https://git.reactos.org/?p=reactos.git;a=commitdiff;h=953c03c336a762f3b4fd67...
commit 953c03c336a762f3b4fd672a546c4c0986dfab1c Author: Victor Perevertkin victor.perevertkin@reactos.org AuthorDate: Thu Oct 22 14:38:55 2020 +0300 Commit: Victor Perevertkin victor.perevertkin@reactos.org CommitDate: Thu Oct 22 14:38:55 2020 +0300
[DEVMGR] Avoid buffer overflow when device reg key size is > 100 chars --- dll/win32/devmgr/properties/hwresource.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/dll/win32/devmgr/properties/hwresource.cpp b/dll/win32/devmgr/properties/hwresource.cpp index 76879042415..a3e1a88b65e 100644 --- a/dll/win32/devmgr/properties/hwresource.cpp +++ b/dll/win32/devmgr/properties/hwresource.cpp @@ -357,13 +357,15 @@ PVOID GetResourceList( LPWSTR pszDeviceID) { - WCHAR szBuffer[100]; PCM_RESOURCE_LIST pResourceList = NULL; HKEY hKey = NULL; DWORD dwError, dwSize;
- wsprintf(szBuffer, L"SYSTEM\CurrentControlSet\Enum\%s\LogConf", pszDeviceID); - dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE, szBuffer, 0, KEY_READ, &hKey); + CStringW keyName = L"SYSTEM\CurrentControlSet\Enum\"; + keyName += pszDeviceID; + keyName += L"\LogConf"; + + dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE, keyName, 0, KEY_READ, &hKey); if (dwError != ERROR_SUCCESS) { /* failed to open device instance log conf dir */