11 Dec
2005
11 Dec
'05
10:13 p.m.
fixed uninitialized variable warnings and possible buffer overflows when
reading strings from the registry that aren't NULL-terminated
Modified: trunk/reactos/lib/setupapi/devinst.c
_____
Modified: trunk/reactos/lib/setupapi/devinst.c
--- trunk/reactos/lib/setupapi/devinst.c 2005-12-11 21:29:07 UTC
(rev 20087)
+++ trunk/reactos/lib/setupapi/devinst.c 2005-12-11 22:13:46 UTC
(rev 20088)
@@ -1872,13 +1872,14 @@
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
goto cleanup;
}
- Buffer[dwLength / sizeof(WCHAR)] = 0;
rc = RegQueryValueExW(hClassKey, L"Icon", NULL, NULL,
(LPBYTE)Buffer, &dwLength);
if (rc != ERROR_SUCCESS)
{
SetLastError(rc);
goto cleanup;
}
+ /* make sure the returned buffer is NULL-terminated */
+ Buffer[dwLength / sizeof(WCHAR)] = 0;
/* Transform "Icon" value to a INT */
*ImageIndex = atoiW(Buffer);
@@ -2065,7 +2066,7 @@
rc = RegQueryValueExW(hKey, L"Installer32", NULL,
&dwRegType, NULL, &dwLength);
if (rc == ERROR_SUCCESS && dwRegType == REG_SZ)
{
- Buffer = MyMalloc(dwLength);
+ Buffer = MyMalloc(dwLength + sizeof(WCHAR));
if (Buffer == NULL)
{
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@@ -2077,12 +2078,14 @@
SetLastError(rc);
goto cleanup;
}
+ /* make sure the returned buffer is NULL-terminated */
+ Buffer[dwLength / sizeof(WCHAR)] = 0;
}
else if
(ERROR_SUCCESS == (rc = RegQueryValueExW(hKey,
L"EnumPropPages32", NULL, &dwRegType, NULL, &dwLength))
&& dwRegType == REG_SZ)
{
- Buffer = MyMalloc(dwLength);
+ Buffer = MyMalloc(dwLength + sizeof(WCHAR));
if (Buffer == NULL)
{
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@@ -2094,6 +2097,8 @@
SetLastError(rc);
goto cleanup;
}
+ /* make sure the returned buffer is NULL-terminated */
+ Buffer[dwLength / sizeof(WCHAR)] = 0;
}
else
{
@@ -2108,6 +2113,7 @@
goto cleanup;
}
*Comma = '\0';
+ DllName = Buffer;
}
else
{