[ros-diffs] [khornicek] 73776: [REGEDIT] - Fix a possible null pointer dereference. CID 731448 - Check string length before copying into a fixed size buffer. CID 515207 - Bail out of _CmdWndProc if keyPath is ...

khornicek Sat, 11 Feb 2017 08:03:42 -0800

Author: khornicek
Date: Sat Feb 11 16:02:49 2017
New Revision: 73776

URL: http://svn.reactos.org/svn/reactos?rev=73776&view=rev
Log:
[REGEDIT]
- Fix a possible null pointer dereference. CID 731448
- Check string length before copying into a fixed size buffer. CID 515207
- Bail out of _CmdWndProc if keyPath is null. CID 1102164
- Use strsafe functions. CID 1102477


Modified:
    trunk/reactos/base/applications/regedit/edit.c
    trunk/reactos/base/applications/regedit/find.c
    trunk/reactos/base/applications/regedit/framewnd.c
    trunk/reactos/base/applications/regedit/settings.c

Modified: trunk/reactos/base/applications/regedit/edit.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/edit.c?rev=73776&r1=73775&r2=73776&view=diff
==============================================================================
--- trunk/reactos/base/applications/regedit/edit.c      [iso-8859-1] (original)
+++ trunk/reactos/base/applications/regedit/edit.c      [iso-8859-1] Sat Feb 11 
16:02:49 2017
@@ -1079,7 +1079,7 @@
     editValueName = valueName;
 
     lRet = RegQueryValueExW(hKey, valueName, 0, &type, 0, &valueDataLen);
-    if (lRet != ERROR_SUCCESS && (!wcscmp(valueName, L"") || valueName == 
NULL))
+    if (lRet != ERROR_SUCCESS && (valueName == NULL || !valueName[0]))
     {
         lRet = ERROR_SUCCESS; /* Allow editing of (Default) values which don't 
exist */
         type = REG_SZ;

Modified: trunk/reactos/base/applications/regedit/find.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/find.c?rev=73776&r1=73775&r2=73776&view=diff
==============================================================================
--- trunk/reactos/base/applications/regedit/find.c      [iso-8859-1] (original)
+++ trunk/reactos/base/applications/regedit/find.c      [iso-8859-1] Sat Feb 11 
16:02:49 2017
@@ -150,6 +150,9 @@
     if (DoEvents())
         return FALSE;
 
+    if(wcslen(pszSubKey) >= _countof(szSubKey))
+        return FALSE;
+
     wcscpy(szSubKey, pszSubKey);
     hSubKey = NULL;
 

Modified: trunk/reactos/base/applications/regedit/framewnd.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/framewnd.c?rev=73776&r1=73775&r2=73776&view=diff
==============================================================================
--- trunk/reactos/base/applications/regedit/framewnd.c  [iso-8859-1] (original)
+++ trunk/reactos/base/applications/regedit/framewnd.c  [iso-8859-1] Sat Feb 11 
16:02:49 2017
@@ -1125,11 +1125,13 @@
 
     keyPath = GetItemPath(g_pChildWnd->hTreeWnd, 0, &hKeyRoot);
     valueName = GetValueName(g_pChildWnd->hListWnd, -1);
-    if (keyPath)
-    {
-        lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey);
-        if (lRet != ERROR_SUCCESS) hKey = 0;
-    }
+
+    if (!keyPath)
+        return TRUE;
+
+    lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey);
+    if (lRet != ERROR_SUCCESS)
+        hKey = 0;
 
     switch (LOWORD(wParam))
     {

Modified: trunk/reactos/base/applications/regedit/settings.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/settings.c?rev=73776&r1=73775&r2=73776&view=diff
==============================================================================
--- trunk/reactos/base/applications/regedit/settings.c  [iso-8859-1] (original)
+++ trunk/reactos/base/applications/regedit/settings.c  [iso-8859-1] Sat Feb 11 
16:02:49 2017
@@ -20,6 +20,7 @@
  */
 
 #include "regedit.h"
+#include <strsafe.h>
 
 const WCHAR g_szGeneralRegKey[] = 
L"Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Regedit";
 
@@ -129,11 +130,14 @@
             rootName = get_root_key_name(hRootKey);
 
             /* Load "My Computer" string and complete it */
-            LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer));
-            wcscat(szBuffer, L"\\"); wcscat(szBuffer, rootName);
-            wcscat(szBuffer, L"\\"); wcscat(szBuffer, keyPath);
-
-            RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, 
(DWORD)wcslen(szBuffer) * sizeof(WCHAR));
+            if (LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, 
COUNT_OF(szBuffer)) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\\")) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), rootName)) 
&&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\\")) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), keyPath)))
+            {
+                RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, 
(DWORD)wcslen(szBuffer) * sizeof(WCHAR));
+            }
         }
 
         /* Get statusbar settings */

[ros-diffs] [khornicek] 73776: [REGEDIT] - Fix a possible null pointer dereference. CID 731448 - Check string length before copying into a fixed size buffer. CID 515207 - Bail out of _CmdWndProc if keyPath is ...

Reply via email to