From 60ad907b99ceca0dbeab6123dcc0a44d8bfad29d Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Sat, 31 Oct 2020 18:13:36 +0100
Subject: api: check buffer overflows in runtime

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 api/registry.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'api/registry.c')

diff --git a/api/registry.c b/api/registry.c
index 1428165..82e3020 100644
--- a/api/registry.c
+++ b/api/registry.c
@@ -62,15 +62,11 @@ OpenKeyWait(_In_ HKEY Key, _Inout_z_ WCHAR *Path, _In_ DWORD Access, _In_ ULONGL
 }
 
 WINTUN_STATUS
-RegistryOpenKeyWait(
-    _In_ HKEY Key,
-    _In_z_count_c_(MAX_REG_PATH) const WCHAR *Path,
-    _In_ DWORD Access,
-    _In_ DWORD Timeout,
-    _Out_ HKEY *KeyOut)
+RegistryOpenKeyWait(_In_ HKEY Key, _In_z_ const WCHAR *Path, _In_ DWORD Access, _In_ DWORD Timeout, _Out_ HKEY *KeyOut)
 {
     WCHAR Buf[MAX_REG_PATH];
-    wcscpy_s(Buf, _countof(Buf), Path);
+    if (wcsncpy_s(Buf, _countof(Buf), Path, _TRUNCATE) == STRUNCATE)
+        return LOG(WINTUN_LOG_ERR, L"Registry path too long"), ERROR_INVALID_PARAMETER;
     return OpenKeyWait(Key, Buf, Access, GetTickCount64() + Timeout, KeyOut);
 }
 
-- 
cgit v1.2.3-59-g8ed1b