Buffer overflow or false positive?_问答_开发者

开发者 https://www.devze.com 2023-03-27 09:55 出处：网络

getmodulefilenamew function produces false positive (buffer overflow) as it accepts second argument as buffer - of fixed size in our case.

But looking through its documentation: http://msdn.microsoft.com/en-us/library/ms683197%28v=vs.85%29.aspx

Quote: If the buffer is too small to hold the module name, the string is truncated to nSize characters including the terminating null character, the function returns nSize, and the function sets the last error to ERROR_INSUFFICIENT_BUFFER.

Can somebody as trusted third party person confirm or reject t开发者_运维知识库his issue as false positive. Thanks for your help!

===

HMODULE applicationModule = GetModuleHandleW(NULL);
WCHAR processName[MAX_PATH];
memset(processName, 0, sizeof(processName));
GetModuleFileNameW(applicationModule, processName, sizeof(processName));

===

The problem is line with GetModuleFileNameW function

Scan was provided by Veracode static analyzer.

Your problem is that you are passing an incorrect value for nSize. You are passing the number of bytes but you should be passing the number of characters, MAX_PATH. These values differ because a wide character has a size of 2 bytes.

So, yes there is an error in your code. If the module name is sufficiently long, Windows will attempt to write up to 520 characters to a buffer that only has room for 260.