[ros-diffs] [rmessiant] 54590: [REGEDIT] - Prevent buffer overflow when creating the display value for a value of type REG_MULTI_SZ. - Prevent processing excess data when preparing a value of type REG_MULTI_SZ...

rmessiant Sun, 04 Dec 2011 11:19:48 -0800

Author: rmessiant
Date: Sun Dec  4 19:19:33 2011
New Revision: 54590

URL: http://svn.reactos.org/svn/reactos?rev=54590&view=rev
Log:
[REGEDIT]
- Prevent buffer overflow when creating the display value for a value of type 
REG_MULTI_SZ.
- Prevent processing excess data when preparing a value of type REG_MULTI_SZ 
for editing.


Modified:
    trunk/reactos/base/applications/regedit/edit.c
    trunk/reactos/base/applications/regedit/listview.c

Modified: trunk/reactos/base/applications/regedit/edit.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/edit.c?rev=54590&r1=54589&r2=54590&view=diff
==============================================================================
--- trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] (original)
+++ trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] Sun Dec  4 
19:19:33 2011
@@ -1127,7 +1127,7 @@
             size_t llen, listlen, nl_len;
             LPTSTR src, lines = NULL;
 
-            if (!(stringValueData = HeapAlloc(GetProcessHeap(), 0, 
valueDataLen)))
+            if (!(stringValueData = HeapAlloc(GetProcessHeap(), 
HEAP_ZERO_MEMORY, valueDataLen + sizeof(TCHAR))))
             {
                 error(hwnd, IDS_TOO_BIG_VALUE, valueDataLen);
                 goto done;

Modified: trunk/reactos/base/applications/regedit/listview.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/listview.c?rev=54590&r1=54589&r2=54590&view=diff
==============================================================================
--- trunk/reactos/base/applications/regedit/listview.c [iso-8859-1] (original)
+++ trunk/reactos/base/applications/regedit/listview.c [iso-8859-1] Sun Dec  4 
19:19:33 2011
@@ -186,7 +186,7 @@
             if(dwCount >= 2)
             {
                 src = (LPTSTR)ValBuf;
-                str = HeapAlloc(GetProcessHeap(), 0, dwCount);
+                str = HeapAlloc(GetProcessHeap(), 0, dwCount + sizeof(TCHAR));
                 if(str != NULL)
                 {
                     *str = _T('\0');

[ros-diffs] [rmessiant] 54590: [REGEDIT] - Prevent buffer overflow when creating the display value for a value of type REG_MULTI_SZ. - Prevent processing excess data when preparing a value of type REG_MULTI_SZ...

Reply via email to