From c30ec9459203c1130366f7339024b5460181e077 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sun, 14 Jan 2007 08:04:46 +0000 Subject: [PATCH] kfw wix installer - memory overwrite error The custom handler allocates a buffer that is smaller than is required to hold the input. Allocate the correct sized buffer. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19061 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/installer/wix/custom/custom.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/windows/installer/wix/custom/custom.cpp b/src/windows/installer/wix/custom/custom.cpp index fdf4bbbd2..d6c637845 100644 --- a/src/windows/installer/wix/custom/custom.cpp +++ b/src/windows/installer/wix/custom/custom.cpp @@ -704,10 +704,12 @@ DWORD InstNetProvider(MSIHANDLE hInstall, int bInst) { dwSize = 0; CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, NULL, &dwSize ) ); - strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN) * sizeof(TCHAR) ]; + strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN + 4) * sizeof(TCHAR) ]; CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, (LPBYTE) strOrder, &dwSize)); + strOrder[dwSize] = '\0'; /* reg strings are not always nul terminated */ + npi_CheckAndAddRemove( strOrder, STR_SERVICE , bInst); dwSize = (lstrlen( strOrder ) + 1) * sizeof(TCHAR); -- 2.26.2