Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-12 23:55:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Allocate a separate name buffer in RtlQueryRegistryValues.

Browse source 
- Fixed a name parameter in a call to the callers supplied query routine.

svn path=/trunk/; revision=5936
This commit is contained in:
Hartmut Birr 2003-08-30 14:49:41 +00:00
parent ee8ef2cacf
commit 72bb12e96c
2 changed files with 76 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
reactos/lib/ntdll/rtl/registry.c
View file

@ -1,4 +1,4 @@
/* $Id: registry.c,v 1.23 2003/08/14 14:52:13 ekohl Exp $ /* $Id: registry.c,v 1.24 2003/08/30 14:47:36 hbirr Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -184,8 +184,10 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
ULONG ResultSize; ULONG ResultSize;
ULONG Index; ULONG Index;
ULONG StringLen; ULONG StringLen;
ULONG ValueNameSize;
PWSTR StringPtr; PWSTR StringPtr;
PWSTR ExpandBuffer; PWSTR ExpandBuffer;
PWSTR ValueName;
UNICODE_STRING EnvValue; UNICODE_STRING EnvValue;
UNICODE_STRING EnvExpandedValue; UNICODE_STRING EnvExpandedValue;
@ -350,7 +352,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
RtlInitUnicodeString(&EnvValue, RtlInitUnicodeString(&EnvValue,
(PWSTR)ValueInfo->Data); (PWSTR)ValueInfo->Data);
EnvExpandedValue.Length = 0; EnvExpandedValue.Length = 0;
EnvExpandedValue.MaximumLength = ValueInfo->DataLength * 2 * sizeof(WCHAR); EnvExpandedValue.MaximumLength = ValueInfo->DataLength * 2;
EnvExpandedValue.Buffer = ExpandBuffer; EnvExpandedValue.Buffer = ExpandBuffer;
*ExpandBuffer = 0; *ExpandBuffer = 0;
@ -484,7 +486,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
&StringLen); &StringLen);
StringLen = (wcslen(ExpandBuffer) + 1) * sizeof(WCHAR); StringLen = (wcslen(ExpandBuffer) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(FullValueInfo->Name, Status = QueryEntry->QueryRoutine(QueryEntry->Name,
REG_SZ, REG_SZ,
(PVOID)ExpandBuffer, (PVOID)ExpandBuffer,
StringLen, StringLen,
@ -537,13 +539,21 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
FullValueInfo = RtlAllocateHeap(RtlGetProcessHeap(), FullValueInfo = RtlAllocateHeap(RtlGetProcessHeap(),
0, 0,
BufferSize); BufferSize);
if (FullValueInfo == NULL) if (FullValueInfo == NULL)
{ {
Status = STATUS_NO_MEMORY; Status = STATUS_NO_MEMORY;
break; break;
} }
ValueNameSize = 256 * sizeof(WCHAR);
Index = 0; ValueName = RtlAllocateHeap(RtlGetProcessHeap(),
0,
ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
Index = 0;
while (TRUE) while (TRUE)
{ {
Status = NtEnumerateValueKey(CurrentKeyHandle, Status = NtEnumerateValueKey(CurrentKeyHandle,
@ -567,6 +577,28 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
break; break;
} }
if (FullValueInfo->NameLength > ValueNameSize - sizeof(WCHAR))
{
/* Should not happen, because the name length is limited to 255 characters */
RtlFreeHeap(RtlGetProcessHeap(),
0,
ValueName);
ValueNameSize = FullValueInfo->NameLength + sizeof(WCHAR);
ValueName = RtlAllocateHeap(RtlGetProcessHeap(),
0,
ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
}
memcpy(ValueName,
FullValueInfo->Name,
FullValueInfo->NameLength);
ValueName[FullValueInfo->NameLength / sizeof(WCHAR)] = 0;
DPRINT("FullValueInfo->Type: %lu\n", FullValueInfo->Type); DPRINT("FullValueInfo->Type: %lu\n", FullValueInfo->Type);
if ((FullValueInfo->Type == REG_MULTI_SZ) && if ((FullValueInfo->Type == REG_MULTI_SZ) &&
!(QueryEntry->Flags & RTL_QUERY_REGISTRY_NOEXPAND)) !(QueryEntry->Flags & RTL_QUERY_REGISTRY_NOEXPAND))
@ -576,7 +608,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
while (*StringPtr != 0) while (*StringPtr != 0)
{ {
StringLen = (wcslen(StringPtr) + 1) * sizeof(WCHAR); StringLen = (wcslen(StringPtr) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(QueryEntry->Name, Status = QueryEntry->QueryRoutine(ValueName,
REG_SZ, REG_SZ,
(PVOID)StringPtr, (PVOID)StringPtr,
StringLen, StringLen,
@ -605,7 +637,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
RtlInitUnicodeString(&EnvValue, RtlInitUnicodeString(&EnvValue,
StringPtr); StringPtr);
EnvExpandedValue.Length = 0; EnvExpandedValue.Length = 0;
EnvExpandedValue.MaximumLength = FullValueInfo->DataLength * 2 * sizeof(WCHAR); EnvExpandedValue.MaximumLength = FullValueInfo->DataLength * 2;
EnvExpandedValue.Buffer = ExpandBuffer; EnvExpandedValue.Buffer = ExpandBuffer;
*ExpandBuffer = 0; *ExpandBuffer = 0;
@ -615,7 +647,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
&StringLen); &StringLen);
StringLen = (wcslen(ExpandBuffer) + 1) * sizeof(WCHAR); StringLen = (wcslen(ExpandBuffer) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(FullValueInfo->Name, Status = QueryEntry->QueryRoutine(ValueName,
REG_SZ, REG_SZ,
(PVOID)ExpandBuffer, (PVOID)ExpandBuffer,
StringLen, StringLen,
@ -628,7 +660,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
} }
else else
{ {
Status = QueryEntry->QueryRoutine(FullValueInfo->Name, Status = QueryEntry->QueryRoutine(ValueName,
FullValueInfo->Type, FullValueInfo->Type,
(PVOID)FullValueInfo + FullValueInfo->DataOffset, (PVOID)FullValueInfo + FullValueInfo->DataOffset,
FullValueInfo->DataLength, FullValueInfo->DataLength,
@ -647,7 +679,9 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
RtlFreeHeap(RtlGetProcessHeap(), RtlFreeHeap(RtlGetProcessHeap(),
0, 0,
FullValueInfo); FullValueInfo);
RtlFreeHeap(RtlGetProcessHeap(),
0,
ValueName);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
break; break;
} }

35
reactos/ntoskrnl/cm/rtlfunc.c
View file

@ -13,7 +13,6 @@
#include <internal/ob.h> #include <internal/ob.h>
#include <limits.h> #include <limits.h>
#include <string.h> #include <string.h>
#include <internal/pool.h>
#include <internal/registry.h> #include <internal/registry.h>
#define NDEBUG #define NDEBUG
@ -157,9 +156,11 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
PKEY_VALUE_FULL_INFORMATION FullValueInfo; PKEY_VALUE_FULL_INFORMATION FullValueInfo;
ULONG BufferSize; ULONG BufferSize;
ULONG ResultSize; ULONG ResultSize;
ULONG ValueNameSize;
ULONG Index; ULONG Index;
ULONG StringLen; ULONG StringLen;
PWSTR StringPtr; PWSTR StringPtr;
PWSTR ValueName;
DPRINT("RtlQueryRegistryValues() called\n"); DPRINT("RtlQueryRegistryValues() called\n");
@ -412,7 +413,14 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
Status = STATUS_NO_MEMORY; Status = STATUS_NO_MEMORY;
break; break;
} }
ValueNameSize = 256 * sizeof(WCHAR);
ValueName = ExAllocatePool(PagedPool,
ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
Index = 0; Index = 0;
while (TRUE) while (TRUE)
{ {
@ -437,6 +445,24 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
break; break;
} }
if (FullValueInfo->NameLength > ValueNameSize - sizeof(WCHAR))
{
/* Should not happen, because the name length is limited to 255 characters */
ExFreePool(ValueName);
ValueNameSize = FullValueInfo->NameLength + sizeof(WCHAR);
ValueName = ExAllocatePool(PagedPool, ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
}
RtlCopyMemory(ValueName,
FullValueInfo->Name,
FullValueInfo->NameLength);
ValueName[FullValueInfo->NameLength / sizeof(WCHAR)] = 0;
if ((FullValueInfo->Type == REG_MULTI_SZ) && if ((FullValueInfo->Type == REG_MULTI_SZ) &&
!(QueryEntry->Flags & RTL_QUERY_REGISTRY_NOEXPAND)) !(QueryEntry->Flags & RTL_QUERY_REGISTRY_NOEXPAND))
{ {
@ -446,7 +472,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
while (*StringPtr != 0) while (*StringPtr != 0)
{ {
StringLen = (wcslen(StringPtr) + 1) * sizeof(WCHAR); StringLen = (wcslen(StringPtr) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(QueryEntry->Name, Status = QueryEntry->QueryRoutine(ValueName,
REG_SZ, REG_SZ,
(PVOID)StringPtr, (PVOID)StringPtr,
StringLen, StringLen,
@ -459,7 +485,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
} }
else else
{ {
Status = QueryEntry->QueryRoutine(FullValueInfo->Name, Status = QueryEntry->QueryRoutine(ValueName,
FullValueInfo->Type, FullValueInfo->Type,
(PVOID)FullValueInfo + FullValueInfo->DataOffset, (PVOID)FullValueInfo + FullValueInfo->DataOffset,
FullValueInfo->DataLength, FullValueInfo->DataLength,
@ -476,6 +502,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
} }
ExFreePool(FullValueInfo); ExFreePool(FullValueInfo);
ExFreePool(ValueName);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
break; break;