[PATCH 2/3] regedit: Validate REG_SZ import data before processing it any further
Alexandre Julliard
julliard at winehq.org
Wed Apr 12 12:07:37 CDT 2017
Hugh McMaster <hugh.mcmaster at outlook.com> writes:
> @@ -390,6 +390,25 @@ static const WCHAR *reg_type_to_wchar(DWORD type)
> return NULL;
> }
>
> +static BOOL validate_reg_sz_data(WCHAR *str)
> +{
> + WCHAR *p, *end;
> +
> + if (!*str || !(p = strchrW(str, '"')))
> + return FALSE;
> +
> + while (*p && *(p - 1) == '\\')
> + p = strchrW(++p, '"');
The backslash could have been escaped, you have to check the whole
string.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list