From 53a065ae0a2f0381f71f21f7d3897ff3f33eb295 Mon Sep 17 00:00:00 2001
From: Nikolay Sivov <nsivov@codeweavers.com>
Date: Mon, 23 Nov 2015 15:29:06 +0300
Subject: [PATCH] crypt32: Fix key name null termination (Coverity).

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/crypt32/str.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c
index 7b52731505a..3fa5a9743e6 100644
--- a/dlls/crypt32/str.c
+++ b/dlls/crypt32/str.c
@@ -769,7 +769,7 @@ struct KeynameKeeper
 {
     WCHAR  buf[10]; /* big enough for L"GivenName" */
     LPWSTR keyName; /* usually = buf, but may be allocated */
-    DWORD  keyLen;
+    DWORD  keyLen;  /* full available buffer size in WCHARs */
 };
 
 static void CRYPT_InitializeKeynameKeeper(struct KeynameKeeper *keeper)
@@ -795,17 +795,13 @@ static void CRYPT_KeynameKeeperFromTokenW(struct KeynameKeeper *keeper,
 {
     DWORD len = key->end - key->start;
 
-    if (len > keeper->keyLen)
+    if (len >= keeper->keyLen)
     {
-        if (keeper->keyName == keeper->buf)
-            keeper->keyName = CryptMemAlloc(len * sizeof(WCHAR));
-        else
-            keeper->keyName = CryptMemRealloc(keeper->keyName,
-             len * sizeof(WCHAR));
-        keeper->keyLen = len;
+        CRYPT_FreeKeynameKeeper( keeper );
+        keeper->keyLen = len + 1;
+        keeper->keyName = CryptMemAlloc(keeper->keyLen * sizeof(WCHAR));
     }
-    memcpy(keeper->keyName, key->start, (key->end - key->start) *
-     sizeof(WCHAR));
+    memcpy(keeper->keyName, key->start, len * sizeof(WCHAR));
     keeper->keyName[len] = '\0';
     TRACE("Keyname is %s\n", debugstr_w(keeper->keyName));
 }
-- 
2.11.4.GIT