Re: [PATCH 0/2] MR5812: odbccp32: SQLWritePrivateProfileStringW check for existing DSN first

Jinoh Kang (@iamahuman) commented about dlls/odbccp32/odbccp32.c:

static HKEY get_privateprofile_sectionkey(LPCWSTR section, LPCWSTR filename) {

• HKEY hkey, hkeyfilename, hkeysection;

• HKEY hkeysection; LONG ret;
• WCHAR regpath[256];

• if (RegOpenKeyW(HKEY_CURRENT_USER, odbcW, &hkey))

•    return NULL;
  

• wcscpy(regpath, L"Software\ODBC\");
• wcscat(regpath, filename);
• wcscat(regpath, L"\");
• wcscat(regpath, section);

This looks very easy to overrun.