Memory corruption when reading registry values

multiOTP / multiOTPCredentialProvider

multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support

Apache License 2.0

228 stars 75 forks source link

Memory corruption when reading registry values #86

Closed khaisis closed 9 months ago

khaisis commented 1 year ago

Hi there.

I am getting a memory corruption error in the following two functions.

readKeyValueInMultiOTPRegistry
readRegistryValueString

{ ... dwSize = DWORD(wcslen(defaultValue)); data = (PWSTR)CoTaskMemAlloc(sizeof(wchar_t) (dwSize + 1)); wcscpy_s(*data, 1024, defaultValue); <---- here return dwSize; }

multiOTP commented 11 months ago

Do you have this error while using the credential provider on a Windows computer ?

khaisis commented 11 months ago

Hello, There was an issue in the Windows system's credential provider. A crash occurred when using the wcscpy_s function, as it didn't use the calculated size and instead processed the data buffer with a fixed size (1024).

Additionally, on the system we tested, the "Enable page heap" setting in gflags.exe was enabled, and an error occurred at that location.

multiOTP commented 11 months ago

Thanks for the info, it's going to be corrected in the next release

multiOTP commented 9 months ago

Hello, This is now fixed in version 5.9.7.1 Regards