valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 17:45:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix wrong error code returned when querying the Windows registry (#5621)

Browse Source 
Calling GetLastError() will not return the error code for the Windows registry APIs,
since they return a LSTATUS value which already the error code.

This also fixes the RegistryTablesTest.test_registry_non_existing_key
test case which was incorrectly expecting success when querying
for a non-existent registry key.

Ported from https://github.com/osql/osql/pull/50
This commit is contained in:
Stefano Bonicatti 2019-07-01 22:23:02 +02:00 committed by Alessandro Gario
parent d6a2f2f1df
commit e7fde8ad8e
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
osquery/tables/system/windows/registry.cpp
View File

@ -248,7 +248,7 @@ Status queryKey(const std::string& keyPath, QueryData& results) {
reg_handle_t hRegistryHandle(hkey, closeRegHandle);
if (ret != ERROR_SUCCESS) {
return Status(GetLastError(), "Failed to open registry handle");
return Status(ret, "Failed to open registry handle");
}
const DWORD maxKeyLength = 255;
@ -272,7 +272,7 @@ Status queryKey(const std::string& keyPath, QueryData& results) {
nullptr,
&ftLastWriteTime);
if (retCode != ERROR_SUCCESS) {
return Status(GetLastError(), "Failed to query registry info for key");
return Status(retCode, "Failed to query registry info for key");
}
auto achKey = std::make_unique<TCHAR[]>(maxKeyLength);
DWORD cbName;
@ -290,7 +290,7 @@ Status queryKey(const std::string& keyPath, QueryData& results) {
nullptr,
&ftLastWriteTime);
if (retCode != ERROR_SUCCESS) {
return Status(GetLastError(), "Failed to enumerate registry key");
return Status(retCode, "Failed to enumerate registry key");
}
Row r;
@ -325,7 +325,7 @@ Status queryKey(const std::string& keyPath, QueryData& results) {
nullptr,
nullptr);
if (retCode != ERROR_SUCCESS) {
return Status(GetLastError(), "Failed to enumerate registry values");
return Status(retCode, "Failed to enumerate registry values");
}
DWORD lpData = cbMaxValueData;
@ -338,7 +338,7 @@ Status queryKey(const std::string& keyPath, QueryData& results) {
bpDataBuff.get(),
&lpData);
if (retCode != ERROR_SUCCESS) {
return Status(GetLastError(), "Failed to query registry value");
return Status(retCode, "Failed to query registry value");
}
// It's possible for registry entries to have been inserted incorrectly

2
tests/unit/tables/system/windows/registry_tests.cpp
View File

@ -35,7 +35,7 @@ TEST_F(RegistryTablesTest, test_registry_existing_key) {
TEST_F(RegistryTablesTest, test_registry_non_existing_key) {
QueryData results;
auto ret = queryKey(kInvalidTestKey, results);
EXPECT_TRUE(ret.ok());
EXPECT_FALSE(ret.ok());
EXPECT_TRUE(results.size() == 0);
}