mirror of
https://github.com/reactos/reactos.git
synced 2024-06-21 05:21:31 +00:00
[REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602
This commit is contained in:
parent
910822b8f5
commit
1ee9ea4518
|
@ -9,6 +9,7 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <aclapi.h>
|
#include <aclapi.h>
|
||||||
#include <shellapi.h>
|
#include <shellapi.h>
|
||||||
|
#include <strsafe.h>
|
||||||
|
|
||||||
#include "main.h"
|
#include "main.h"
|
||||||
#include "hexedit.h"
|
#include "hexedit.h"
|
||||||
|
|
|
@ -781,7 +781,7 @@ BOOL SelectNode(HWND hwndTV, LPCWSTR keyPath)
|
||||||
|
|
||||||
/* Load "My Computer" string... */
|
/* Load "My Computer" string... */
|
||||||
LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, ARRAY_SIZE(szBuffer));
|
LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, ARRAY_SIZE(szBuffer));
|
||||||
wcscat(szBuffer, L"\\");
|
StringCbCatW(szBuffer, sizeof(szBuffer), L"\\");
|
||||||
|
|
||||||
/* ... and remove it from the key path */
|
/* ... and remove it from the key path */
|
||||||
if (!_wcsnicmp(keyPath, szBuffer, wcslen(szBuffer)))
|
if (!_wcsnicmp(keyPath, szBuffer, wcslen(szBuffer)))
|
||||||
|
@ -795,24 +795,33 @@ BOOL SelectNode(HWND hwndTV, LPCWSTR keyPath)
|
||||||
|
|
||||||
while(keyPath[0])
|
while(keyPath[0])
|
||||||
{
|
{
|
||||||
|
size_t copyLength;
|
||||||
s = wcschr(keyPath, L'\\');
|
s = wcschr(keyPath, L'\\');
|
||||||
lstrcpynW(szPathPart, keyPath, s ? s - keyPath + 1 : wcslen(keyPath) + 1);
|
if (s != NULL)
|
||||||
|
{
|
||||||
|
copyLength = (s - keyPath) * sizeof(WCHAR);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
copyLength = sizeof(szPathPart);
|
||||||
|
}
|
||||||
|
StringCbCopyNW(szPathPart, sizeof(szPathPart), keyPath, copyLength);
|
||||||
|
|
||||||
/* Special case for root to expand root key abbreviations */
|
/* Special case for root to expand root key abbreviations */
|
||||||
if (hItem == hRoot)
|
if (hItem == hRoot)
|
||||||
{
|
{
|
||||||
if (!_wcsicmp(szPathPart, L"HKCR"))
|
if (!_wcsicmp(szPathPart, L"HKCR"))
|
||||||
wcscpy(szPathPart, L"HKEY_CLASSES_ROOT");
|
StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_CLASSES_ROOT");
|
||||||
else if (!_wcsicmp(szPathPart, L"HKCU"))
|
else if (!_wcsicmp(szPathPart, L"HKCU"))
|
||||||
wcscpy(szPathPart, L"HKEY_CURRENT_USER");
|
StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_CURRENT_USER");
|
||||||
else if (!_wcsicmp(szPathPart, L"HKLM"))
|
else if (!_wcsicmp(szPathPart, L"HKLM"))
|
||||||
wcscpy(szPathPart, L"HKEY_LOCAL_MACHINE");
|
StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_LOCAL_MACHINE");
|
||||||
else if (!_wcsicmp(szPathPart, L"HKU"))
|
else if (!_wcsicmp(szPathPart, L"HKU"))
|
||||||
wcscpy(szPathPart, L"HKEY_USERS");
|
StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_USERS");
|
||||||
else if (!_wcsicmp(szPathPart, L"HKCC"))
|
else if (!_wcsicmp(szPathPart, L"HKCC"))
|
||||||
wcscpy(szPathPart, L"HKEY_CURRENT_CONFIG");
|
StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_CURRENT_CONFIG");
|
||||||
else if (!_wcsicmp(szPathPart, L"HKDD"))
|
else if (!_wcsicmp(szPathPart, L"HKDD"))
|
||||||
wcscpy(szPathPart, L"HKEY_DYN_DATA");
|
StringCbCopyW(szPathPart, sizeof(szPathPart), L"HKEY_DYN_DATA");
|
||||||
}
|
}
|
||||||
|
|
||||||
for (hChildItem = TreeView_GetChild(hwndTV, hItem); hChildItem;
|
for (hChildItem = TreeView_GetChild(hwndTV, hItem); hChildItem;
|
||||||
|
|
Loading…
Reference in a new issue