR *p = cred;
- TRACE("%s\n", debugstr_wn(cred,len));
This string is already traced in CredUnmarshalCredentialW.
@@ -2134,6 +2136,7 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
case UsernameTargetCredential: { USERNAME_TARGET_CREDENTIAL_INFO *target;
ULONGLONG size = 0; if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) || !size || size % sizeof(WCHAR)) {You should also perform a sanity check on 'size' to avoid overflow in calculations that follow.
I think it is the best when you start fixing your code yourself
Hello Hans,
i have to say sorry, this answer is rude.
But i don't like to do unnecessary iteration on source code especially when the "complain" has been in the previous version too. Source code usually does not get better from iteration to iteration in this case.
Let me rephrase the last mail: I will not send a new patch about this topic in the near future because lack of time. So its now up to you or anyone else to fix the problem.
Regards Stefan