Cope with REG_SZ data not having a trailing NUL.

A user points out that the person who writes a REG_SZ into the
registry can choose whether or not to NUL-terminate it properly, and
if they don't, RegQueryValueEx will retrieve it without the NUL. So if
someone does that to PuTTY's saved session data, then PuTTY may
retrieve nonsense strings.

Arguably this is the fault of whoever tampered with the saved session
data without doing it the same way we would have, but even so, there
ought to be some handling at our end other than silently returning the
wrong data, and putting the NUL back on seems more sensible than
complaining loudly.

[originally from svn r10215]

diff --git a/windows/winstore.c b/windows/winstore.c
index ce5dae61da56070ad8676d309cffd425954e7099..b1058832e99a11da3e48d44216a555da809aca07 100644 (file)
--- a/windows/winstore.c
+++ b/windows/winstore.c
@@ -6,6 +6,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <limits.h>
+#include <assert.h>
 #include "putty.h"
 #include "storage.h"
 
@@ -152,7 +153,7 @@ void *open_settings_r(const char *sessionname)
 
 char *read_setting_s(void *handle, const char *key)
 {
-    DWORD type, size;
+    DWORD type, allocsize, size;
     char *ret;
 
     if (!handle)
@@ -164,13 +165,17 @@ char *read_setting_s(void *handle, const char *key)
        type != REG_SZ)
        return NULL;
 
-    ret = snewn(size+1, char);
+    allocsize = size+1;         /* allow for an extra NUL if needed */
+    ret = snewn(allocsize, char);
     if (RegQueryValueEx((HKEY) handle, key, 0,
                        &type, ret, &size) != ERROR_SUCCESS ||
        type != REG_SZ) {
         sfree(ret);
         return NULL;
     }
+    assert(size < allocsize);
+    ret[size] = '\0'; /* add an extra NUL in case RegQueryValueEx
+                       * didn't supply one */
 
     return ret;
 }