Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-02 02:34:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CMD]: Improve ExecuteAutoRunFile() with validity checks.

Browse source 
svn path=/trunk/; revision=76010
This commit is contained in:
Hermès Bélusca-Maïto 2017-09-30 22:12:21 +00:00
parent 11f7d225c8
commit 552e8c13bb
1 changed files with 25 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
reactos/base/shell/cmd/cmd.c
View file

@ -1538,12 +1538,12 @@ LoadRegistrySettings(HKEY hKeyRoot)
{ {
LONG lRet; LONG lRet;
HKEY hKey; HKEY hKey;
DWORD dwType, len;
/* /*
* Buffer big enough to hold the string L"4294967295", * Buffer big enough to hold the string L"4294967295",
* corresponding to the literal 0xFFFFFFFF (MAX_ULONG) in decimal. * corresponding to the literal 0xFFFFFFFF (MAX_ULONG) in decimal.
*/ */
DWORD Buffer[6]; DWORD Buffer[6];
DWORD dwType, len;
lRet = RegOpenKeyEx(hKeyRoot, lRet = RegOpenKeyEx(hKeyRoot,
_T("Software\\Microsoft\\Command Processor"), _T("Software\\Microsoft\\Command Processor"),
@ -1685,28 +1685,33 @@ LoadRegistrySettings(HKEY hKeyRoot)
static VOID static VOID
ExecuteAutoRunFile(HKEY hKeyRoot) ExecuteAutoRunFile(HKEY hKeyRoot)
{ {
TCHAR autorun[2048]; LONG lRet;
DWORD len = sizeof autorun; HKEY hKey;
HKEY hkey; DWORD dwType, len;
TCHAR AutoRun[2048];
if (RegOpenKeyEx(hKeyRoot, lRet = RegOpenKeyEx(hKeyRoot,
_T("SOFTWARE\\Microsoft\\Command Processor"), _T("Software\\Microsoft\\Command Processor"),
0, 0,
KEY_READ, KEY_QUERY_VALUE,
&hkey) == ERROR_SUCCESS) &hKey);
{ if (lRet != ERROR_SUCCESS)
if (RegQueryValueEx(hkey, return;
len = sizeof(AutoRun);
lRet = RegQueryValueEx(hKey,
_T("AutoRun"), _T("AutoRun"),
0, NULL,
0, &dwType,
(LPBYTE)autorun, (LPBYTE)&AutoRun,
&len) == ERROR_SUCCESS) &len);
if ((lRet == ERROR_SUCCESS) && (dwType == REG_EXPAND_SZ || dwType == REG_SZ))
{ {
if (*autorun) if (*AutoRun)
ParseCommandLine(autorun); ParseCommandLine(AutoRun);
}
RegCloseKey(hkey);
} }
RegCloseKey(hKey);
} }
/* Get the command that comes after a /C or /K switch */ /* Get the command that comes after a /C or /K switch */