From 552e8c13bbb8ed614e4589554e82132665a0ef10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Sat, 30 Sep 2017 22:12:21 +0000 Subject: [PATCH] [CMD]: Improve ExecuteAutoRunFile() with validity checks. svn path=/trunk/; revision=76010 --- reactos/base/shell/cmd/cmd.c | 45 ++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/reactos/base/shell/cmd/cmd.c b/reactos/base/shell/cmd/cmd.c index 0ca949451be..13e33914003 100644 --- a/reactos/base/shell/cmd/cmd.c +++ b/reactos/base/shell/cmd/cmd.c @@ -1538,12 +1538,12 @@ LoadRegistrySettings(HKEY hKeyRoot) { LONG lRet; HKEY hKey; + DWORD dwType, len; /* * Buffer big enough to hold the string L"4294967295", * corresponding to the literal 0xFFFFFFFF (MAX_ULONG) in decimal. */ DWORD Buffer[6]; - DWORD dwType, len; lRet = RegOpenKeyEx(hKeyRoot, _T("Software\\Microsoft\\Command Processor"), @@ -1685,28 +1685,33 @@ LoadRegistrySettings(HKEY hKeyRoot) static VOID ExecuteAutoRunFile(HKEY hKeyRoot) { - TCHAR autorun[2048]; - DWORD len = sizeof autorun; - HKEY hkey; + LONG lRet; + HKEY hKey; + DWORD dwType, len; + TCHAR AutoRun[2048]; - if (RegOpenKeyEx(hKeyRoot, - _T("SOFTWARE\\Microsoft\\Command Processor"), - 0, - KEY_READ, - &hkey) == ERROR_SUCCESS) - { - if (RegQueryValueEx(hkey, + lRet = RegOpenKeyEx(hKeyRoot, + _T("Software\\Microsoft\\Command Processor"), + 0, + KEY_QUERY_VALUE, + &hKey); + if (lRet != ERROR_SUCCESS) + return; + + len = sizeof(AutoRun); + lRet = RegQueryValueEx(hKey, _T("AutoRun"), - 0, - 0, - (LPBYTE)autorun, - &len) == ERROR_SUCCESS) - { - if (*autorun) - ParseCommandLine(autorun); - } - RegCloseKey(hkey); + NULL, + &dwType, + (LPBYTE)&AutoRun, + &len); + if ((lRet == ERROR_SUCCESS) && (dwType == REG_EXPAND_SZ || dwType == REG_SZ)) + { + if (*AutoRun) + ParseCommandLine(AutoRun); } + + RegCloseKey(hKey); } /* Get the command that comes after a /C or /K switch */