Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

[RTL]

Browse source 
Fix a nasty bug in RtlQueryRegistryValues, that caused memory corruption when the the key name or data had the "wrong" length.

svn path=/trunk/; revision=61624
This commit is contained in:
Timo Kreuzer 2014-01-14 19:41:01 +00:00
parent af7aa8d819
commit 0caf2dda61
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
reactos/lib/rtl/registry.c
View file

@ -211,7 +211,7 @@ RtlpCallQueryRegistryRoutine(IN PRTL_QUERY_REGISTRY_TABLE QueryTable,
/* Check if we have space to copy the data */
RequiredLength = KeyValueInfo->NameLength + sizeof(UNICODE_NULL);
if (SpareLength < RequiredLength)
if ((SpareData > DataEnd) || (SpareLength < RequiredLength))
{
/* Fail and return the missing length */
*InfoSize = (ULONG)(SpareData - (PCHAR)KeyValueInfo) + RequiredLength;