kfw wix installer - memory overwrite error

  	The custom handler allocates a buffer that is smaller
	than is required to hold the input.  Allocate the correct
 	sized buffer.

ticket: new
tags: pullup
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19061 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 3 insertions, 1 deletions

diff --git a/src/windows/installer/wix/custom/custom.cpp b/src/windows/installer/wix/custom/custom.cpp
index fdf4bbbd25..d6c637845c 100644
--- a/src/windows/installer/wix/custom/custom.cpp
+++ b/src/windows/installer/wix/custom/custom.cpp
@@ -704,10 +704,12 @@ DWORD InstNetProvider(MSIHANDLE hInstall, int bInst) {
     dwSize = 0;
     CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, NULL, &dwSize ) );
 
-    strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN) * sizeof(TCHAR) ];
+    strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN + 4) * sizeof(TCHAR) ];
 
     CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, (LPBYTE) strOrder, &dwSize));
 
+    strOrder[dwSize] = '\0';	/* reg strings are not always nul terminated */
+
     npi_CheckAndAddRemove( strOrder, STR_SERVICE , bInst);
 
     dwSize = (lstrlen( strOrder ) + 1) * sizeof(TCHAR);