Do not forget about security

This commit is contained in:
binarymaster 2014-12-09 02:00:43 +03:00
parent e3ce360ec9
commit e2968a43de

View File

@ -370,6 +370,8 @@ bool INI_FILE::GetVariableInSection(char *SectionName, char *VariableName, INI_V
DWORD ValueLen = strlen(Variable.VariableValue); DWORD ValueLen = strlen(Variable.VariableValue);
if((ValueLen % 2) != 0) return false; if((ValueLen % 2) != 0) return false;
// for security reasons not more than 16 bytes
if (ValueLen > 32) ValueLen = 32; // 32 hex digits
memset(RetVariable, 0x00, sizeof(*RetVariable)); memset(RetVariable, 0x00, sizeof(*RetVariable));
memcpy(RetVariable->Name, Variable.VariableName, ValueLen); memcpy(RetVariable->Name, Variable.VariableName, ValueLen);