From 94d2b4742c358e15d336d4a48e2c1354efa5de5c Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Tue, 3 Dec 2019 08:30:36 +0100 Subject: [PATCH] kernelbase: Fix assumptions about 0-size output buffer in ntdll Unicode conversion functions. Signed-off-by: Alexandre Julliard --- dlls/kernelbase/file.c | 21 ++++++++++++++++++--- dlls/kernelbase/registry.c | 16 +++++++++------- dlls/kernelbase/string.c | 3 +-- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/dlls/kernelbase/file.c b/dlls/kernelbase/file.c index 77a73985806..23ca5629a32 100644 --- a/dlls/kernelbase/file.c +++ b/dlls/kernelbase/file.c @@ -292,10 +292,25 @@ DWORD file_name_WtoA( LPCWSTR src, INT srclen, LPSTR dest, INT destlen ) DWORD ret; if (srclen < 0) srclen = lstrlenW( src ) + 1; - if (oem_file_apis) - RtlUnicodeToOemN( dest, destlen, &ret, src, srclen * sizeof(WCHAR) ); + if (!destlen) + { + if (oem_file_apis) + { + UNICODE_STRING strW; + strW.Buffer = (WCHAR *)src; + strW.Length = srclen * sizeof(WCHAR); + ret = RtlUnicodeStringToOemSize( &strW ) - 1; + } + else + RtlUnicodeToMultiByteSize( &ret, src, srclen * sizeof(WCHAR) ); + } else - RtlUnicodeToMultiByteN( dest, destlen, &ret, src, srclen * sizeof(WCHAR) ); + { + if (oem_file_apis) + RtlUnicodeToOemN( dest, destlen, &ret, src, srclen * sizeof(WCHAR) ); + else + RtlUnicodeToMultiByteN( dest, destlen, &ret, src, srclen * sizeof(WCHAR) ); + } return ret; } diff --git a/dlls/kernelbase/registry.c b/dlls/kernelbase/registry.c index d3364dbcee0..1fee41ec5ec 100644 --- a/dlls/kernelbase/registry.c +++ b/dlls/kernelbase/registry.c @@ -915,7 +915,7 @@ LSTATUS WINAPI RegQueryInfoKeyA( HKEY hkey, LPSTR class, LPDWORD class_len, LPDW NTSTATUS status; char buffer[256], *buf_ptr = buffer; KEY_FULL_INFORMATION *info = (KEY_FULL_INFORMATION *)buffer; - DWORD total_size, len; + DWORD total_size; TRACE( "(%p,%p,%d,%p,%p,%p,%p,%p,%p,%p,%p)\n", hkey, class, class_len ? *class_len : 0, reserved, subkeys, max_subkey, values, max_value, max_data, security, modif ); @@ -940,19 +940,21 @@ LSTATUS WINAPI RegQueryInfoKeyA( HKEY hkey, LPSTR class, LPDWORD class_len, LPDW if (status) goto done; - len = 0; - if (class && class_len) len = *class_len; - RtlUnicodeToMultiByteN( class, len, class_len, - (WCHAR *)(buf_ptr + info->ClassOffset), info->ClassLength ); - if (len) + if (class && class_len && *class_len) { - if (*class_len + 1 > len) + DWORD len = *class_len; + RtlUnicodeToMultiByteN( class, len, class_len, + (WCHAR *)(buf_ptr + info->ClassOffset), info->ClassLength ); + if (*class_len == len) { status = STATUS_BUFFER_OVERFLOW; *class_len -= 1; } class[*class_len] = 0; } + else if (class_len) + RtlUnicodeToMultiByteSize( class_len, + (WCHAR *)(buf_ptr + info->ClassOffset), info->ClassLength ); } else status = STATUS_SUCCESS; diff --git a/dlls/kernelbase/string.c b/dlls/kernelbase/string.c index 7bea47942eb..668fd4fa37c 100644 --- a/dlls/kernelbase/string.c +++ b/dlls/kernelbase/string.c @@ -1382,8 +1382,7 @@ INT WINAPI DECLSPEC_HOTPATCH LoadStringA(HINSTANCE instance, UINT resource_id, L while (id--) p += *p + 1; - if (buflen != 1) - RtlUnicodeToMultiByteN(buffer, buflen - 1, &retval, p + 1, *p * sizeof(WCHAR)); + RtlUnicodeToMultiByteN(buffer, buflen - 1, &retval, p + 1, *p * sizeof(WCHAR)); } buffer[retval] = 0; TRACE("returning %s\n", debugstr_a(buffer));