Hi Paul,
+static LONG WINTRUST_WriteSingleUsageEntry(CHAR* OID,
Any reason that can't be LPCSTR OID instead? That will remove some cast-qual warnings I think.
+ WCHAR UsageKey[MAX_PATH]; (snip) + /* Turn OID into a wide-character string */ + Len = MultiByteToWideChar( CP_ACP, 0, OID, -1, NULL, 0 ); + OIDW = HeapAlloc( GetProcessHeap(), 0, Len * sizeof(WCHAR) ); + MultiByteToWideChar( CP_ACP, 0, OID, -1, OIDW, Len ); + lstrcatW(UsageKey, OIDW);
This could overflow UsageKey. It would be better to allocate UsageKey as sizeof(Trust) + sizeof(Usages) + Len * sizeof(WCHAR), then concatenate the strings into it. I'm not sure whether there's a maximum length for a registry key, but it's certainly longer than MAX_PATH if it exists.
+ if (Res != ERROR_SUCCESS) goto error_close_key; + +error_close_key: + RegCloseKey(Key);
This goto is unnecessary, the target of the branch is the next instruction anyway.
Thanks, --Juan
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com