8 Jun
2024
8 Jun
'24
10 a.m.
Jinoh Kang (@iamahuman) commented about dlls/odbccp32/odbccp32.c:
static HKEY get_privateprofile_sectionkey(LPCWSTR section, LPCWSTR filename) { - HKEY hkey, hkeyfilename, hkeysection; + HKEY hkeysection; LONG ret; + WCHAR regpath[256];
- if (RegOpenKeyW(HKEY_CURRENT_USER, odbcW, &hkey)) - return NULL; + wcscpy(regpath, L"Software\\ODBC\\"); + wcscat(regpath, filename); + wcscat(regpath, L"\\"); + wcscat(regpath, section);
This looks very easy to overrun. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/5812#note_72775