Strange code in misc/registry.c

[Dmitry Timoshkov]

"Lionel Ulmer" <lionel.ulmer at free.fr> wrote:

> Not really as the code does this :
> 
>         /* create new subkey name */
>         new_key_name = _strdupnA(key_name,strlen(key_name)+dkh->keynamelen+1);
>         if (strcmp(new_key_name,"") != 0) strcat(new_key_name,"\\");
>         strncat(new_key_name,dkh->name,dkh->keynamelen);
> 
> So basically it does 'duplicate my string but add XXX bytes to it as I want
> to strcat to it a new string of len XXX'.

It's clearly a bug, since the code asks for trouble by requesting to
read more data than it actually should. In that case the code has to do:

new_key_name = malloc(strlen(key_name)+dkh->keynamelen+1);
strcpy(new_key_name, key_name);
if (strcmp(new_key_name,"") != 0) strcat(new_key_name,"\\");
strncat(new_key_name,dkh->name,dkh->keynamelen);

-- 
Dmitry.