|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [win-pv-devel] [PATCH] Fix heap corruption in co-installer
The co-installer was corrupting its heap by trying to free a pointer after
incrementing it from its original value.
Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
---
src/coinst/coinst.c | 10 ++++++----
src/xenbus.inf | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/coinst/coinst.c b/src/coinst/coinst.c
index 27d3211..59726f5 100644
--- a/src/coinst/coinst.c
+++ b/src/coinst/coinst.c
@@ -1132,6 +1132,7 @@ MatchExistingDriver(
DWORD MaxValueLength;
DWORD DriverDescLength;
PTCHAR DriverDesc = NULL;
+ DWORD ProductNameLength;
DWORD Type;
// Look for a legacy platform device
@@ -1213,16 +1214,17 @@ found:
goto fail9;
}
+ ProductNameLength = (DWORD)strlen(PRODUCT_NAME_STR);
+
if (strncmp(DriverDesc,
PRODUCT_NAME_STR,
- strlen(PRODUCT_NAME_STR)) != 0) {
+ ProductNameLength) != 0) {
SetLastError(ERROR_INSTALL_FAILURE);
goto fail10;
}
- DriverDesc += strlen(PRODUCT_NAME_STR);
-
- if (strcmp(DriverDesc, " PV Bus") != 0) {
+ if (strcmp(DriverDesc + ProductNameLength,
+ " PV Bus") != 0) {
SetLastError(ERROR_INSTALL_FAILURE);
goto fail11;
}
diff --git a/src/xenbus.inf b/src/xenbus.inf
index fe01c79..544bb2c 100644
--- a/src/xenbus.inf
+++ b/src/xenbus.inf
@@ -72,8 +72,8 @@
xenbus_coinst_@MAJOR_VERSION@_@MINOR_VERSION@_@MICRO_VERSION@_@BUILD_NUMBER@.dll
CopyFiles=XenBus_Copyfiles
[XenBus_Inst.Services]
-AddService=xenfilt,,XenFilt_Service,
AddService=xenbus,0x02,XenBus_Service,
+AddService=xenfilt,,XenFilt_Service,
[XenBus_Service]
DisplayName=%XenBusDesc%
--
2.1.1
_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |