reactos/base/system/smss
Hermès Bélusca-Maïto 87e2ec585f
[SMSS] Use RTL string-safe functions in critical places. Add validity checks for returned NtQueryValueKey() data. (#2704)
- Not all the wcscpy() / swprintf() calls have been converted to their
  string-safe equivalents. Instead I used the string-safe functions only
  for places where strings of unknown length were copied into fixed-size
  internal buffers. On the contrary, for known-fixed-length strings being
  copied or numbers being converted to string representations in large
  enough buffers, I kept the original function calls.

- Verify the registry data that has been returned by NtQueryValueKey():
  * When expecting (not multi) strings, check whether the data type is
    either REG_SZ or REG_EXPAND_SZ.
  * When expecting DWORD values, check whether the data type is
    REG_DWORD and whether the data length is (greater or) equal to
    sizeof(ULONG).
2020-10-10 16:25:22 +02:00
..
CMakeLists.txt
crashdmp.c
pagefile.c
sminit.c [SMSS] Use RTL string-safe functions in critical places. Add validity checks for returned NtQueryValueKey() data. (#2704) 2020-10-10 16:25:22 +02:00
smloop.c
smsbapi.c [SMSS] Use RTL string-safe functions in critical places. Add validity checks for returned NtQueryValueKey() data. (#2704) 2020-10-10 16:25:22 +02:00
smsessn.c
smss.c
smss.h [SMSS] Use RTL string-safe functions in critical places. Add validity checks for returned NtQueryValueKey() data. (#2704) 2020-10-10 16:25:22 +02:00
smss.rc
smsubsys.c [SMSS] Use RTL string-safe functions in critical places. Add validity checks for returned NtQueryValueKey() data. (#2704) 2020-10-10 16:25:22 +02:00
smutil.c [SMSS] Use RTL string-safe functions in critical places. Add validity checks for returned NtQueryValueKey() data. (#2704) 2020-10-10 16:25:22 +02:00