From 3c25e5ec38bdee9fd1e21e2d328f2802b2e86275 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 23 Oct 2019 22:27:29 +0200 Subject: [PATCH] internal/syscall/windows/registry: allow for non-null terminated strings According to MSDN, "If the data has the REG_SZ, REG_MULTI_SZ or REG_EXPAND_SZ type, this size includes any terminating null character or characters unless the data was stored without them. [...] If the data has the REG_SZ, REG_MULTI_SZ or REG_EXPAND_SZ type, the string may not have been stored with the proper terminating null characters. Therefore, even if the function returns ERROR_SUCCESS, the application should ensure that the string is properly terminated before using it; otherwise, it may overwrite a buffer." It's therefore dangerous to pass it off unbounded as we do, and in fact this led to crashes on real systems. Change-Id: I6d786211814656f036b87fd78631466634cd764a Reviewed-on: https://go-review.googlesource.com/c/go/+/202937 Run-TryBot: Jason A. Donenfeld TryBot-Result: Gobot Gobot Reviewed-by: Alex Brainman --- src/internal/syscall/windows/registry/value.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal/syscall/windows/registry/value.go b/src/internal/syscall/windows/registry/value.go index 71d4e15bab1..f8431d2c0f2 100644 --- a/src/internal/syscall/windows/registry/value.go +++ b/src/internal/syscall/windows/registry/value.go @@ -108,7 +108,7 @@ func (k Key) GetStringValue(name string) (val string, valtype uint32, err error) if len(data) == 0 { return "", typ, nil } - u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:] + u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:len(data)/2] return syscall.UTF16ToString(u), typ, nil }