merge revision(s) 051a874325c177e040301878069c2b28f5d06ce6: [Backport #20096]

Fix memory overread in registry.rb The terminator is not actually getting filled in; we're simply passing (two) bytes of empty memory as the NUL terminator. This can lead to garbage characters getting written to registry values. Fix this by explicitly putting a WCHAR_NUL character into the string to be sent to the registry API, like we do in the MULTI_SZ case. [Bug #20096] --- ext/win32/lib/win32/registry.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-)
author: nagachika <nagachika@ruby-lang.org> 2024-01-18 11:53:29 +0900
committer: nagachika <nagachika@ruby-lang.org> 2024-01-18 11:53:29 +0900
commit: 5dae6eb55e9785c8329708e55a49a280a344cdc1 (patch)
tree: fd271fc47dccb4c36c5577812bdaaac9c95c6c87
parent: a26b41bf7a2db69b0889ed599f568a4ba2529eba (diff)
2 files changed, 3 insertions, 6 deletions
diff --git a/ext/win32/lib/win32/registry.rb b/ext/win32/lib/win32/registry.rb
index b5b99ff684..16a08310ad 100644
--- a/ext/win32/lib/win32/registry.rb
+++ b/ext/win32/lib/win32/registry.rb
@@ -740,14 +740,11 @@ For detail, see the MSDN[http://msdn.microsoft.com/library/en-us/sysinfo/base/pr
     # method returns.
     #
     def write(name, type, data)
-      termsize = 0
       case type
       when REG_SZ, REG_EXPAND_SZ
-        data = data.encode(WCHAR)
-        termsize = WCHAR_SIZE
+        data = data.encode(WCHAR) << WCHAR_NUL
       when REG_MULTI_SZ
         data = data.to_a.map {|s| s.encode(WCHAR)}.join(WCHAR_NUL) << WCHAR_NUL
-        termsize = WCHAR_SIZE
       when REG_BINARY, REG_NONE
         data = data.to_s
       when REG_DWORD
@@ -759,7 +756,7 @@ For detail, see the MSDN[http://msdn.microsoft.com/library/en-us/sysinfo/base/pr
       else
         raise TypeError, "Unsupported type #{Registry.type2name(type)}"
       end
-      API.SetValue(@hkey, name, type, data, data.bytesize + termsize)
+      API.SetValue(@hkey, name, type, data, data.bytesize)
     end
 
     #
diff --git a/version.h b/version.h
index 41525ce8f0..cba974cb82 100644
--- a/version.h
+++ b/version.h
@@ -11,7 +11,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 2
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 153
+#define RUBY_PATCHLEVEL 154
 
 #include "ruby/version.h"
 #include "ruby/internal/abi.h"
author	nagachika <nagachika@ruby-lang.org>	2024-01-18 11:53:29 +0900
committer	nagachika <nagachika@ruby-lang.org>	2024-01-18 11:53:29 +0900
commit	5dae6eb55e9785c8329708e55a49a280a344cdc1 (patch)
tree	fd271fc47dccb4c36c5577812bdaaac9c95c6c87
parent	a26b41bf7a2db69b0889ed599f568a4ba2529eba (diff)