shithub: choc

Download patch

ref: 81fe8ce185e44714ab55fb194294d77a7976d91e
parent: fa7726b57dc98b936b4bfaa873013f286f50148a
author: James Haley <[email protected]>
date: Tue Aug 23 20:33:42 EDT 2016

Ensure values retrieved with RegQueryValueEx are null-terminated.

According to MSDN, an application can write REG_SZ values without a
null-terminating byte. We will not trust that the registry keys we
are looking for were actually written by the well-known, trusted
applications assumed to create them, and instead allocate the buffer
at size+1 and manually terminate it.

cf. https://msdn.microsoft.com/en-us/library/windows/desktop/ms724911(v=vs.85).aspx

--- a/src/d_iwad.c
+++ b/src/d_iwad.c
@@ -256,7 +256,7 @@
     {
         // Allocate a buffer for the value and read the value
 
-        result = malloc(len);
+        result = malloc(len + 1);
 
         if (RegQueryValueEx(key, reg_val->value, NULL, &valtype,
                             (unsigned char *) result, &len) != ERROR_SUCCESS)
@@ -263,6 +263,11 @@
         {
             free(result);
             result = NULL;
+        }
+        else
+        {
+            // Ensure the value is null-terminated
+            result[len] = '\0';
         }
     }