[REGEDIT]

- Fix a possible null pointer dereference. CID 731448
- Check string length before copying into a fixed size buffer. CID 515207
- Bail out of _CmdWndProc if keyPath is null. CID 1102164
- Use strsafe functions. CID 1102477

svn path=/trunk/; revision=73776

diff --git a/reactos/base/applications/regedit/edit.c b/reactos/base/applications/regedit/edit.c
index 3e2ac6b..9962a15 100644 (file)
--- a/reactos/base/applications/regedit/edit.c
+++ b/reactos/base/applications/regedit/edit.c
@@ -1079,7 +1079,7 @@ BOOL ModifyValue(HWND hwnd, HKEY hKey, LPCWSTR valueName, BOOL EditBin)
     editValueName = valueName;
 
     lRet = RegQueryValueExW(hKey, valueName, 0, &type, 0, &valueDataLen);
     editValueName = valueName;
 
     lRet = RegQueryValueExW(hKey, valueName, 0, &type, 0, &valueDataLen);

-    if (lRet != ERROR_SUCCESS && (!wcscmp(valueName, L"") || valueName == NULL))
+    if (lRet != ERROR_SUCCESS && (valueName == NULL || !valueName[0]))

     {
         lRet = ERROR_SUCCESS; /* Allow editing of (Default) values which don't exist */
         type = REG_SZ;
     {
         lRet = ERROR_SUCCESS; /* Allow editing of (Default) values which don't exist */
         type = REG_SZ;

diff --git a/reactos/base/applications/regedit/find.c b/reactos/base/applications/regedit/find.c
index 4b9e4cd..98fe43f 100644 (file)
--- a/reactos/base/applications/regedit/find.c
+++ b/reactos/base/applications/regedit/find.c
@@ -150,6 +150,9 @@ BOOL RegFindRecurse(
     if (DoEvents())
         return FALSE;
 
     if (DoEvents())
         return FALSE;
 

+    if(wcslen(pszSubKey) >= _countof(szSubKey))
+        return FALSE;
+

     wcscpy(szSubKey, pszSubKey);
     hSubKey = NULL;
 
     wcscpy(szSubKey, pszSubKey);
     hSubKey = NULL;
 

diff --git a/reactos/base/applications/regedit/framewnd.c b/reactos/base/applications/regedit/framewnd.c
index 2f02550..7a10509 100644 (file)
--- a/reactos/base/applications/regedit/framewnd.c
+++ b/reactos/base/applications/regedit/framewnd.c
@@ -1125,11 +1125,13 @@ static BOOL _CmdWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
 
     keyPath = GetItemPath(g_pChildWnd->hTreeWnd, 0, &hKeyRoot);
     valueName = GetValueName(g_pChildWnd->hListWnd, -1);
 
     keyPath = GetItemPath(g_pChildWnd->hTreeWnd, 0, &hKeyRoot);
     valueName = GetValueName(g_pChildWnd->hListWnd, -1);

-    if (keyPath)
-    {
-        lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey);
-        if (lRet != ERROR_SUCCESS) hKey = 0;
-    }
+
+    if (!keyPath)
+        return TRUE;
+
+    lRet = RegOpenKeyExW(hKeyRoot, keyPath, 0, regsam, &hKey);
+    if (lRet != ERROR_SUCCESS)
+        hKey = 0;

 
     switch (LOWORD(wParam))
     {
 
     switch (LOWORD(wParam))
     {

diff --git a/reactos/base/applications/regedit/settings.c b/reactos/base/applications/regedit/settings.c
index 8f05f4b..50f5a7c 100644 (file)
--- a/reactos/base/applications/regedit/settings.c
+++ b/reactos/base/applications/regedit/settings.c
@@ -20,6 +20,7 @@
  */
 
 #include "regedit.h"
  */
 
 #include "regedit.h"

+#include <strsafe.h>

 
 const WCHAR g_szGeneralRegKey[] = L"Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Regedit";
 
 
 const WCHAR g_szGeneralRegKey[] = L"Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Regedit";
 


@@ -129,11 +130,14 @@ extern void SaveSettings(void)
             rootName = get_root_key_name(hRootKey);
 
             /* Load "My Computer" string and complete it */
             rootName = get_root_key_name(hRootKey);
 
             /* Load "My Computer" string and complete it */

-            LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer));
-            wcscat(szBuffer, L"\\"); wcscat(szBuffer, rootName);
-            wcscat(szBuffer, L"\\"); wcscat(szBuffer, keyPath);
-
-            RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, (DWORD)wcslen(szBuffer) * sizeof(WCHAR));
+            if (LoadStringW(hInst, IDS_MY_COMPUTER, szBuffer, COUNT_OF(szBuffer)) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\\")) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), rootName)) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), L"\\")) &&
+                SUCCEEDED(StringCbCatW(szBuffer, sizeof(szBuffer), keyPath)))
+            {
+                RegSetValueExW(hKey, L"LastKey", 0, REG_SZ, (LPBYTE)szBuffer, (DWORD)wcslen(szBuffer) * sizeof(WCHAR));
+            }

         }
 
         /* Get statusbar settings */
         }
 
         /* Get statusbar settings */