From 5dae6eb55e9785c8329708e55a49a280a344cdc1 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@ruby-lang.org>
Date: Thu, 18 Jan 2024 11:53:29 +0900
Subject: merge revision(s) 051a874325c177e040301878069c2b28f5d06ce6: [Backport
 #20096]

	Fix memory overread in registry.rb

	The terminator is not actually getting filled in; we're simply passing
	(two) bytes of empty memory as the NUL terminator. This can lead to
	garbage characters getting written to registry values.

	Fix this by explicitly putting a WCHAR_NUL character into the string to
	be sent to the registry API, like we do in the MULTI_SZ case.

	[Bug #20096]
	---
	 ext/win32/lib/win32/registry.rb | 7 ++-----
	 1 file changed, 2 insertions(+), 5 deletions(-)
---
 ext/win32/lib/win32/registry.rb | 7 ++-----
 version.h                       | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/ext/win32/lib/win32/registry.rb b/ext/win32/lib/win32/registry.rb
index b5b99ff684..16a08310ad 100644
--- a/ext/win32/lib/win32/registry.rb
+++ b/ext/win32/lib/win32/registry.rb
@@ -740,14 +740,11 @@ For detail, see the MSDN[http://msdn.microsoft.com/library/en-us/sysinfo/base/pr
     # method returns.
     #
     def write(name, type, data)
-      termsize = 0
       case type
       when REG_SZ, REG_EXPAND_SZ
-        data = data.encode(WCHAR)
-        termsize = WCHAR_SIZE
+        data = data.encode(WCHAR) << WCHAR_NUL
       when REG_MULTI_SZ
         data = data.to_a.map {|s| s.encode(WCHAR)}.join(WCHAR_NUL) << WCHAR_NUL
-        termsize = WCHAR_SIZE
       when REG_BINARY, REG_NONE
         data = data.to_s
       when REG_DWORD
@@ -759,7 +756,7 @@ For detail, see the MSDN[http://msdn.microsoft.com/library/en-us/sysinfo/base/pr
       else
         raise TypeError, "Unsupported type #{Registry.type2name(type)}"
       end
-      API.SetValue(@hkey, name, type, data, data.bytesize + termsize)
+      API.SetValue(@hkey, name, type, data, data.bytesize)
     end
 
     #
diff --git a/version.h b/version.h
index 41525ce8f0..cba974cb82 100644
--- a/version.h
+++ b/version.h
@@ -11,7 +11,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 2
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 153
+#define RUBY_PATCHLEVEL 154
 
 #include "ruby/version.h"
 #include "ruby/internal/abi.h"
-- 
cgit v1.2.3