Author: hbelusca Date: Sat Sep 30 22:12:21 2017 New Revision: 76010
URL: http://svn.reactos.org/svn/reactos?rev=76010&view=rev Log: [CMD]: Improve ExecuteAutoRunFile() with validity checks.
Modified: trunk/reactos/base/shell/cmd/cmd.c
Modified: trunk/reactos/base/shell/cmd/cmd.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/shell/cmd/cmd.c?rev=76... ============================================================================== --- trunk/reactos/base/shell/cmd/cmd.c [iso-8859-1] (original) +++ trunk/reactos/base/shell/cmd/cmd.c [iso-8859-1] Sat Sep 30 22:12:21 2017 @@ -1538,12 +1538,12 @@ { LONG lRet; HKEY hKey; + DWORD dwType, len; /* * Buffer big enough to hold the string L"4294967295", * corresponding to the literal 0xFFFFFFFF (MAX_ULONG) in decimal. */ DWORD Buffer[6]; - DWORD dwType, len;
lRet = RegOpenKeyEx(hKeyRoot, _T("Software\Microsoft\Command Processor"), @@ -1685,28 +1685,33 @@ static VOID ExecuteAutoRunFile(HKEY hKeyRoot) { - TCHAR autorun[2048]; - DWORD len = sizeof autorun; - HKEY hkey; - - if (RegOpenKeyEx(hKeyRoot, - _T("SOFTWARE\Microsoft\Command Processor"), - 0, - KEY_READ, - &hkey) == ERROR_SUCCESS) - { - if (RegQueryValueEx(hkey, + LONG lRet; + HKEY hKey; + DWORD dwType, len; + TCHAR AutoRun[2048]; + + lRet = RegOpenKeyEx(hKeyRoot, + _T("Software\Microsoft\Command Processor"), + 0, + KEY_QUERY_VALUE, + &hKey); + if (lRet != ERROR_SUCCESS) + return; + + len = sizeof(AutoRun); + lRet = RegQueryValueEx(hKey, _T("AutoRun"), - 0, - 0, - (LPBYTE)autorun, - &len) == ERROR_SUCCESS) - { - if (*autorun) - ParseCommandLine(autorun); - } - RegCloseKey(hkey); - } + NULL, + &dwType, + (LPBYTE)&AutoRun, + &len); + if ((lRet == ERROR_SUCCESS) && (dwType == REG_EXPAND_SZ || dwType == REG_SZ)) + { + if (*AutoRun) + ParseCommandLine(AutoRun); + } + + RegCloseKey(hKey); }
/* Get the command that comes after a /C or /K switch */
-
hbelusca@svn.reactos.org