Guard registry handling against out-of-bounds reads by ensuring all r…

…ead strings are NULL terminated

Closes: java-native-access#340

CHANGES.md

@@ -26,6 +26,7 @@ Bug Fixes
 * [#887](https://github.com/java-native-access/jna/issues/887): MacFileUtils.moveToTrash() doesn't work in a sandboxed app fix suggested by [@sobakasu](https://github.com/sobakasu) - [@matthiasblaesing](https://github.com/matthiasblaesing).
 * [#894](https://github.com/java-native-access/jna/issues/894): NullPointerException can be caused by calling `com.sun.jna.platform.win32.COM.util.ProxyObject#dispose` multiple times - [@matthiasblaesing](https://github.com/matthiasblaesing).
 * [#925](https://github.com/java-native-access/jna/issues/925): Optimize `Structure#validate` and prevent `ArrayIndexOutOfBoundsException` in `SAFEARRAY#read` for zero dimensions - [@matthiasblaesing](https://github.com/matthiasblaesing).
+* [#340](https://github.com/java-native-access/jna/issues/340): Guard registry handling against out-of-bounds reads by ensuring all read strings are NULL terminated - [@matthiasblaesing](https://github.com/matthiasblaesing).
 
 Breaking Changes
 ----------------

contrib/platform/src/com/sun/jna/platform/win32/Advapi32.java

@@ -975,12 +975,21 @@ int RegQueryValueEx(HKEY hKey, String lpValueName, int lpReserved,
      *         the function fails, the return value is a nonzero error code
      *         defined in Winerror.h.
      */
+    int RegSetValueEx(HKEY hKey, String lpValueName, int Reserved,
+                  int dwType, Pointer lpData, int cbData);
+
+    /**
+     * See {@link #RegSetValueEx(com.sun.jna.platform.win32.WinReg.HKEY, java.lang.String, int, int, com.sun.jna.Pointer, int) }
+     */
     int RegSetValueEx(HKEY hKey, String lpValueName, int Reserved,
                       int dwType, char[] lpData, int cbData);
 
+    /**
+     * See {@link #RegSetValueEx(com.sun.jna.platform.win32.WinReg.HKEY, java.lang.String, int, int, com.sun.jna.Pointer, int) }
+     */
     int RegSetValueEx(HKEY hKey, String lpValueName, int Reserved,
                       int dwType, byte[] lpData, int cbData);
-
+    
     /**
      *
      * @param hKey registry key
@@ -1101,6 +1110,13 @@ int RegEnumKeyEx(HKEY hKey, int dwIndex, char[] lpName,
      *         the function fails, the return value is a nonzero error code
      *         defined in Winerror.h.
      */
+    int RegEnumValue(HKEY hKey, int dwIndex, char[] lpValueName,
+                     IntByReference lpcchValueName, IntByReference reserved,
+                     IntByReference lpType, Pointer lpData, IntByReference lpcbData);
+
+    /**
+     * See {@link #RegEnumValue(com.sun.jna.platform.win32.WinReg.HKEY, int, char[], com.sun.jna.ptr.IntByReference, com.sun.jna.ptr.IntByReference, com.sun.jna.ptr.IntByReference, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference)}.
+     */
     int RegEnumValue(HKEY hKey, int dwIndex, char[] lpValueName,
                      IntByReference lpcchValueName, IntByReference reserved,
                      IntByReference lpType, byte[] lpData, IntByReference lpcbData);
@@ -1294,10 +1310,17 @@ int RegQueryInfoKey(HKEY hKey, char[] lpClass,
      *            receive the value, the function returns ERROR_MORE_DATA.
      * @return status
      */
+    int RegGetValue(HKEY hkey, String lpSubKey, String lpValue,
+                    int dwFlags, IntByReference pdwType, Pointer pvData,
+                    IntByReference pcbData);
+
+    /**
+     * See {@link #RegGetValue(com.sun.jna.platform.win32.WinReg.HKEY, java.lang.String, java.lang.String, int, com.sun.jna.ptr.IntByReference, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference)}.
+     */
     int RegGetValue(HKEY hkey, String lpSubKey, String lpValue,
                     int dwFlags, IntByReference pdwType, byte[] pvData,
                     IntByReference pcbData);
-
+    
     /**
      * Retrieves a registered handle to the specified event log.
      *