Skip to content

W
wine-winehq
Commit fb9955da authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

server: Make the registry parser more tolerant about malformed hex values.

parent 12717397
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 10 deletions
server/registry.c
View file @ fb9955da
...@@ -1092,12 +1092,12 @@ static int get_data_type( const char *buffer, int *type, int *parse_type ) ...@@ -1092,12 +1092,12 @@ static int get_data_type( const char *buffer, int *type, int *parse_type )
for (ptr = data_types; ptr->tag; ptr++) for (ptr = data_types; ptr->tag; ptr++)
{ {
if (memcmp( ptr->tag, buffer, ptr->len )) continue; if (strncmp( ptr->tag, buffer, ptr->len )) continue;
*parse_type = ptr->parse_type; *parse_type = ptr->parse_type;
if ((*type = ptr->type) != -1) return ptr->len; if ((*type = ptr->type) != -1) return ptr->len;
/* "hex(xx):" is special */ /* "hex(xx):" is special */
*type = (int)strtoul( buffer + 4, &end, 16 ); *type = (int)strtoul( buffer + 4, &end, 16 );
if ((end <= buffer) || memcmp( end, "):", 2 )) return 0; if ((end <= buffer) || strncmp( end, "):", 2 )) return 0;
return end + 2 - buffer; return end + 2 - buffer;
} }
return 0; return 0;
...@@ -1146,17 +1146,18 @@ static int parse_hex( unsigned char *dest, data_size_t *len, const char *buffer ...@@ -1146,17 +1146,18 @@ static int parse_hex( unsigned char *dest, data_size_t *len, const char *buffer
{ {
const char *p = buffer; const char *p = buffer;
data_size_t count = 0; data_size_t count = 0;
char *end;
while (isxdigit(*p)) while (isxdigit(*p))
{ {
int val; unsigned int val = strtoul( p, &end, 16 );
char buf[3]; if (end == p || val > 0xff) return -1;
memcpy( buf, p, 2 );
buf[2] = 0;
sscanf( buf, "%x", &val );
if (count++ >= *len) return -1; /* dest buffer overflow */ if (count++ >= *len) return -1; /* dest buffer overflow */
*dest++ = (unsigned char )val; *dest++ = val;
p += 2; p = end;
while (isspace(*p)) p++;
if (*p == ',') p++; if (*p == ',') p++;
while (isspace(*p)) p++;
} }
*len = count; *len = count;
return p - buffer; return p - buffer;
...@@ -1227,7 +1228,7 @@ static int load_value( struct key *key, const char *buffer, struct file_load_inf ...@@ -1227,7 +1228,7 @@ static int load_value( struct key *key, const char *buffer, struct file_load_inf
len = 0; len = 0;
for (;;) for (;;)
{ {
maxlen = 1 + strlen(buffer)/3; /* 3 chars for one hex byte */ maxlen = 1 + strlen(buffer) / 2; /* at least 2 chars for one hex byte */
if (!get_file_tmp_space( info, len + maxlen )) return 0; if (!get_file_tmp_space( info, len + maxlen )) return 0;
if ((res = parse_hex( (unsigned char *)info->tmp + len, &maxlen, buffer )) == -1) goto error; if ((res = parse_hex( (unsigned char *)info->tmp + len, &maxlen, buffer )) == -1) goto error;
len += maxlen; len += maxlen;
...@@ -1259,6 +1260,11 @@ static int load_value( struct key *key, const char *buffer, struct file_load_inf ...@@ -1259,6 +1260,11 @@ static int load_value( struct key *key, const char *buffer, struct file_load_inf
error: error:
file_read_error( "Malformed value", info ); file_read_error( "Malformed value", info );
free( value->data );
value->data = NULL;
value->len = 0;
value->type = REG_NONE;
make_dirty( key );
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment