Fix heap corruption (malloc buffer overrun)

Detected by the debug C runtime (when using --enable-dbgutil) when running a unit test.
author: Tor Lillqvist <tlillqvist@novell.com> 2011-08-16 10:18:09 +0300
committer: Tor Lillqvist <tlillqvist@novell.com> 2011-08-16 10:21:09 +0300
commit: ff7ee4a7fbc85b3bdd36bb18598b013204ab9b3a (patch)
tree: 4f706412bf568595768c6b98d6972e626eb43fcd /sal
parent: 247d3ff1421967f523b575f20e31bc8e8bdf5bc6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/sal/osl/w32/security.c b/sal/osl/w32/security.c
index 56ca5623a08a..053d39f446c1 100644
--- a/sal/osl/w32/security.c
+++ b/sal/osl/w32/security.c
@@ -164,8 +164,8 @@ oslSecurityError SAL_CALL osl_loginUserOnFileServer(rtl_uString *strUserName,
     sal_Unicode*                remoteName;
     sal_Unicode*                userName;
 
-    remoteName  = malloc(rtl_uString_getLength(strFileServer) + rtl_uString_getLength(strUserName) + 4);
-    userName    = malloc(rtl_uString_getLength(strFileServer) + rtl_uString_getLength(strUserName) + 2);
+    remoteName  = malloc((rtl_uString_getLength(strFileServer) + rtl_uString_getLength(strUserName) + 4) * sizeof(sal_Unicode));
+    userName    = malloc((rtl_uString_getLength(strFileServer) + rtl_uString_getLength(strUserName) + 2) * sizeof(sal_Unicode));
 
     wcscpy(remoteName, L"\\\\");
     wcscat(remoteName, rtl_uString_getStr(strFileServer));
author	Tor Lillqvist <tlillqvist@novell.com>	2011-08-16 10:18:09 +0300
committer	Tor Lillqvist <tlillqvist@novell.com>	2011-08-16 10:21:09 +0300
commit	ff7ee4a7fbc85b3bdd36bb18598b013204ab9b3a (patch)
tree	4f706412bf568595768c6b98d6972e626eb43fcd /sal
parent	247d3ff1421967f523b575f20e31bc8e8bdf5bc6 (diff)