From 63d4bb7bae81db3113388d97204b3a894c1691f1 Mon Sep 17 00:00:00 2001 From: Robert Reif Date: Sat, 19 Aug 2006 13:27:01 -0400 Subject: [PATCH] kernel32: Fix ExpandEnvironmentStrings to not overflow UNICODE_STRING buffer size (with test). --- dlls/kernel/environ.c | 5 +++++ dlls/kernel/tests/environ.c | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/dlls/kernel/environ.c b/dlls/kernel/environ.c index 488752553cc..2de9b920f70 100644 --- a/dlls/kernel/environ.c +++ b/dlls/kernel/environ.c @@ -345,6 +345,11 @@ DWORD WINAPI ExpandEnvironmentStringsW( LPCWSTR src, LPWSTR dst, DWORD len ) TRACE("(%s %p %lu)\n", debugstr_w(src), dst, len); RtlInitUnicodeString(&us_src, src); + + /* make sure we don't overflow maximum UNICODE_STRING size */ + if (len > 0x7fff) + len = 0x7fff; + us_dst.Length = 0; us_dst.MaximumLength = len * sizeof(WCHAR); us_dst.Buffer = dst; diff --git a/dlls/kernel/tests/environ.c b/dlls/kernel/tests/environ.c index 9c041624fe4..c9b8cd9d39d 100644 --- a/dlls/kernel/tests/environ.c +++ b/dlls/kernel/tests/environ.c @@ -213,9 +213,14 @@ static void test_GetSetEnvironmentVariableW(void) static void test_ExpandEnvironmentStringsA(void) { - char buf[256], buf1[256]; + char buf[256], buf1[256], buf2[0x8000]; DWORD ret_size, ret_size1; + /* test a large destination size */ + strcpy(buf, "12345"); + ret_size = ExpandEnvironmentStringsA(buf, buf2, sizeof(buf2)); + ok(!strcmp(buf, buf2), "ExpandEnvironmentStrings failed %s vs %s. ret_size = %ld\n", buf, buf2, ret_size); + ret_size1 = GetWindowsDirectoryA(buf1,256); ok ((ret_size1 >0) && (ret_size1<256), "GetWindowsDirectory Failed\n"); ret_size = ExpandEnvironmentStringsA("%SystemRoot%",buf,sizeof(buf)); -- 2.11.4.GIT