From 53bf42e6b339f7ed00535fc6915737b3959eac89 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 23 Oct 2019 22:34:22 +0200 Subject: [PATCH] windows/registry: allow for non-null terminated strings According to MSDN, "If the data has the REG_SZ, REG_MULTI_SZ or REG_EXPAND_SZ type, this size includes any terminating null character or characters unless the data was stored without them. [...] If the data has the REG_SZ, REG_MULTI_SZ or REG_EXPAND_SZ type, the string may not have been stored with the proper terminating null characters. Therefore, even if the function returns ERROR_SUCCESS, the application should ensure that the string is properly terminated before using it; otherwise, it may overwrite a buffer." It's therefore dangerous to pass it off unbounded as we do, and in fact this led to crashes on real systems. Change-Id: I2ab324e85f75dc3e4d6d62fec3b96937fec77510 Reviewed-on: https://go-review.googlesource.com/c/sys/+/202957 Run-TryBot: Jason A. Donenfeld TryBot-Result: Gobot Gobot Reviewed-by: Alex Brainman --- windows/registry/value.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/registry/value.go b/windows/registry/value.go index 7487e05f..d332d837 100644 --- a/windows/registry/value.go +++ b/windows/registry/value.go @@ -108,7 +108,7 @@ func (k Key) GetStringValue(name string) (val string, valtype uint32, err error) if len(data) == 0 { return "", typ, nil } - u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:] + u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:len(data)/2] return syscall.UTF16ToString(u), typ, nil }