Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[install] Use "secure" versions of _snprintf() and _snwprintf()
Apparently, the _snprintf() function differs from snprintf() in that
_snprintf() will not NUL-terminate the string if the buffer is too
short.

Words fail me.

Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
  • Loading branch information
mcb30 committed Aug 10, 2014
1 parent 23e2ba9 commit fdfeb54
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
7 changes: 4 additions & 3 deletions src/installer/setup.c
Expand Up @@ -494,16 +494,17 @@ int __cdecl main ( int argc, char **argv ) {
goto fail;
if ( file_part )
*file_part = 0;
_snprintf ( inf_rel_path, sizeof ( inf_rel_path ),
"%s\\..\\sanbootconf.inf", bin_path );
_snprintf_s ( inf_rel_path, sizeof ( inf_rel_path ), _TRUNCATE,
"%s\\..\\sanbootconf.inf", bin_path );
len = GetFullPathName ( inf_rel_path, array_size ( inf_path ),
inf_path, NULL );
if ( ( len == 0 ) || ( len >= array_size ( inf_path ) ) )
goto fail;
printf ( "Installing from \"%s\"\n", inf_path );

/* Install/update driver */
_snwprintf ( inf_path_w, array_size ( inf_path_w ), L"%S", inf_path );
_snwprintf_s ( inf_path_w, array_size ( inf_path_w ), _TRUNCATE,
L"%S", inf_path );
if ( install_or_update_driver ( inf_path_w, hw_id ) != 0 )
goto fail;

Expand Down
4 changes: 2 additions & 2 deletions src/installer/setupdi.c
Expand Up @@ -175,8 +175,8 @@ static int install_device_node ( LPWSTR inf_path, LPWSTR hw_id ) {
printf ( "Device instance ID is \"%S\"\n", dev_instance );

/* Add the hardware ID */
hw_ids_len = _snwprintf ( hw_ids, array_size ( hw_ids ),
L"%s%c", hw_id, 0 );
hw_ids_len = _snwprintf_s ( hw_ids, array_size ( hw_ids ), _TRUNCATE,
L"%s%c", hw_id, 0 );
if ( ! SetupDiSetDeviceRegistryPropertyW ( dev_info_list, &dev_info,
SPDRP_HARDWAREID,
( ( LPBYTE ) hw_ids ),
Expand Down

0 comments on commit fdfeb54

Please sign in to comment.