win32_apply.c: set_short_name(): Zero buffer
authorEric Biggers <ebiggers3@gmail.com>
Thu, 28 Aug 2014 07:06:39 +0000 (02:06 -0500)
committerEric Biggers <ebiggers3@gmail.com>
Thu, 28 Aug 2014 07:06:39 +0000 (02:06 -0500)
src/win32_apply.c

index c1fbc49..9fac156 100644 (file)
@@ -953,20 +953,22 @@ set_short_name(HANDLE h, const struct wim_dentry *dentry,
         * with the former case being removing the existing short name if
         * present, rather than setting one.
         *
-        * FileName seemingly does not, however, need to be null-terminated in
-        * any case.
+        * The null terminator is seemingly optional, but to be safe we include
+        * space for it and zero all unused space.
         */
 
        size_t bufsize = offsetof(FILE_NAME_INFORMATION, FileName) +
-                        max(dentry->short_name_nbytes, 2 * sizeof(wchar_t));
+                        max(dentry->short_name_nbytes, sizeof(wchar_t)) +
+                        sizeof(wchar_t);
        u8 buf[bufsize] _aligned_attribute(8);
        FILE_NAME_INFORMATION *info = (FILE_NAME_INFORMATION *)buf;
        NTSTATUS status;
 
+       memset(buf, 0, bufsize);
+
        info->FileNameLength = dentry->short_name_nbytes;
        memcpy(info->FileName, dentry->short_name, dentry->short_name_nbytes);
 
-
 retry:
        status = (*func_NtSetInformationFile)(h, &ctx->iosb, info, bufsize,
                                              FileShortNameInformation);