https://git.reactos.org/?p=reactos.git;a=commitdiff;h=c8f4e4de62ce0e11fbd687...
commit c8f4e4de62ce0e11fbd687794655027b83ec6b7e Author: Mark Jansen mark.jansen@reactos.org AuthorDate: Sat Aug 27 14:45:42 2022 +0200 Commit: Mark Jansen mark.jansen@reactos.org CommitDate: Tue Sep 13 20:49:00 2022 +0200
[REGEDIT] Fix possible buffer overflow --- base/applications/regedit/find.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/base/applications/regedit/find.c b/base/applications/regedit/find.c index 17de9b9b147..7dfe62f996c 100644 --- a/base/applications/regedit/find.c +++ b/base/applications/regedit/find.c @@ -32,7 +32,7 @@ static BOOL s_bAbort;
static DWORD s_dwFlags; static WCHAR s_szName[MAX_PATH]; -static DWORD s_cbName; +static DWORD s_cchName; static const WCHAR s_empty[] = L""; static const WCHAR s_backslash[] = L"\";
@@ -174,8 +174,8 @@ BOOL RegFindRecurse( if (DoEvents()) goto err;
- s_cbName = MAX_PATH * sizeof(WCHAR); - lResult = RegEnumValueW(hSubKey, i, s_szName, &s_cbName, NULL, NULL, + s_cchName = _countof(s_szName); + lResult = RegEnumValueW(hSubKey, i, s_szName, &s_cchName, NULL, NULL, NULL, &cb); if (lResult == ERROR_NO_MORE_ITEMS) { @@ -184,7 +184,7 @@ BOOL RegFindRecurse( } if (lResult != ERROR_SUCCESS) goto err; - if (s_cbName >= MAX_PATH * sizeof(WCHAR)) + if (s_cchName >= _countof(s_szName)) continue;
ppszNames[i] = _wcsdup(s_szName); @@ -267,8 +267,8 @@ BOOL RegFindRecurse( if (DoEvents()) goto err;
- s_cbName = MAX_PATH * sizeof(WCHAR); - lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cbName, NULL, NULL, + s_cchName = _countof(s_szName); + lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cchName, NULL, NULL, NULL, NULL); if (lResult == ERROR_NO_MORE_ITEMS) { @@ -277,7 +277,7 @@ BOOL RegFindRecurse( } if (lResult != ERROR_SUCCESS) goto err; - if (s_cbName >= MAX_PATH * sizeof(WCHAR)) + if (s_cchName >= _countof(s_szName)) continue;
ppszNames[i] = _wcsdup(s_szName); @@ -416,8 +416,8 @@ BOOL RegFindWalk( if (DoEvents()) goto err;
- s_cbName = MAX_PATH * sizeof(WCHAR); - lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cbName, + s_cchName = _countof(s_szName); + lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cchName, NULL, NULL, NULL, NULL); if (lResult == ERROR_NO_MORE_ITEMS) {
-
Mark Jansen