Re: [vbox-dev] some errors with ActualLength in VBoxUsbLib-win.cpp

mikhail sennikovsky Mon, 20 Feb 2012 23:48:20 -0800

Thanks a lot for the pointer. We will fix that and will also heck thesource code for such errors.


Mikhail


On 20.02.2012 23:45, Huihong Luo wrote:

I spotted a few bugs: (possibly a few other places)
if(DeviceIoControl(hHub, IOCTL_USB_GET_NODE_CONNECTION_DRIVERKEY_NAME,pName, Name.ActualLength, pName, Name.ActualLength, &cbReturned, NULL))
{
rc = RTUtf16ToUtf8Ex((PCRTUTF16)pName->DriverKeyName,pName->ActualLength, plpszName, 0, NULL);
}
all length inside UNICODE_STRING refers to bytes in microsoft impl,this is the link:http://msdn.microsoft.com/en-us/library/windows/hardware/ff540085(v=vs.85).aspx<http://msdn.microsoft.com/en-us/library/windows/hardware/ff540085%28v=vs.85%29.aspx>so pName->ActualLength may cause buffer overflow, and needs to bedivided by 2:rc = RTUtf16ToUtf8Ex((PCRTUTF16)pName->DriverKeyName,pName->ActualLength/sizeof(WCHAR), plpszName, 0, NULL);
Other files might contain same errors, pls check.



_______________________________________________
vbox-dev mailing list
[email protected]
https://www.virtualbox.org/mailman/listinfo/vbox-dev

_______________________________________________
vbox-dev mailing list
[email protected]
https://www.virtualbox.org/mailman/listinfo/vbox-dev

Re: [vbox-dev] some errors with ActualLength in VBoxUsbLib-win.cpp

Reply via email to