From dff2d51166dc40399ebce6f47ad712a76192c6c3 Mon Sep 17 00:00:00 2001 From: Aleksey Bragin Date: Mon, 11 Oct 2010 07:47:52 +0000 Subject: [PATCH] [ADVAPI32] - Katayama Hirofumi: Use DataLength field in RegEnumValueW instead of DataOffset. - Roel Messiant: Test behaviour in Vista and apply same fix to RegEnumValueA. See issue #2492 for more details. svn path=/trunk/; revision=49110 --- reactos/dll/win32/advapi32/reg/reg.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/reactos/dll/win32/advapi32/reg/reg.c b/reactos/dll/win32/advapi32/reg/reg.c index b6968d57ce2..c6af98b5b4f 100644 --- a/reactos/dll/win32/advapi32/reg/reg.c +++ b/reactos/dll/win32/advapi32/reg/reg.c @@ -2793,14 +2793,14 @@ RegEnumValueA(HKEY hKey, status = NtEnumerateValueKey( KeyHandle, index, KeyValueFullInformation, buffer, total_size, &total_size ); - if (status && status != STATUS_BUFFER_OVERFLOW) goto done; + if (status && (status != STATUS_BUFFER_OVERFLOW) && (status != STATUS_BUFFER_TOO_SMALL)) goto done; /* we need to fetch the contents for a string type even if not requested, * because we need to compute the length of the ASCII string. */ if (value || data || is_string(info->Type)) { /* retry with a dynamically allocated buffer */ - while (status == STATUS_BUFFER_OVERFLOW) + while ((status == STATUS_BUFFER_OVERFLOW) || (status == STATUS_BUFFER_TOO_SMALL)) { if (buf_ptr != buffer) HeapFree( GetProcessHeap(), 0, buf_ptr ); if (!(buf_ptr = HeapAlloc( GetProcessHeap(), 0, total_size ))) @@ -2819,14 +2819,14 @@ RegEnumValueA(HKEY hKey, { ULONG len; RtlUnicodeToMultiByteSize( &len, (WCHAR *)(buf_ptr + info->DataOffset), - total_size - info->DataOffset ); + info->DataLength ); if (data && len) { if (len > *count) status = STATUS_BUFFER_OVERFLOW; else { RtlUnicodeToMultiByteN( (PCHAR)data, len, NULL, (WCHAR *)(buf_ptr + info->DataOffset), - total_size - info->DataOffset ); + info->DataLength ); /* if the type is REG_SZ and data is not 0-terminated * and there is enough space in the buffer NT appends a \0 */ if (len < *count && data[len-1]) data[len] = 0; @@ -2836,8 +2836,8 @@ RegEnumValueA(HKEY hKey, } else if (data) { - if (total_size - info->DataOffset > *count) status = STATUS_BUFFER_OVERFLOW; - else memcpy( data, buf_ptr + info->DataOffset, total_size - info->DataOffset ); + if (info->DataLength > *count) status = STATUS_BUFFER_OVERFLOW; + else memcpy( data, buf_ptr + info->DataOffset, info->DataLength ); } if (value && !status) @@ -2962,17 +2962,17 @@ RegEnumValueW(HKEY hKey, if (data) { - if (total_size - info->DataOffset > *count) + if (info->DataLength > *count) { status = STATUS_BUFFER_OVERFLOW; goto overflow; } - memcpy( data, buf_ptr + info->DataOffset, total_size - info->DataOffset ); - if (total_size - info->DataOffset <= *count-sizeof(WCHAR) && is_string(info->Type)) + memcpy( data, buf_ptr + info->DataOffset, info->DataLength ); + if (is_string(info->Type) && info->DataLength <= *count - sizeof(WCHAR)) { /* if the type is REG_SZ and data is not 0-terminated * and there is enough space in the buffer NT appends a \0 */ - WCHAR *ptr = (WCHAR *)(data + total_size - info->DataOffset); + WCHAR *ptr = (WCHAR *)(data + info->DataLength); if (ptr > (WCHAR *)data && ptr[-1]) *ptr = 0; } }