From: Nikolay Sivov <nsivov@codeweavers.com>
Subject: [PATCH] crypt32: Fix key name null termination (Coverity)
Message-Id: <1448281746-17975-1-git-send-email-nsivov@codeweavers.com>
Date: Mon, 23 Nov 2015 15:29:06 +0300

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
---
 dlls/crypt32/str.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c
index 7b52731..0a41e75 100644
--- a/dlls/crypt32/str.c
+++ b/dlls/crypt32/str.c
@@ -769,7 +769,7 @@ struct KeynameKeeper
 {
     WCHAR  buf[10]; /* big enough for L"GivenName" */
     LPWSTR keyName; /* usually = buf, but may be allocated */
-    DWORD  keyLen;
+    DWORD  keyLen;  /* full available buffer size in WCHARs */
 };
 
 static void CRYPT_InitializeKeynameKeeper(struct KeynameKeeper *keeper)
@@ -795,17 +795,15 @@ static void CRYPT_KeynameKeeperFromTokenW(struct KeynameKeeper *keeper,
 {
     DWORD len = key->end - key->start;
 
-    if (len > keeper->keyLen)
+    if (len >= keeper->keyLen)
     {
+        keeper->keyLen = len + 1;
         if (keeper->keyName == keeper->buf)
-            keeper->keyName = CryptMemAlloc(len * sizeof(WCHAR));
+            keeper->keyName = CryptMemAlloc(keeper->keyLen * sizeof(WCHAR));
         else
-            keeper->keyName = CryptMemRealloc(keeper->keyName,
-             len * sizeof(WCHAR));
-        keeper->keyLen = len;
+            keeper->keyName = CryptMemRealloc(keeper->keyName, keeper->keyLen * sizeof(WCHAR));
     }
-    memcpy(keeper->keyName, key->start, (key->end - key->start) *
-     sizeof(WCHAR));
+    memcpy(keeper->keyName, key->start, len * sizeof(WCHAR));
     keeper->keyName[len] = '\0';
     TRACE("Keyname is %s\n", debugstr_w(keeper->keyName));
 }

-- 
2.6.2