[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [win-pv-devel] [PATCH] Fix heap corruption in co-installer
The co-installer was corrupting its heap by trying to free a pointer after incrementing it from its original value. Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx> --- src/coinst/coinst.c | 10 ++++++---- src/xenbus.inf | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/coinst/coinst.c b/src/coinst/coinst.c index 27d3211..59726f5 100644 --- a/src/coinst/coinst.c +++ b/src/coinst/coinst.c @@ -1132,6 +1132,7 @@ MatchExistingDriver( DWORD MaxValueLength; DWORD DriverDescLength; PTCHAR DriverDesc = NULL; + DWORD ProductNameLength; DWORD Type; // Look for a legacy platform device @@ -1213,16 +1214,17 @@ found: goto fail9; } + ProductNameLength = (DWORD)strlen(PRODUCT_NAME_STR); + if (strncmp(DriverDesc, PRODUCT_NAME_STR, - strlen(PRODUCT_NAME_STR)) != 0) { + ProductNameLength) != 0) { SetLastError(ERROR_INSTALL_FAILURE); goto fail10; } - DriverDesc += strlen(PRODUCT_NAME_STR); - - if (strcmp(DriverDesc, " PV Bus") != 0) { + if (strcmp(DriverDesc + ProductNameLength, + " PV Bus") != 0) { SetLastError(ERROR_INSTALL_FAILURE); goto fail11; } diff --git a/src/xenbus.inf b/src/xenbus.inf index fe01c79..544bb2c 100644 --- a/src/xenbus.inf +++ b/src/xenbus.inf @@ -72,8 +72,8 @@ xenbus_coinst_@MAJOR_VERSION@_@MINOR_VERSION@_@MICRO_VERSION@_@BUILD_NUMBER@.dll CopyFiles=XenBus_Copyfiles [XenBus_Inst.Services] -AddService=xenfilt,,XenFilt_Service, AddService=xenbus,0x02,XenBus_Service, +AddService=xenfilt,,XenFilt_Service, [XenBus_Service] DisplayName=%XenBusDesc% -- 2.1.1 _______________________________________________ win-pv-devel mailing list win-pv-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |