diff options
author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2007-01-14 08:04:46 +0000 |
---|---|---|
committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2007-01-14 08:04:46 +0000 |
commit | c30ec9459203c1130366f7339024b5460181e077 (patch) | |
tree | d90323ff9a67b6a504c97f3db9eb1ee97f910d7d /src/windows/installer/wix/custom | |
parent | 8fb0d141e06bb482768a4be15ee01ea6131d3575 (diff) | |
download | krb5-c30ec9459203c1130366f7339024b5460181e077.tar.gz krb5-c30ec9459203c1130366f7339024b5460181e077.tar.xz krb5-c30ec9459203c1130366f7339024b5460181e077.zip |
kfw wix installer - memory overwrite error
The custom handler allocates a buffer that is smaller
than is required to hold the input. Allocate the correct
sized buffer.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19061 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/windows/installer/wix/custom')
-rw-r--r-- | src/windows/installer/wix/custom/custom.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/windows/installer/wix/custom/custom.cpp b/src/windows/installer/wix/custom/custom.cpp index fdf4bbbd25..d6c637845c 100644 --- a/src/windows/installer/wix/custom/custom.cpp +++ b/src/windows/installer/wix/custom/custom.cpp @@ -704,10 +704,12 @@ DWORD InstNetProvider(MSIHANDLE hInstall, int bInst) { dwSize = 0; CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, NULL, &dwSize ) ); - strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN) * sizeof(TCHAR) ]; + strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN + 4) * sizeof(TCHAR) ]; CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, (LPBYTE) strOrder, &dwSize)); + strOrder[dwSize] = '\0'; /* reg strings are not always nul terminated */ + npi_CheckAndAddRemove( strOrder, STR_SERVICE , bInst); dwSize = (lstrlen( strOrder ) + 1) * sizeof(TCHAR); |