Fix buffer overrun in SetMscorlibPath

author John Chen <jochen@microsoft.com>

Fri, 13 Nov 2015 18:32:15 +0000 (10:32 -0800)

committer John Chen (CLR) <jochen@microsoft.com>

Fri, 13 Nov 2015 19:17:20 +0000 (11:17 -0800)
author John Chen <jochen@microsoft.com>
Fri, 13 Nov 2015 18:32:15 +0000 (10:32 -0800)
committer John Chen (CLR) <jochen@microsoft.com>
Fri, 13 Nov 2015 19:17:20 +0000 (11:17 -0800)
diff --git a/src/dlls/mscoree/mscoree.cpp b/src/dlls/mscoree/mscoree.cpp

index 6a1af6d..4a581ad 100644 (file)
--- a/src/dlls/mscoree/mscoree.cpp
+++ b/src/dlls/mscoree/mscoree.cpp
@@ -1267,10 +1267,12 @@ HRESULT SetInternalSystemDirectory()
  void SetMscorlibPath(LPCWSTR wzSystemDirectory)
  {
      DWORD len = (DWORD)wcslen(wzSystemDirectory);
-    if (g_dwSystemDirectory < len+1)
+    bool appendSeparator = wzSystemDirectory[len-1] != DIRECTORY_SEPARATOR_CHAR_W;
+    DWORD lenAlloc = appendSeparator ? len+2 : len+1;
+    if (g_dwSystemDirectory < lenAlloc)
      {
          delete [] g_pSystemDirectory;
-        g_pSystemDirectory = new (nothrow) WCHAR[len+1];
+        g_pSystemDirectory = new (nothrow) WCHAR[lenAlloc];
          
          if (g_pSystemDirectory == NULL)
          {
@@ -1281,9 +1283,9 @@ void SetMscorlibPath(LPCWSTR wzSystemDirectory)
      
      wcscpy_s(g_pSystemDirectory, len+1, wzSystemDirectory);
      
-    if(g_pSystemDirectory[len-1] != '\\')
+    if(appendSeparator)
      {
-        g_pSystemDirectory[len] = W('\\');
+        g_pSystemDirectory[len] = DIRECTORY_SEPARATOR_CHAR_W;
          g_pSystemDirectory[len+1] = W('\0');
          g_dwSystemDirectory = len + 1;
      }
author	John Chen <jochen@microsoft.com>
	Fri, 13 Nov 2015 18:32:15 +0000 (10:32 -0800)
committer	John Chen (CLR) <jochen@microsoft.com>
	Fri, 13 Nov 2015 19:17:20 +0000 (11:17 -0800)