From 63ca94c4199d17b28b82a3f7165bb223703fafc9 Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Thu, 9 Nov 2006 12:03:21 +0100 Subject: [PATCH] kernel32: Fixed buffer overrun in get_registry_locale_info. --- dlls/kernel32/locale.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/dlls/kernel32/locale.c b/dlls/kernel32/locale.c index dd687ed4e58..9a72a4cea87 100644 --- a/dlls/kernel32/locale.c +++ b/dlls/kernel32/locale.c @@ -804,7 +804,6 @@ static INT get_registry_locale_info( LPCWSTR value, LPWSTR buffer, INT len ) } status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &size ); - if (status == STATUS_BUFFER_OVERFLOW && !buffer) status = 0; if (!status) { @@ -825,14 +824,18 @@ static INT get_registry_locale_info( LPCWSTR value, LPWSTR buffer, INT len ) buffer[ret-1] = 0; } } + else if (status == STATUS_BUFFER_OVERFLOW && !buffer) + { + ret = (size - info_size) / sizeof(WCHAR) + 1; + } + else if (status == STATUS_OBJECT_NAME_NOT_FOUND) + { + ret = -1; + } else { - if (status == STATUS_OBJECT_NAME_NOT_FOUND) ret = -1; - else - { - SetLastError( RtlNtStatusToDosError(status) ); - ret = 0; - } + SetLastError( RtlNtStatusToDosError(status) ); + ret = 0; } NtClose( hkey ); HeapFree( GetProcessHeap(), 0, info ); -- 2.11.4.GIT