[PATCH 1/4] regedit: Validate REG_SZ import data before processing it any further (v2)
Alexandre Julliard
julliard at winehq.org
Thu Apr 20 12:11:18 CDT 2017
Hugh McMaster <hugh.mcmaster at outlook.com> writes:
> Signed-off-by: Hugh McMaster <hugh.mcmaster at outlook.com>
> ---
> programs/regedit/regproc.c | 6 ++++++
> programs/regedit/tests/regedit.c | 14 +++++++-------
> 2 files changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/programs/regedit/regproc.c b/programs/regedit/regproc.c
> index 96c4564..ccd9ebe 100644
> --- a/programs/regedit/regproc.c
> +++ b/programs/regedit/regproc.c
> @@ -293,6 +293,12 @@ static int REGPROC_unescape_string(WCHAR* str)
> str[val_idx] = str[str_idx];
> break;
> }
> + } else if (str[str_idx] == '"') {
> + WCHAR *p = str + str_idx + 1;
> + while (*p == ' ' || *p == '\t') p++;
> + if (*p && *p != ';') return 0;
> + str[val_idx++] = str[str_idx];
> + break;
That would work, but it seems to me that the comment check would be
better in the caller, so that you can use the same code for validating
value names.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list