https://git.reactos.org/?p=reactos.git;a=commitdiff;h=eabae983e02f838b8303ca3241f6c80924ca6e46
commit eabae983e02f838b8303ca3241f6c80924ca6e46 Author: Eric Kohl <[email protected]> AuthorDate: Mon Apr 22 00:41:24 2019 +0200 Commit: Eric Kohl <[email protected]> CommitDate: Mon Apr 22 00:44:47 2019 +0200 [POWRPROF] EnumPwrSchemes: Fix callback string lengths The callback routine should get the real lengths of the name and description strings in bytes instead of the buffer sizes in characters. This fixes buffer overflows in powercfg.cpl. --- dll/win32/powrprof/powrprof.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dll/win32/powrprof/powrprof.c b/dll/win32/powrprof/powrprof.c index 672c8324ca..d176c2ae04 100644 --- a/dll/win32/powrprof/powrprof.c +++ b/dll/win32/powrprof/powrprof.c @@ -265,7 +265,7 @@ EnumPwrSchemes(PWRSCHEMESENUMPROC lpfnPwrSchemesEnumProc, memcpy(&PwrPolicy.user, &userPwrPolicy, sizeof(USER_POWER_POLICY)); memcpy(&PwrPolicy.mach, &machinePwrPolicy, sizeof(MACHINE_POWER_POLICY)); - if (!lpfnPwrSchemesEnumProc(_wtoi(szNum), dwNameSize, szName, dwDescSize, szDesc, &PwrPolicy, lParam)) + if (!lpfnPwrSchemesEnumProc(_wtoi(szNum), (wcslen(szName) + 1) * sizeof(WCHAR), szName, (wcslen(szDesc) + 1) * sizeof(WCHAR), szDesc, &PwrPolicy, lParam)) goto cleanup; else bRet = TRUE;
