Cope with REG_SZ data not having a trailing NUL.

A user points out that the person who writes a REG_SZ into the
registry can choose whether or not to NUL-terminate it properly, and
if they don't, RegQueryValueEx will retrieve it without the NUL. So if
someone does that to PuTTY's saved session data, then PuTTY may
retrieve nonsense strings.

Arguably this is the fault of whoever tampered with the saved session
data without doing it the same way we would have, but even so, there
ought to be some handling at our end other than silently returning the
wrong data, and putting the NUL back on seems more sensible than
complaining loudly.

[originally from svn r10215]

windows/winstore.c

@@ -6,6 +6,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <limits.h>
+#include <assert.h>
 #include "putty.h"
 #include "storage.h"
 
@@ -152,7 +153,7 @@ void *open_settings_r(const char *sessionname)
 
 char *read_setting_s(void *handle, const char *key)
 {
-    DWORD type, size;
+    DWORD type, allocsize, size;
     char *ret;
 
     if (!handle)
@@ -164,13 +165,17 @@ char *read_setting_s(void *handle, const char *key)
 	type != REG_SZ)
 	return NULL;
 
-    ret = snewn(size+1, char);
+    allocsize = size+1;         /* allow for an extra NUL if needed */
+    ret = snewn(allocsize, char);
     if (RegQueryValueEx((HKEY) handle, key, 0,
 			&type, ret, &size) != ERROR_SUCCESS ||
 	type != REG_SZ) {
         sfree(ret);
         return NULL;
     }
+    assert(size < allocsize);
+    ret[size] = '\0'; /* add an extra NUL in case RegQueryValueEx
+                       * didn't supply one */
 
     return ret;
 }