On 19/07/15 21:10, Nikolay Sivov wrote:
Based on patch by Alistair Leslie-Hughes
Here is a modified version of the patch you sent.
This patch includes test cases for SQLGetPrivateProfileStringW. There was an error in my logic with the entry parameter which I have also corrected. When the entry parameter is NULL, it returns the list of keys, in the format keyname\0keyname\0.
I've tested two application which now work correctly with the attached patch.
Happy to hear any feedback.
Best Regards Alistair.
On 20.07.2015 12:53, Alistair Leslie-Hughes wrote:
else{WCHAR name[MAX_PATH];DWORD index = 0;DWORD namelen;usedefault = FALSE;memset(buff, 0, buff_len);namelen = sizeof(name);while (RegEnumValueW(sectionkey, index, name, &namelen, NULL, NULL, NULL, NULL ) == ERROR_SUCCESS){lstrcpyW(buff+ret, name);ret += namelen+1;namelen = sizeof(name);index++;}}
In this new case you unconditionally write to 'buff' without checking if you already exceeded 'buff_len'. Also memset of whole buffer looks suspicious and I don't see anything in tests that proves it.
-
Alistair Leslie-Hughes -
Nikolay Sivov