Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

- Allocate a separate name buffer in RtlQueryRegistryValues.

Browse source 
- Fixed a name parameter in a call to the callers supplied query routine.

svn path=/trunk/; revision=5936
This commit is contained in:
Hartmut Birr 2003-08-30 14:49:41 +00:00
parent ee8ef2cacf
commit 72bb12e96c
2 changed files with 76 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
reactos/lib/ntdll/rtl/registry.c
View file

@ -1,4 +1,4 @@
/* $Id: registry.c,v 1.23 2003/08/14 14:52:13 ekohl Exp $
/* $Id: registry.c,v 1.24 2003/08/30 14:47:36 hbirr Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -184,8 +184,10 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
ULONG ResultSize;
ULONG Index;
ULONG StringLen;
ULONG ValueNameSize;
PWSTR StringPtr;
PWSTR ExpandBuffer;
PWSTR ValueName;
UNICODE_STRING EnvValue;
UNICODE_STRING EnvExpandedValue;
@ -350,7 +352,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
RtlInitUnicodeString(&EnvValue,
(PWSTR)ValueInfo->Data);
EnvExpandedValue.Length = 0;
EnvExpandedValue.MaximumLength = ValueInfo->DataLength * 2 * sizeof(WCHAR);
EnvExpandedValue.MaximumLength = ValueInfo->DataLength * 2;
EnvExpandedValue.Buffer = ExpandBuffer;
*ExpandBuffer = 0;
@ -484,7 +486,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
&StringLen);
StringLen = (wcslen(ExpandBuffer) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(FullValueInfo->Name,
Status = QueryEntry->QueryRoutine(QueryEntry->Name,
REG_SZ,
(PVOID)ExpandBuffer,
StringLen,
@ -542,7 +544,15 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
Status = STATUS_NO_MEMORY;
break;
}
ValueNameSize = 256 * sizeof(WCHAR);
ValueName = RtlAllocateHeap(RtlGetProcessHeap(),
0,
ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
Index = 0;
while (TRUE)
{
@ -567,6 +577,28 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
break;
}
if (FullValueInfo->NameLength > ValueNameSize - sizeof(WCHAR))
{
/* Should not happen, because the name length is limited to 255 characters */
RtlFreeHeap(RtlGetProcessHeap(),
0,
ValueName);
ValueNameSize = FullValueInfo->NameLength + sizeof(WCHAR);
ValueName = RtlAllocateHeap(RtlGetProcessHeap(),
0,
ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
}
memcpy(ValueName,
FullValueInfo->Name,
FullValueInfo->NameLength);
ValueName[FullValueInfo->NameLength / sizeof(WCHAR)] = 0;
DPRINT("FullValueInfo->Type: %lu\n", FullValueInfo->Type);
if ((FullValueInfo->Type == REG_MULTI_SZ) &&
!(QueryEntry->Flags & RTL_QUERY_REGISTRY_NOEXPAND))
@ -576,7 +608,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
while (*StringPtr != 0)
{
StringLen = (wcslen(StringPtr) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(QueryEntry->Name,
Status = QueryEntry->QueryRoutine(ValueName,
REG_SZ,
(PVOID)StringPtr,
StringLen,
@ -605,7 +637,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
RtlInitUnicodeString(&EnvValue,
StringPtr);
EnvExpandedValue.Length = 0;
EnvExpandedValue.MaximumLength = FullValueInfo->DataLength * 2 * sizeof(WCHAR);
EnvExpandedValue.MaximumLength = FullValueInfo->DataLength * 2;
EnvExpandedValue.Buffer = ExpandBuffer;
*ExpandBuffer = 0;
@ -615,7 +647,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
&StringLen);
StringLen = (wcslen(ExpandBuffer) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(FullValueInfo->Name,
Status = QueryEntry->QueryRoutine(ValueName,
REG_SZ,
(PVOID)ExpandBuffer,
StringLen,
@ -628,7 +660,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
}
else
{
Status = QueryEntry->QueryRoutine(FullValueInfo->Name,
Status = QueryEntry->QueryRoutine(ValueName,
FullValueInfo->Type,
(PVOID)FullValueInfo + FullValueInfo->DataOffset,
FullValueInfo->DataLength,
@ -647,7 +679,9 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
RtlFreeHeap(RtlGetProcessHeap(),
0,
FullValueInfo);
RtlFreeHeap(RtlGetProcessHeap(),
0,
ValueName);
if (!NT_SUCCESS(Status))
break;
}

35
reactos/ntoskrnl/cm/rtlfunc.c
View file

@ -13,7 +13,6 @@
#include <internal/ob.h>
#include <limits.h>
#include <string.h>
#include <internal/pool.h>
#include <internal/registry.h>
#define NDEBUG
@ -157,9 +156,11 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
PKEY_VALUE_FULL_INFORMATION FullValueInfo;
ULONG BufferSize;
ULONG ResultSize;
ULONG ValueNameSize;
ULONG Index;
ULONG StringLen;
PWSTR StringPtr;
PWSTR ValueName;
DPRINT("RtlQueryRegistryValues() called\n");
@ -412,7 +413,14 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
Status = STATUS_NO_MEMORY;
break;
}
ValueNameSize = 256 * sizeof(WCHAR);
ValueName = ExAllocatePool(PagedPool,
ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
Index = 0;
while (TRUE)
{
@ -437,6 +445,24 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
break;
}
if (FullValueInfo->NameLength > ValueNameSize - sizeof(WCHAR))
{
/* Should not happen, because the name length is limited to 255 characters */
ExFreePool(ValueName);
ValueNameSize = FullValueInfo->NameLength + sizeof(WCHAR);
ValueName = ExAllocatePool(PagedPool, ValueNameSize);
if (ValueName == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
}
RtlCopyMemory(ValueName,
FullValueInfo->Name,
FullValueInfo->NameLength);
ValueName[FullValueInfo->NameLength / sizeof(WCHAR)] = 0;
if ((FullValueInfo->Type == REG_MULTI_SZ) &&
!(QueryEntry->Flags & RTL_QUERY_REGISTRY_NOEXPAND))
{
@ -446,7 +472,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
while (*StringPtr != 0)
{
StringLen = (wcslen(StringPtr) + 1) * sizeof(WCHAR);
Status = QueryEntry->QueryRoutine(QueryEntry->Name,
Status = QueryEntry->QueryRoutine(ValueName,
REG_SZ,
(PVOID)StringPtr,
StringLen,
@ -459,7 +485,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
}
else
{
Status = QueryEntry->QueryRoutine(FullValueInfo->Name,
Status = QueryEntry->QueryRoutine(ValueName,
FullValueInfo->Type,
(PVOID)FullValueInfo + FullValueInfo->DataOffset,
FullValueInfo->DataLength,
@ -476,6 +502,7 @@ RtlQueryRegistryValues(IN ULONG RelativeTo,
}
ExFreePool(FullValueInfo);
ExFreePool(ValueName);
if (!NT_SUCCESS(Status))
break;