Author: khornicek Date: Sat Feb 11 16:02:49 2017 New Revision: 73776
URL: http://svn.reactos.org/svn/reactos?rev=73776&view=rev Log: [REGEDIT] - Fix a possible null pointer dereference. CID 731448 - Check string length before copying into a fixed size buffer. CID 515207 - Bail out of _CmdWndProc if keyPath is null. CID 1102164 - Use strsafe functions. CID 1102477
Modified: trunk/reactos/base/applications/regedit/edit.c trunk/reactos/base/applications/regedit/find.c trunk/reactos/base/applications/regedit/framewnd.c trunk/reactos/base/applications/regedit/settings.c
Modified: trunk/reactos/base/applications/regedit/edit.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/e... ============================================================================== --- trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -1079,7 +1079,7 @@ editValueName = valueName;
lRet = RegQueryValueExW(hKey, valueName, 0, &type, 0, &valueDataLen); - if (lRet != ERROR_SUCCESS && (!wcscmp(valueName, L"") || valueName == NULL)) + if (lRet != ERROR_SUCCESS && (valueName == NULL || !valueName[0])) { lRet = ERROR_SUCCESS; /* Allow editing of (Default) values which don't exist */ type = REG_SZ;
Modified: trunk/reactos/base/applications/regedit/find.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/f... ============================================================================== --- trunk/reactos/base/applications/regedit/find.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/find.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -150,6 +150,9 @@ if (DoEvents()) return FALSE;
+ if(wcslen(pszSubKey) >= _countof(szSubKey)) + return FALSE; + wcscpy(szSubKey, pszSubKey); hSubKey = NULL;
Modified: trunk/reactos/base/applications/regedit/framewnd.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/f... ============================================================================== --- trunk/reactos/base/applications/regedit/framewnd.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/framewnd.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -1125,11 +1125,13 @@
keyPath = GetItemPath(g_pChildWnd->hTreeWnd, 0, &hKeyRoot); valueName = GetValueName(g_pChildWnd->hListWnd, -1); - if (keyPath) - { - lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey); - if (lRet != ERROR_SUCCESS) hKey = 0; - } + + if (!keyPath) + return TRUE; + + lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey); + if (lRet != ERROR_SUCCESS) + hKey = 0;
switch (LOWORD(wParam)) {
Modified: trunk/reactos/base/applications/regedit/settings.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/s... ============================================================================== --- trunk/reactos/base/applications/regedit/settings.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/settings.c [iso-8859-1] Sat Feb 11 16:02:49 2017 @@ -20,6 +20,7 @@ */
#include "regedit.h" +#include <strsafe.h>
const WCHAR g_szGeneralRegKey[] = L"Software\Microsoft\Windows\CurrentVersion\Applets\Regedit";
@@ -129,11 +130,14 @@ rootName = get_root_key_name(hRootKey);
/* Load "My Computer" string and complete it */ - LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer)); - wcscat(szBuffer, L"\"); wcscat(szBuffer, rootName); - wcscat(szBuffer, L"\"); wcscat(szBuffer, keyPath); - - RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, (DWORD)wcslen(szBuffer) * sizeof(WCHAR)); + if (LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer)) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\")) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), rootName)) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\")) && + SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), keyPath))) + { + RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, (DWORD)wcslen(szBuffer) * sizeof(WCHAR)); + } }
/* Get statusbar settings */