Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-21 05:21:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602

Browse source
This commit is contained in:
Thomas Faber 2023-01-19 20:34:46 -05:00
parent 910822b8f5
commit 1ee9ea4518
No known key found for this signature in database
GPG key ID: 076E7C3D44720826
2 changed files with 18 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
base/applications/regedit/regedit.h
View file

@ -9,6 +9,7 @@
#include <stdio.h> #include <stdio.h>
#include <aclapi.h> #include <aclapi.h>
#include <shellapi.h> #include <shellapi.h>
#include <strsafe.h>
#include "main.h" #include "main.h"
#include "hexedit.h" #include "hexedit.h"

25
base/applications/regedit/treeview.c
View file

@ -781,7 +781,7 @@ BOOL SelectNode(HWND hwndTV, LPCWSTR keyPath)
/* Load "My Computer" string... */ /* Load "My Computer" string... */
LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, ARRAY_SIZE(szBuffer)); LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, ARRAY_SIZE(szBuffer));
wcscat(szBuffer, L"\\"); StringCbCatW(szBuffer, sizeof(szBuffer), L"\\");
/* ... and remove it from the key path */ /* ... and remove it from the key path */
if (!_wcsnicmp(keyPath, szBuffer, wcslen(szBuffer))) if (!_wcsnicmp(keyPath, szBuffer, wcslen(szBuffer)))
@ -795,24 +795,33 @@ BOOL SelectNode(HWND hwndTV, LPCWSTR keyPath)
while(keyPath[0]) while(keyPath[0])
{ {
size_t copyLength;
s = wcschr(keyPath, L'\\'); s = wcschr(keyPath, L'\\');
lstrcpynW(szPathPart, keyPath, s ? s - keyPath + 1 : wcslen(keyPath) + 1); if (s != NULL)
{
copyLength = (s - keyPath) * sizeof(WCHAR);
}
else
{
copyLength = sizeof(szPathPart);
}
StringCbCopyNW(szPathPart, sizeof(szPathPart), keyPath, copyLength);
/* Special case for root to expand root key abbreviations */ /* Special case for root to expand root key abbreviations */
if (hItem == hRoot) if (hItem == hRoot)
{ {
if (!_wcsicmp(szPathPart, L"HKCR")) if (!_wcsicmp(szPathPart, L"HKCR"))
wcscpy(szPathPart, L"HKEY_CLASSES_ROOT"); StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_CLASSES_ROOT");
else if (!_wcsicmp(szPathPart, L"HKCU")) else if (!_wcsicmp(szPathPart, L"HKCU"))
wcscpy(szPathPart, L"HKEY_CURRENT_USER"); StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_CURRENT_USER");
else if (!_wcsicmp(szPathPart, L"HKLM")) else if (!_wcsicmp(szPathPart, L"HKLM"))
wcscpy(szPathPart, L"HKEY_LOCAL_MACHINE"); StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_LOCAL_MACHINE");
else if (!_wcsicmp(szPathPart, L"HKU")) else if (!_wcsicmp(szPathPart, L"HKU"))
wcscpy(szPathPart, L"HKEY_USERS"); StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_USERS");
else if (!_wcsicmp(szPathPart, L"HKCC")) else if (!_wcsicmp(szPathPart, L"HKCC"))
wcscpy(szPathPart, L"HKEY_CURRENT_CONFIG"); StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_CURRENT_CONFIG");
else if (!_wcsicmp(szPathPart, L"HKDD")) else if (!_wcsicmp(szPathPart, L"HKDD"))
wcscpy(szPathPart, L"HKEY_DYN_DATA"); StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_DYN_DATA");
} }
for (hChildItem = TreeView_GetChild(hwndTV, hItem); hChildItem; for (hChildItem = TreeView_GetChild(hwndTV, hItem); hChildItem;