From: Jonathan Vollebregt <jnvsor@gmail.com>
Subject: [v5 06/12] reg.exe: Sanitize key paths in main
Message-Id: <1413571143-11658-6-git-send-email-jnvsor@gmail.com>
Date: Fri, 17 Oct 2014 20:38:57 +0200

Checks against remote host and strips backslashes from the start
and end of the key name to make parsing easier later on
---
 programs/reg/reg.c  | 46 +++++++++++++++++++++++++++++++---------------
 programs/reg/reg.rc |  2 +-
 2 files changed, 32 insertions(+), 16 deletions(-)
 mode change 100644 => 100755 programs/reg/reg.c

diff --git a/programs/reg/reg.c b/programs/reg/reg.c
old mode 100644
new mode 100755
index d299cbf..db52433
--- a/programs/reg/reg.c
+++ b/programs/reg/reg.c
@@ -67,6 +67,25 @@ static int reg_message(int msg)
     return reg_printfW(formatW, msg_buffer);
 }
 
+static WCHAR *sanitize_path(WCHAR *key){
+    int i;
+
+    if (key[0] == '\\')
+        key++;
+
+    if (key[0] == '\\')
+    {
+        reg_message(STRING_NO_REMOTE);
+        return NULL;
+    }
+
+    i = strlenW(key) - 1;
+    while (i >= 0 && key[i] == '\\')
+        key[i--] = 0;
+
+    return key;
+}
+
 static HKEY get_rootkey(LPWSTR key)
 {
     static const WCHAR szHKLM[] = {'H','K','L','M',0};
@@ -173,12 +192,6 @@ static int reg_add(WCHAR *key_name, WCHAR *value_name, BOOL value_empty,
 
     reg_printfW(stubW, key_name, value_name, value_empty, type, data, force);
 
-    if (key_name[0]=='\\' && key_name[1]=='\\')
-    {
-        reg_message(STRING_NO_REMOTE);
-        return 1;
-    }
-
     p = strchrW(key_name,'\\');
     if (!p)
     {
@@ -246,12 +259,6 @@ static int reg_delete(WCHAR *key_name, WCHAR *value_name, BOOL value_empty,
         ,0};
     reg_printfW(stubW, key_name, value_name, value_empty, value_all, force);
 
-    if (key_name[0]=='\\' && key_name[1]=='\\')
-    {
-        reg_message(STRING_NO_REMOTE);
-        return 1;
-    }
-
     p = strchrW(key_name,'\\');
     if (!p)
     {
@@ -407,7 +414,10 @@ int wmain(int argc, WCHAR *argvW[])
             return 0;
         }
 
-        key_name = argvW[2];
+        key_name = sanitize_path(argvW[2]);
+        if (!key_name)
+            return 1;
+
         for (i = 1; i < argc; i++)
         {
             if (!lstrcmpiW(argvW[i], slashVW))
@@ -443,7 +453,10 @@ int wmain(int argc, WCHAR *argvW[])
             return 0;
         }
 
-        key_name = argvW[2];
+        key_name = sanitize_path(argvW[2]);
+        if (!key_name)
+            return 1;
+
         for (i = 1; i < argc; i++)
         {
             if (!lstrcmpiW(argvW[i], slashVW))
@@ -474,7 +487,10 @@ int wmain(int argc, WCHAR *argvW[])
             return 0;
         }
 
-        key_name = argvW[2];
+        key_name = sanitize_path(argvW[2]);
+        if (!key_name)
+            return 1;
+
         for (i = 1; i < argc; i++)
         {
             if (!lstrcmpiW(argvW[i], slashVW))
diff --git a/programs/reg/reg.rc b/programs/reg/reg.rc
index 479912b..6f4c0c8 100644
--- a/programs/reg/reg.rc
+++ b/programs/reg/reg.rc
@@ -33,6 +33,6 @@ STRINGTABLE
     STRING_SUCCESS, "The operation completed successfully\n"
     STRING_INVALID_KEY, "Error: Invalid key name\n"
     STRING_INVALID_CMDLINE, "Error: Invalid command line parameters\n"
-    STRING_NO_REMOTE, "Error: Unable to add keys to remote machine\n"
+    STRING_NO_REMOTE, "Error: Unable to access remote machine\n"
     STRING_CANNOT_FIND, "Error: The system was unable to find the specified registry key or value\n"
 }
-- 
2.1.1