1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix memory overread in registry.rb

Browse Source 
The terminator is not actually getting filled in; we're simply passing
(two) bytes of empty memory as the NUL terminator. This can lead to
garbage characters getting written to registry values.

Fix this by explicitly putting a WCHAR_NUL character into the string to
be sent to the registry API, like we do in the MULTI_SZ case.

[Bug #20096]
This commit is contained in:
KJ Tsanaktsidis 2023-12-28 17:07:45 +11:00
parent 67026af146
commit 051a874325
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/win32/lib/win32/registry.rb
View File

@ -740,14 +740,11 @@ For detail, see the MSDN[http://msdn.microsoft.com/library/en-us/sysinfo/base/pr
# method returns. # method returns.
# #
def write(name, type, data) def write(name, type, data)
termsize = 0
case type case type
when REG_SZ, REG_EXPAND_SZ when REG_SZ, REG_EXPAND_SZ
data = data.encode(WCHAR) data = data.encode(WCHAR) << WCHAR_NUL
termsize = WCHAR_SIZE
when REG_MULTI_SZ when REG_MULTI_SZ
data = data.to_a.map {|s| s.encode(WCHAR)}.join(WCHAR_NUL) << WCHAR_NUL data = data.to_a.map {|s| s.encode(WCHAR)}.join(WCHAR_NUL) << WCHAR_NUL
termsize = WCHAR_SIZE
when REG_BINARY, REG_NONE when REG_BINARY, REG_NONE
data = data.to_s data = data.to_s
when REG_DWORD when REG_DWORD
@ -759,7 +756,7 @@ For detail, see the MSDN[http://msdn.microsoft.com/library/en-us/sysinfo/base/pr
else else
raise TypeError, "Unsupported type #{Registry.type2name(type)}" raise TypeError, "Unsupported type #{Registry.type2name(type)}"
end end
API.SetValue(@hkey, name, type, data, data.bytesize + termsize) API.SetValue(@hkey, name, type, data, data.bytesize)
end end
# #