Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-09-28 13:34:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
reactos/dll/win32/advapi32/reg
History
Timo Kreuzer c5158963a3 [ADVAPI32] Fix a buffer overflow in RegQueryValueExA 
The code was trying to check whether the output string was already NULL terminated by RtlUnicodeToMultiByteN before NULL terminating it by checking DataStr[*count - 1] for a NULL terminator. But since RtlUnicodeToMultiByteSize always returns the size without the NULL terminator, DataStr[*count - 1] would always be the last actual character, never an optional NULL terminator.
For 0 sized strings this would actually lead to accessing the output buffer at position -1 (on 32 bit)  or 0xFFFFFFFF (on 64 bit).
Fix this by removing the check. This fixes a crash in advapi32_winetest:registry on x64.
2023-01-04 10:32:28 +01:00
..
hkcr.c [REACTOS] Add '\n' to debug logs 2022-05-04 03:28:38 +03:00
reg.c [ADVAPI32] Fix a buffer overflow in RegQueryValueExA 2023-01-04 10:32:28 +01:00
reg.h