From 18c654d60a4650c389ffc80274544f3f07469490 Mon Sep 17 00:00:00 2001
From: Aleksey Bragin <aleksey@reactos.org>
Date: Sat, 16 May 2009 08:41:26 +0000
Subject: [PATCH] - Fix obvious bugs in the code (e.g. freeing a
 stack-allocated pointer). - Rewrite the code to be more readable. - Enlarge
 static buffer for SearchPathBuffer to be at least 5*MAX_PATH to prevent
 possible overflowing for now. In the meanwhile, Dmitry is rewriting this part
 of code to dynamically allocate the memory without the need for a temporary
 static storage.

svn path=/trunk/; revision=40936
---
 reactos/dll/ntdll/ldr/utils.c | 84 +++++++++++++++++------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/reactos/dll/ntdll/ldr/utils.c b/reactos/dll/ntdll/ldr/utils.c
index af9e55bf9eb..45cde8a0d7d 100644
--- a/reactos/dll/ntdll/ldr/utils.c
+++ b/reactos/dll/ntdll/ldr/utils.c
@@ -185,19 +185,21 @@ LdrpQueryAppPaths(IN PCWSTR ImageName)
 {
     PKEY_VALUE_PARTIAL_INFORMATION KeyInfo;
     OBJECT_ATTRIBUTES ObjectAttributes;
-    WCHAR SearchPathBuffer[MAX_PATH];
+    WCHAR SearchPathBuffer[5*MAX_PATH];
     UNICODE_STRING ValueNameString;
     UNICODE_STRING KeyName;
-    WCHAR NameBuffer[256];
+    WCHAR NameBuffer[MAX_PATH];
     ULONG KeyInfoSize;
     ULONG ResultSize;
-    ULONG len;
+    PWCHAR Backslash;
     HANDLE KeyHandle;
     NTSTATUS Status;
     PWSTR Path = NULL;
 
-    swprintf(NameBuffer,
-             L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\%s", ImageName);
+    _snwprintf(NameBuffer,
+              sizeof(NameBuffer) / sizeof(WCHAR),
+              L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\%s",
+              ImageName);
 
     RtlInitUnicodeString(&KeyName, NameBuffer);
 
@@ -236,49 +238,47 @@ LdrpQueryAppPaths(IN PCWSTR ImageName)
                              KeyInfoSize,
                              &ResultSize);
 
-    if (NT_SUCCESS(Status))
-    {
-        RtlCopyMemory(SearchPathBuffer,
-                      &KeyInfo->Data,
-                      KeyInfo->DataLength);
+    if (!NT_SUCCESS(Status))
+        return NULL;
 
-        /* get application running path */
-        wcscat(SearchPathBuffer, L";");
-        wcscat (SearchPathBuffer, NtCurrentPeb()->ProcessParameters->ImagePathName.Buffer);
-
-        len = wcslen (SearchPathBuffer);
-
-        while (len && SearchPathBuffer[len - 1] != L'\\')
-            len--;
-
-        if (len) SearchPathBuffer[len-1] = L'\0';
-
-        wcscat (SearchPathBuffer, L";");
-
-        wcscat (SearchPathBuffer, SharedUserData->NtSystemRoot);
-        wcscat (SearchPathBuffer, L"\\system32;");
-        wcscat (SearchPathBuffer, SharedUserData->NtSystemRoot);
-        wcscat (SearchPathBuffer, L";.");
-
-        Path = RtlAllocateHeap(RtlGetProcessHeap(),
-                               0,
-                               wcslen(SearchPathBuffer) * sizeof(WCHAR));
-
-        if (Path == NULL)
-        {
-            DPRINT("RtlAllocateHeap() failed\n");
-            RtlFreeHeap(RtlGetProcessHeap(), 0, KeyInfo);
-            NtClose(KeyHandle);
-            return NULL;
-        }
-
-        Path = SearchPathBuffer;
-    }
+    RtlCopyMemory(SearchPathBuffer,
+                  &KeyInfo->Data,
+                  KeyInfo->DataLength);
 
+    /* Free KeyInfo memory, we won't need it anymore */
     RtlFreeHeap(RtlGetProcessHeap(), 0, KeyInfo);
 
+    /* Close the key handle */
     NtClose(KeyHandle);
 
+    /* get application running path */
+    wcscat(SearchPathBuffer, L";");
+    wcscat(SearchPathBuffer, NtCurrentPeb()->ProcessParameters->ImagePathName.Buffer); // FIXME: Don't rely on it being NULL-terminated!!!
+
+    /* Remove trailing backslash */
+    Backslash = wcsrchr(SearchPathBuffer, L'\\');
+    if (Backslash) Backslash = L'\0';
+
+    wcscat(SearchPathBuffer, L";");
+
+    wcscat(SearchPathBuffer, SharedUserData->NtSystemRoot);
+    wcscat(SearchPathBuffer, L"\\system32;");
+    wcscat(SearchPathBuffer, SharedUserData->NtSystemRoot);
+    wcscat(SearchPathBuffer, L";.");
+
+    /* Copy it to the heap allocd memory */
+    Path = RtlAllocateHeap(RtlGetProcessHeap(),
+                           0,
+                           wcslen(SearchPathBuffer) * sizeof(WCHAR));
+
+    if (!Path)
+    {
+        DPRINT1("RtlAllocateHeap() failed\n");
+        return NULL;
+    }
+
+    wcscpy(Path, SearchPathBuffer);
+
     return Path;
 }