HKEY hkMSV10;
HKEY hkClient;
DWORD dwType;
- DWORD dwSize;
+ DWORD dwSize, dwAllocSize;
DWORD dwValue;
PBYTE pHostNames = NULL, pName = NULL;
BOOL bNameFound = FALSE;
{
if (RegQueryValueEx( hkMSV10, "BackConnectionHostNames", 0,
&dwType, NULL, &dwSize) == ERROR_SUCCESS) {
- dwSize += strlen(cm_NetbiosName) + 1;
- pHostNames = malloc(dwSize);
+ dwAllocSize += 1 /* in case the source string is not nul terminated */
+ + strlen(cm_NetbiosName) + 2;
+ pHostNames = malloc(dwAllocSize);
+ dwSize = dwAllocSize;
if (RegQueryValueEx( hkMSV10, "BackConnectionHostNames", 0, &dwType,
pHostNames, &dwSize) == ERROR_SUCCESS) {
- for (pName = pHostNames; *pName ; pName += strlen(pName) + 1)
+ for (pName = pHostNames;
+ (pName - pHostNames < dwSize) && *pName ;
+ pName += strlen(pName) + 1)
{
if ( !stricmp(pName, cm_NetbiosName) ) {
bNameFound = TRUE;
size_t size = strlen(cm_NetbiosName) + 2;
if ( !pHostNames ) {
pHostNames = malloc(size);
- dwSize = size;
pName = pHostNames;
}
StringCbCopyA(pName, size, cm_NetbiosName);
*pName = '\0'; /* add a second nul terminator */
dwType = REG_MULTI_SZ;
+ dwSize = pName - pHostNames + 1;
RegSetValueEx( hkMSV10, "BackConnectionHostNames", 0, dwType, pHostNames, dwSize);
if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE,
projects / packages / o / openafs.git / commitdiff