...
In this compliant solution, the while loop in the GetMachineName() function is bounded so that the loop terminates when a backslash character is found, the null-termination character (L'\0') is discovered, or the end of the buffer is reached. Or, as coded, the while loop continues as long as each character is neither a backslash nor a null character and is not at the end of the buffer. This code does not result in a buffer overflow even if no backslash character is found in wszMachineName.
| Code Block | ||||
|---|---|---|---|---|
| ||||
HRESULT GetMachineName(
wchar_t *pwszPath,
wchar_t wszMachineName[MAX_COMPUTERNAME_LENGTH_FQDN+1])
{
wchar_t *pwszServerName = wszMachineName;
wchar_t *pwszTemp = pwszPath + 2;
wchar_t *end_addr
= pwszServerName + MAX_COMPUTERNAME_LENGTH_FQDN;
while ((*pwszTemp != L'\\') &&
&& (*pwszTemp != L'\0') &&
&& (pwszServerName < end_addr))
{
*pwszServerName++ = *pwszTemp++;
}
/* ... */
}
|
...