huwcampbell.com
Reactos
[NTOS:KD] Fix buffer overflow for the signon in KdPortInitializeEx.
The built string can be:
°°Kernel Debugger: Serial port found: COM1 (Port 0x000003F8) BaudRate 115200°°°°
(with ° representing the \r and \n in the message)
and you can verify that this is more than 80 characters in total.
+14
-7
+14
-7
ntoskrnl/kd/i386/kdserial.c
+14
-7
ntoskrnl/kd/i386/kdserial.c
···
106
106
else
107
107
{
108
108
#ifndef NDEBUG
109
-
CHAR buffer[80];
109
+
int Length;
110
+
CHAR Buffer[82];
110
111
111
112
/* Print message to blue screen */
112
-
sprintf(buffer,
113
-
"\r\nKernel Debugger: Serial port found: COM%ld (Port 0x%p) BaudRate %ld\r\n\r\n",
114
-
ComPortNumber,
115
-
PortInformation->Address,
116
-
PortInformation->BaudRate);
117
-
HalDisplayString(buffer);
113
+
Length = snprintf(Buffer, sizeof(Buffer),
114
+
"\r\nKernel Debugger: Serial port found: COM%ld (Port 0x%p) BaudRate %ld\r\n\r\n",
115
+
ComPortNumber,
116
+
PortInformation->Address,
117
+
PortInformation->BaudRate);
118
+
if (Length == -1)
119
+
{
120
+
/* Terminate it if we went over-board */
121
+
Buffer[sizeof(Buffer) - 1] = ANSI_NULL;
122
+
}
123
+
124
+
HalDisplayString(Buffer);
118
125
#endif /* NDEBUG */
119
126
120
127
#if 0