windows/registry: allow for non-null terminated strings
According to MSDN, "If the data has the REG_SZ, REG_MULTI_SZ or
REG_EXPAND_SZ type, this size includes any terminating null character or
characters unless the data was stored without them. [...] If the data
has the REG_SZ, REG_MULTI_SZ or REG_EXPAND_SZ type, the string may not
have been stored with the proper terminating null characters. Therefore,
even if the function returns ERROR_SUCCESS, the application should
ensure that the string is properly terminated before using it;
otherwise, it may overwrite a buffer."
It's therefore dangerous to pass it off unbounded as we do, and in fact
this led to crashes on real systems.
Change-Id: I2ab324e85f75dc3e4d6d62fec3b96937fec77510
Reviewed-on: https://go-review.googlesource.com/c/sys/+/202957
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
diff --git a/windows/registry/value.go b/windows/registry/value.go
index 7487e05..d332d83 100644
--- a/windows/registry/value.go
+++ b/windows/registry/value.go
@@ -108,7 +108,7 @@
if len(data) == 0 {
return "", typ, nil
}
- u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:]
+ u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:len(data)/2]
return syscall.UTF16ToString(u), typ, nil
}
