Dmitry Timoshkov dmitry@baikal.ru writes:
diff --git a/server/registry.c b/server/registry.c index b00abdbc004..ebe11db1039 100644 --- a/server/registry.c +++ b/server/registry.c @@ -127,7 +127,7 @@ static const timeout_t save_period = 30 * -TICKS_PER_SEC; /* delay between peri static struct timeout_user *save_timeout_user; /* saving timer */ static enum prefix_type { PREFIX_UNKNOWN, PREFIX_32BIT, PREFIX_64BIT } prefix_type;
-static const WCHAR root_name[] = { '\','R','e','g','i','s','t','r','y','\' }; +static const WCHAR root_name[] = { '\','R','e','g','i','s','t','r','y' }; static const WCHAR wow6432node[] = {'W','o','w','6','4','3','2','N','o','d','e'}; static const WCHAR symlink_value[] = {'S','y','m','b','o','l','i','c','L','i','n','k','V','a','l','u','e'}; static const struct unicode_str symlink_str = { symlink_value, sizeof(symlink_value) }; @@ -411,7 +411,7 @@ static WCHAR *key_get_full_name( struct object *obj, data_size_t *ret_len ) { static const WCHAR backslash = '\'; struct key *key = (struct key *) obj;
- data_size_t len = sizeof(root_name) - sizeof(WCHAR);
data_size_t len = sizeof(root_name); char *ret;
if (key->flags & KEY_DELETED)
@@ -431,7 +431,7 @@ static WCHAR *key_get_full_name( struct object *obj, data_size_t *ret_len ) len -= key->namelen + sizeof(WCHAR); memcpy( ret + len, &backslash, sizeof(WCHAR) ); }
- memcpy( ret, root_name, sizeof(root_name) - sizeof(WCHAR) );
- memcpy( ret, root_name, sizeof(root_name) ); return (WCHAR *)ret;
}
@@ -483,6 +483,11 @@ static inline void get_req_path( struct unicode_str *str, int skip_root ) { str->str += ARRAY_SIZE( root_name ); str->len -= sizeof(root_name);
if (str->str[0] == '\\'){str->str++;str->len -= sizeof(WCHAR);}
You need to check the length first, and you need to reject anything that isn't a backslash at that point.
I feel that using the normal path handling also for the first component, possibly creating a root key of that name, would be a better approach.