[resend 04/10] reg: Add sane_path function to do preliniary key validation
Stefan Dösinger
stefandoesinger at gmail.com
Tue Jan 6 14:09:36 CST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 2015-01-06 um 21:07 schrieb Stefan Dösinger:
> Am 2014-12-13 um 18:06 schrieb Jonathan Vollebregt:
>> +static LSTATUS sane_path(const WCHAR *key)
>> +{
>> + if (key[0] == '\\' && key[1] == '\\' && key[2] != '\\')
>> + return ERROR_NO_REMOTE;
>> +
>> + return ERROR_SUCCESS;
>> +}
> This adds (or rather extends) a possible out of bound array access.
Actually, never mind that, as discussed on IRC. If the string is too short key[0] or key[1] won't be '\\'. Still it looks somewhat odd, but the next patch adds an explicit length check.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUrEEAAAoJEN0/YqbEcdMw1FUQAIZWTWbqtX8CvA+26vpsRDKL
sY96cCXSONaWSgYK/8ScIE1wFM2VEzvCe8y3ShsJjtrjOTpKy/lNn+S46RsDzanC
PlXdr9j8h2QO8pJRVVRgqkO6Ch+QZYI2Sk8ICOEumVMERE8KzSQNLLqSDzO/+JOO
cnQsswRqvC4Mai9pEMx/jLD0fSNJAALzJt8aQDv2S8C2pZdaTWCQPGDJboPewGjL
JmsrtorcS6VMFgW7lFobIw476sJ9gBaqykyiEkwSV/+kTN0rRLZJDTvzs9a3kwMD
VzVuxNbxig/udxJnOW1yyRCMEIimBui/Apotbhg/FdpIatKvL5X4CEz3ms9b93Dp
8wCUNTuE4zblmNfr09c+bGmD157DwV02C6FfXLBoxMbLaNVkhe2zN6CONHxJDgkk
5UShkHhT8xKclnSpt9Uw77+4T/swcaae02mO9OfqbxnQrBahkQ3GbGy8Qs8uENlh
HAKXuFMRe2BZBmnGPOx1wG0L3kUIBxB/zpZb8ByAGD/xxlvef+QXtznWsqaCes3m
kG8/ndc+0ZpDAlNjsXIXXUrTOFguchS3tjMsivjVfFgt8o4WwcWCmPsoYHNAWNGD
tl31KlRIAtq7elSv1zGq4Bwntg1gUdNk5yqCZBjMflZB3gr4MqRPqu56P/hionpr
KCq+v5IRqUGrJhlExrV9
=FL8R
-----END PGP SIGNATURE-----
More information about the wine-devel
mailing list