Alexandre Julliard : ntdll: Avoid overflowing the command line buffer.
Alexandre Julliard
julliard at winehq.org
Tue Jun 9 15:27:46 CDT 2020
Module: wine
Branch: master
Commit: a240abf12b615a50105e4567951df7c1e01d5a03
URL: https://source.winehq.org/git/wine.git/?a=commit;h=a240abf12b615a50105e4567951df7c1e01d5a03
Author: Alexandre Julliard <julliard at winehq.org>
Date: Tue Jun 9 18:34:00 2020 +0200
ntdll: Avoid overflowing the command line buffer.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49314
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/ntdll/env.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/env.c b/dlls/ntdll/env.c
index f8b243154b..6b32f4d57e 100644
--- a/dlls/ntdll/env.c
+++ b/dlls/ntdll/env.c
@@ -811,8 +811,7 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
len = 1;
for (arg = argv; *arg; arg++) len += 3 + 2 * wcslen( *arg );
- cmdline->MaximumLength = len * sizeof(WCHAR);
- if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, cmdline->MaximumLength ))) return;
+ if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return;
p = cmdline->Buffer;
for (arg = argv; *arg; arg++)
@@ -858,7 +857,13 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline )
}
if (p > cmdline->Buffer) p--; /* remove last space */
*p = 0;
+ if (p - cmdline->Buffer >= 32767)
+ {
+ ERR( "command line too long (%u)\n", (DWORD)(p - cmdline->Buffer) );
+ NtTerminateProcess( GetCurrentProcess(), 1 );
+ }
cmdline->Length = (p - cmdline->Buffer) * sizeof(WCHAR);
+ cmdline->MaximumLength = cmdline->Length + sizeof(WCHAR);
}
More information about the wine-cvs
mailing list