[ros-diffs] [rharabien] 51349: [SYSSETUP] * Computer name length is limited to 15 characters, not 63. Fixes possible buffer overflow * Spotted by Victor Martinez

Fri, 15 Apr 2011 07:29:34 -0700 

Author: rharabien
Date: Fri Apr 15 14:29:14 2011
New Revision: 51349

URL: http://svn.reactos.org/svn/reactos?rev=51349&view=rev
Log:
[SYSSETUP]
* Computer name length is limited to 15 characters, not 63. Fixes possible 
buffer overflow
* Spotted by Victor Martinez

Modified:
    trunk/reactos/dll/win32/syssetup/globals.h
    trunk/reactos/dll/win32/syssetup/wizard.c

Modified: trunk/reactos/dll/win32/syssetup/globals.h
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/globals.h?rev=51349&r1=51348&r2=51349&view=diff
==============================================================================
--- trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] Fri Apr 15 14:29:14 
2011
@@ -43,7 +43,7 @@
 
   WCHAR OwnerName[51];
   WCHAR OwnerOrganization[51];
-  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];     /* max. 63 characters */
+  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];     /* max. 15 characters */
   WCHAR AdminPassword[15];                             /* max. 14 characters */
   BOOL  UnattendSetup;
   BOOL  DisableVmwInst;

Modified: trunk/reactos/dll/win32/syssetup/wizard.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/wizard.c?rev=51349&r1=51348&r2=51349&view=diff
==============================================================================
--- trunk/reactos/dll/win32/syssetup/wizard.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/syssetup/wizard.c [iso-8859-1] Fri Apr 15 14:29:14 
2011
@@ -596,7 +596,7 @@
           SetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName);
 
           /* Set text limits */
-          SendDlgItemMessage(hwndDlg, IDC_COMPUTERNAME, EM_LIMITTEXT, 64, 0);
+          SendDlgItemMessage(hwndDlg, IDC_COMPUTERNAME, EM_LIMITTEXT, 
MAX_COMPUTERNAME_LENGTH, 0);
           SendDlgItemMessage(hwndDlg, IDC_ADMINPASSWORD1, EM_LIMITTEXT, 14, 0);
           SendDlgItemMessage(hwndDlg, IDC_ADMINPASSWORD2, EM_LIMITTEXT, 14, 0);
 
@@ -630,7 +630,7 @@
                 break;
 
               case PSN_WIZNEXT:
-                if (GetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, ComputerName, 
64) == 0)
+                if (0 == GetDlgItemTextW(hwndDlg, IDC_COMPUTERNAME, 
ComputerName, MAX_COMPUTERNAME_LENGTH + 1))
                 {
                   if (0 == LoadStringW(hDllInstance, IDS_WZD_COMPUTERNAME, 
EmptyComputerName,
                                        sizeof(EmptyComputerName) / 
sizeof(EmptyComputerName[0])))

Reply via email to