Author: rharabien Date: Fri Mar 25 22:34:53 2011 New Revision: 51139 URL: http://svn.reactos.org/svn/reactos?rev=51139&view=rev Log: [WIN32K] Make sure strings returned by internal function RegQueryValue are NULL terminated Modified: trunk/reactos/subsystems/win32/win32k/misc/registry.c Modified: trunk/reactos/subsystems/win32/win32k/misc/registry.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/mi… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/misc/registry.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/misc/registry.c [iso-8859-1] Fri Mar 25 22:34:53 2011 @@ -58,7 +58,7 @@ ULONG cbInfoSize, cbDataSize; /* Check if the local buffer is sufficient */ - cbInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + *pcbValue; + cbInfoSize = FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data) + *pcbValue; if (cbInfoSize <= sizeof(ajBuffer)) { pInfo = (PVOID)ajBuffer; @@ -89,8 +89,11 @@ /* Did we get the right type */ if (pInfo->Type == ulType) { - /* Copy the contents to the caller */ - RtlCopyMemory(pvData, pInfo->Data, min(*pcbValue, cbDataSize)); + /* Copy the contents to the caller. Make sure strings are null terminated */ + if (ulType == REG_SZ || ulType == REG_MULTI_SZ || ulType == REG_EXPAND_SZ) + RtlStringCbCopyNW((LPWSTR)pvData, *pcbValue, (LPWSTR)pInfo->Data, cbDataSize); + else + RtlCopyMemory(pvData, pInfo->Data, cbDataSize); } else Status = STATUS_OBJECT_TYPE_MISMATCH;