Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-05 05:01:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

[REGEDIT] Fix possible buffer overflow

Browse source
This commit is contained in:
Mark Jansen 2022-08-27 14:45:42 +02:00
parent 976d48baeb
commit c8f4e4de62
No known key found for this signature in database
GPG key ID: B39240EE84BEAE8B
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
base/applications/regedit/find.c
View file

@ -32,7 +32,7 @@ static BOOL s_bAbort;
static DWORD s_dwFlags;
static WCHAR s_szName[MAX_PATH];
static DWORD s_cbName;
static DWORD s_cchName;
static const WCHAR s_empty[] = L"";
static const WCHAR s_backslash[] = L"\\";
@ -174,8 +174,8 @@ BOOL RegFindRecurse(
if (DoEvents())
goto err;
s_cbName = MAX_PATH * sizeof(WCHAR);
lResult = RegEnumValueW(hSubKey, i, s_szName, &s_cbName, NULL, NULL,
s_cchName = _countof(s_szName);
lResult = RegEnumValueW(hSubKey, i, s_szName, &s_cchName, NULL, NULL,
NULL, &cb);
if (lResult == ERROR_NO_MORE_ITEMS)
{
@ -184,7 +184,7 @@ BOOL RegFindRecurse(
}
if (lResult != ERROR_SUCCESS)
goto err;
if (s_cbName >= MAX_PATH * sizeof(WCHAR))
if (s_cchName >= _countof(s_szName))
continue;
ppszNames[i] = _wcsdup(s_szName);
@ -267,8 +267,8 @@ BOOL RegFindRecurse(
if (DoEvents())
goto err;
s_cbName = MAX_PATH * sizeof(WCHAR);
lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cbName, NULL, NULL,
s_cchName = _countof(s_szName);
lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cchName, NULL, NULL,
NULL, NULL);
if (lResult == ERROR_NO_MORE_ITEMS)
{
@ -277,7 +277,7 @@ BOOL RegFindRecurse(
}
if (lResult != ERROR_SUCCESS)
goto err;
if (s_cbName >= MAX_PATH * sizeof(WCHAR))
if (s_cchName >= _countof(s_szName))
continue;
ppszNames[i] = _wcsdup(s_szName);
@ -416,8 +416,8 @@ BOOL RegFindWalk(
if (DoEvents())
goto err;
s_cbName = MAX_PATH * sizeof(WCHAR);
lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cbName,
s_cchName = _countof(s_szName);
lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cchName,
NULL, NULL, NULL, NULL);
if (lResult == ERROR_NO_MORE_ITEMS)
{