diff options
author | Michael Adam <obnox@samba.org> | 2009-11-03 00:47:37 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2009-11-03 01:02:38 +0100 |
commit | f6f2151a3947cc105481c64a31d2405f239948cc (patch) | |
tree | d3ff2c3d72e2d4aaf2f3e98187699b1f04abe5c0 | |
parent | 25bdf27eaa634f9e54e6252397942beb46f07db5 (diff) | |
download | samba-f6f2151a3947cc105481c64a31d2405f239948cc.tar.gz samba-f6f2151a3947cc105481c64a31d2405f239948cc.tar.bz2 samba-f6f2151a3947cc105481c64a31d2405f239948cc.zip |
s3:registry: add safety check for return value of tdb_unpack to regdb_fetch_keys_internal()
Prevents segfaults in some situations.
(For a non existent or empty record, we sometimes rely on the fetch operation
to return dsize==0 and sometimes we rely on dptr==NULL.)
Michael
-rw-r--r-- | source3/registry/reg_backend_db.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index 2b6259c03a..2cd3593537 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -1470,6 +1470,10 @@ static WERROR regdb_fetch_keys_internal(struct db_context *db, const char *key, buf = value.dptr; buflen = value.dsize; len = tdb_unpack( buf, buflen, "d", &num_items); + if (len == (uint32_t)-1) { + werr = WERR_NOT_FOUND; + goto done; + } werr = regsubkey_ctr_reinit(ctr); W_ERROR_NOT_OK_GOTO_DONE(werr); |