From: Huw Davies <huw@codeweavers.com>
Subject: Re: rpcrt4: Avoid potential overflow in rpcrt4_protseq_ncacn_np_open_endpoint.
Message-Id: <20170123085247.GA3239@merlot.physics.ox.ac.uk>
Date: Mon, 23 Jan 2017 08:52:47 +0000
In-Reply-To: <E1cVLpV-0004yY-6Q@winehq.org>
References: <E1cVLpV-0004yY-6Q@winehq.org>

On Sat, Jan 21, 2017 at 04:32:22PM +0100, Gerald Pfeifer wrote:
> Signed-off-by: Gerald Pfeifer <gerald@pfeifer.com>
> ---
>  dlls/rpcrt4/rpc_transport.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/dlls/rpcrt4/rpc_transport.c b/dlls/rpcrt4/rpc_transport.c
> index 2537a3fd03..fb3edb49b0 100644
> --- a/dlls/rpcrt4/rpc_transport.c
> +++ b/dlls/rpcrt4/rpc_transport.c
> @@ -346,7 +346,7 @@ static RPC_STATUS rpcrt4_protseq_ncacn_np_open_endpoint(RpcServerProtseq *protse
>    RPC_STATUS r;
>    LPSTR pname;
>    RpcConnection *Connection;
> -  char generated_endpoint[21];
> +  char generated_endpoint[26];
>  
>    if (!endpoint)
>    {
> -- 

Signed-off-by: Huw Davies <huw@codeweavers.com>

Of course it might make sense to change the format string to
"\\\\pipe\\\\%08x.%08x" in order to match
rpcrt4_protseq_ncalrpc_open_endpoint().

Huw.