[ros-diffs] [khornicek] 73776: [REGEDIT] - Fix a possible null pointer dereference. CID 731448 - Check string length before copying into a fixed size buffer. CID 515207 - Bail out of _CmdWndProc if keyPath is ...

Author: khornicek Date: Sat Feb 11 16:02:49 2017 New Revision: 73776 URL: http://svn.reactos.org/svn/reactos?rev=73776&view=rev Log: [REGEDIT] - Fix a possible null pointer dereference. CID 731448 - Check string length before copying into a fixed size buffer. CID 515207 - Bail out of _CmdWndProc if keyPath is null. CID 1102164 - Use strsafe functions. CID 1102477 Modified: trunk/reactos/base/applications/regedit/edit.c trunk/reactos/base/applications/regedit/find.c trunk/reactos/base/applications/regedit/framewnd.c trunk/reactos/base/applications/regedit/settings.c Modified: trunk/reactos/base/applications/regedit/edit.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/… ============================================================================== --- trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -1079,7 +1079,7 @@ editValueName = valueName; lRet = RegQueryValueExW(hKey, valueName, 0, &type, 0, &valueDataLen); - if (lRet != ERROR_SUCCESS && (!wcscmp(valueName, L"") || valueName == NULL)) + if (lRet != ERROR_SUCCESS && (valueName == NULL || !valueName[0])) { lRet = ERROR_SUCCESS; /* Allow editing of (Default) values which don't exist */ type = REG_SZ; Modified: trunk/reactos/base/applications/regedit/find.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/… ============================================================================== --- trunk/reactos/base/applications/regedit/find.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/find.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -150,6 +150,9 @@ if (DoEvents()) return FALSE; + if(wcslen(pszSubKey) >= _countof(szSubKey)) + return FALSE; + wcscpy(szSubKey, pszSubKey); hSubKey = NULL; Modified: trunk/reactos/base/applications/regedit/framewnd.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/… ============================================================================== --- trunk/reactos/base/applications/regedit/framewnd.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/framewnd.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -1125,11 +1125,13 @@ keyPath = GetItemPath(g_pChildWnd->hTreeWnd, 0, &hKeyRoot); valueName = GetValueName(g_pChildWnd->hListWnd, -1); - if (keyPath) - { - lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey); - if (lRet != ERROR_SUCCESS) hKey = 0; - } + + if (!keyPath) + return TRUE; + + lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey); + if (lRet != ERROR_SUCCESS) + hKey = 0; switch (LOWORD(wParam)) { Modified: trunk/reactos/base/applications/regedit/settings.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/… ============================================================================== --- trunk/reactos/base/applications/regedit/settings.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/settings.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -20,6 +20,7 @@ */ #include "regedit.h" +#include <strsafe.h> const WCHAR g_szGeneralRegKey[] = L"Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Regedit"; @@ -129,11 +130,14 @@ rootName = get_root_key_name(hRootKey); /* Load "My Computer" string and complete it */ - LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer)); - wcscat(szBuffer, L"\\"); wcscat(szBuffer, rootName); - wcscat(szBuffer, L"\\"); wcscat(szBuffer, keyPath); - - RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, (DWORD)wcslen(szBuffer) * sizeof(WCHAR)); + if (LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer)) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\\")) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), rootName)) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\\")) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), keyPath))) + { + RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, (DWORD)wcslen(szBuffer) * sizeof(WCHAR)); + } } /* Get statusbar settings */