diff --git a/base/applications/regedit/CMakeLists.txt b/base/applications/regedit/CMakeLists.txt index c26f2f42ec2..40aa76211c7 100644 --- a/base/applications/regedit/CMakeLists.txt +++ b/base/applications/regedit/CMakeLists.txt @@ -22,7 +22,7 @@ file(GLOB regedit_rc_deps res/*.*) add_rc_deps(regedit.rc ${regedit_rc_deps}) add_executable(regedit ${SOURCE} regedit.rc) set_module_type(regedit win32gui UNICODE) -target_link_libraries(regedit uuid wine) +target_link_libraries(regedit uuid wine ${PSEH_LIB}) add_importlibs(regedit user32 gdi32 advapi32 ole32 shell32 comctl32 comdlg32 shlwapi msvcrt kernel32 ntdll) add_pch(regedit regedit.h SOURCE) add_cd_file(TARGET regedit DESTINATION reactos FOR all) diff --git a/base/applications/regedit/find.c b/base/applications/regedit/find.c index df5c0959347..60b84eebd8d 100644 --- a/base/applications/regedit/find.c +++ b/base/applications/regedit/find.c @@ -17,12 +17,14 @@ */ #include "regedit.h" +#include #define RSF_WHOLESTRING 0x00000001 #define RSF_LOOKATKEYS 0x00000002 #define RSF_LOOKATVALUES 0x00000004 #define RSF_LOOKATDATA 0x00000008 #define RSF_MATCHCASE 0x00010000 +#define STRSAFE_MAX_CCH 2147483647 static WCHAR s_szFindWhat[256]; static const WCHAR s_szFindFlags[] = L"FindFlags"; @@ -38,6 +40,54 @@ static const WCHAR s_backslash[] = L"\\"; extern VOID SetValueName(HWND hwndLV, LPCWSTR pszValueName); +/* The code below is modified and combined from two Functions in strsafe.h. + * 1)StringCchLengthW(STRSAFE_LPCWSTR psz,size_t cchMax,size_t *pcchLength) + * and + * 2)StringLengthWorkerW(STRSAFE_LPCWSTR psz,size_t cchMax,size_t *pcchLength) + * I wrapped parts in SEH2 code because it was causing buffer overflow crashes. */ +BOOL LocalStringLengthW(LPCWSTR psz,size_t cchMax,size_t *pcchLength) +{ + BOOL hr = TRUE; + size_t cchMaxPrev = cchMax; + + if(!psz || (cchMax > STRSAFE_MAX_CCH)) + { + hr = FALSE; + } + else + { + _SEH2_TRY + { + while(cchMax && (*psz!=L'\0')) + { + psz++; + cchMax--; + } + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + DPRINTF("Handling Exception on WCHAR number '%d'.\n", cchMaxPrev - cchMax); + hr = FALSE; + } + _SEH2_END; + + if(cchMax==0) hr = FALSE; + if(pcchLength) + { + if(hr) + *pcchLength = cchMaxPrev - cchMax; + else + *pcchLength = 0; + } + } + + if (!hr && pcchLength) + { + *pcchLength = 0; + } + return hr; +} + BOOL DoEvents(VOID) { MSG msg; @@ -57,9 +107,13 @@ BOOL DoEvents(VOID) static LPWSTR lstrstri(LPCWSTR psz1, LPCWSTR psz2) { INT i, cch1, cch2; + size_t len1 = 0, len2 = 0; + + if (!LocalStringLengthW(psz1, MAX_PATH, &len1)) return FALSE; + if (!LocalStringLengthW(psz2, MAX_PATH, &len2)) return FALSE; + cch1 = len1; + cch2 = len2; - cch1 = wcslen(psz1); - cch2 = wcslen(psz2); for(i = 0; i <= cch1 - cch2; i++) { if (CompareStringW(LOCALE_SYSTEM_DEFAULT, NORM_IGNORECASE, @@ -93,7 +147,15 @@ CompareData( LPCWSTR psz1, LPCWSTR psz2) { - INT i, cch1 = wcslen(psz1), cch2 = wcslen(psz2); + INT i, cch1, cch2; + size_t len1, len2; + + if (!LocalStringLengthW (psz1, MAX_PATH, &len1)) return FALSE; + if (!LocalStringLengthW (psz2, MAX_PATH, &len2)) return FALSE; + + cch1 = len1; + cch2 = len2; + if (dwType == REG_SZ || dwType == REG_EXPAND_SZ) { if (s_dwFlags & RSF_WHOLESTRING) @@ -146,11 +208,13 @@ BOOL RegFindRecurse( BOOL fPast = FALSE; LPWSTR *ppszNames = NULL; LPBYTE pb = NULL; + size_t len1 = 0, len2 = 0; if (DoEvents()) return FALSE; - if(wcslen(pszSubKey) >= _countof(szSubKey)) + if (!LocalStringLengthW(pszSubKey, MAX_PATH, &len1)) return FALSE; + if(len1 >= _countof(szSubKey)) return FALSE; wcscpy(szSubKey, pszSubKey); @@ -203,11 +267,15 @@ BOOL RegFindRecurse( if (!fPast && _wcsicmp(ppszNames[i], pszValueName) == 0) { fPast = TRUE; + goto Ahead; + } + else if (_wcsicmp(ppszNames[i], pszValueName) == 0) + { continue; } if (!fPast) continue; - +Ahead: if ((s_dwFlags & RSF_LOOKATVALUES) && CompareName(ppszNames[i], s_szFindWhat)) { @@ -293,9 +361,9 @@ BOOL RegFindRecurse( if ((s_dwFlags & RSF_LOOKATKEYS) && CompareName(ppszNames[i], s_szFindWhat)) { - *ppszFoundSubKey = malloc( - (wcslen(szSubKey) + wcslen(ppszNames[i]) + 2) * - sizeof(WCHAR)); + if (!LocalStringLengthW(szSubKey, MAX_PATH, &len1)) return FALSE; + if (!LocalStringLengthW(ppszNames[i], MAX_PATH, &len2)) return FALSE; + *ppszFoundSubKey = malloc((len1 + len2 + 2) * sizeof(WCHAR)); if (*ppszFoundSubKey == NULL) goto err; if (szSubKey[0]) @@ -314,8 +382,9 @@ BOOL RegFindRecurse( ppszFoundValueName)) { LPWSTR psz = *ppszFoundSubKey; - *ppszFoundSubKey = malloc( - (wcslen(szSubKey) + wcslen(psz) + 2) * sizeof(WCHAR)); + if (!LocalStringLengthW(szSubKey, MAX_PATH, &len1)) return FALSE; + if (!LocalStringLengthW(psz, MAX_PATH, &len2)) return FALSE; + *ppszFoundSubKey = malloc((len1 + len2 + 2) * sizeof(WCHAR)); if (*ppszFoundSubKey == NULL) goto err; if (szSubKey[0]) @@ -368,10 +437,12 @@ BOOL RegFindWalk( LPWSTR pch; BOOL fPast; LPWSTR *ppszNames = NULL; + size_t len1 = 0, len2 = 0; hBaseKey = *phKey; - if (wcslen(pszSubKey) >= _countof(szSubKey)) + if (!LocalStringLengthW(pszSubKey, MAX_PATH, &len1)) return FALSE; + if (len1 >= _countof(szSubKey)) return FALSE; if (RegFindRecurse(hBaseKey, pszSubKey, pszValueName, ppszFoundSubKey, @@ -448,9 +519,10 @@ BOOL RegFindWalk( if ((s_dwFlags & RSF_LOOKATKEYS) && CompareName(ppszNames[i], s_szFindWhat)) { - *ppszFoundSubKey = malloc( - (wcslen(szSubKey) + wcslen(ppszNames[i]) + 2) * - sizeof(WCHAR)); + if (!LocalStringLengthW(szSubKey, MAX_PATH, &len1)) return FALSE; + if (!LocalStringLengthW(ppszNames[i], MAX_PATH, &len2)) return FALSE; + *ppszFoundSubKey = malloc((len1 + len2 + 2) * sizeof(WCHAR)); + if (*ppszFoundSubKey == NULL) goto err; if (szSubKey[0]) @@ -469,9 +541,10 @@ BOOL RegFindWalk( ppszFoundSubKey, ppszFoundValueName)) { LPWSTR psz = *ppszFoundSubKey; - *ppszFoundSubKey = malloc( - (wcslen(szSubKey) + wcslen(psz) + 2) * - sizeof(WCHAR)); + if (!LocalStringLengthW(szSubKey, MAX_PATH, &len1)) return FALSE; + if (!LocalStringLengthW(psz, MAX_PATH, &len2)) return FALSE; + *ppszFoundSubKey = malloc((len1 + len2 + 2) * sizeof(WCHAR)); + if (*ppszFoundSubKey == NULL) goto err; if (szSubKey[0]) @@ -637,8 +710,10 @@ BOOL FindNext(HWND hWnd) WCHAR szFullKey[512]; LPCWSTR pszValueName; LPWSTR pszFoundSubKey, pszFoundValueName; + size_t len1 = 0; - if (wcslen(s_szFindWhat) == 0) + if (!LocalStringLengthW(s_szFindWhat, MAX_PATH, &len1)) return FALSE; + if (len1 == 0) { FindDialog(hWnd); return TRUE;