summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2009-11-03 00:47:37 +0100
committerMichael Adam <obnox@samba.org>2009-11-03 01:02:38 +0100
commitf6f2151a3947cc105481c64a31d2405f239948cc (patch)
treed3ff2c3d72e2d4aaf2f3e98187699b1f04abe5c0
parent25bdf27eaa634f9e54e6252397942beb46f07db5 (diff)
downloadsamba-f6f2151a3947cc105481c64a31d2405f239948cc.tar.gz
samba-f6f2151a3947cc105481c64a31d2405f239948cc.tar.bz2
samba-f6f2151a3947cc105481c64a31d2405f239948cc.zip
s3:registry: add safety check for return value of tdb_unpack to regdb_fetch_keys_internal()
Prevents segfaults in some situations. (For a non existent or empty record, we sometimes rely on the fetch operation to return dsize==0 and sometimes we rely on dptr==NULL.) Michael
-rw-r--r--source3/registry/reg_backend_db.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c
index 2b6259c03a..2cd3593537 100644
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -1470,6 +1470,10 @@ static WERROR regdb_fetch_keys_internal(struct db_context *db, const char *key,
buf = value.dptr;
buflen = value.dsize;
len = tdb_unpack( buf, buflen, "d", &num_items);
+ if (len == (uint32_t)-1) {
+ werr = WERR_NOT_FOUND;
+ goto done;
+ }
werr = regsubkey_ctr_reinit(ctr);
W_ERROR_NOT_OK_GOTO_DONE(werr);