WinRegistryKey::getInt() bug with uninitialized variable (Util/src/WinRegistryKey.cpp)

 

Discovered in 1.3.6p2 and appears to be unfixed in latest SVN.

 

The size variable passed to RegQueryValueExW() on lines 229 and 232 should be initialized to the size of the output buffer. Not initializing this parameter is incorrect when the data buffer pointer is not NULL, according to Microsoft documentation. Random failures observed in production code as a result of this.

 

Resolution is to change line 225 of Util/src/WinRegistryKey.cpp to be:

 

                DWORD size = sizeof(data);

 

Apologies, don’t have a correct ‘patch’ version of this change.

 

--

Bob Cook
Development Manager

email: bob.cook@sophos.com
tel: 1-604-484-6815

SOPHOS - simply secure