diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2008-09-13 14:26:08 +0200 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2008-09-21 23:17:59 +0200 |
commit | 1e178ffc03456064bfd2ec330b9b6b6217c8561d (patch) | |
tree | 71778f06915fee47635440541fc44fda053b837c | |
parent | c1fef1fabf03e9c2f412b03d9f8cd314a5d34760 (diff) | |
download | samba-1e178ffc03456064bfd2ec330b9b6b6217c8561d.tar.gz samba-1e178ffc03456064bfd2ec330b9b6b6217c8561d.tar.bz2 samba-1e178ffc03456064bfd2ec330b9b6b6217c8561d.zip |
Registry client library: Fix some buffer problems
This buffer maximum values are used in Windows (2000), so I take them also for SAMBA 4.
-rw-r--r-- | source4/lib/registry/rpc.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c index 2792bd556b..7469bb60d8 100644 --- a/source4/lib/registry/rpc.c +++ b/source4/lib/registry/rpc.c @@ -21,6 +21,9 @@ #include "registry.h" #include "librpc/gen_ndr/ndr_winreg_c.h" +#define MAX_NAMESIZE 512 +#define MAX_VALSIZE 32768 + struct rpc_key { struct registry_key key; struct policy_handle pol; @@ -245,7 +248,8 @@ static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx, struct winreg_EnumValue r; struct winreg_StringBuf name; uint8_t value; - uint32_t zero = 0, zero2 = 0; + uint32_t val_size = MAX_VALSIZE; + uint32_t zero = 0; WERROR error; NTSTATUS status; @@ -254,7 +258,7 @@ static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx, if(!W_ERROR_IS_OK(error)) return error; } - chars_to_winreg_StringBuf(mem_ctx, &name, "", mykeydata->max_valbufsize); + chars_to_winreg_StringBuf(mem_ctx, &name, "", MAX_NAMESIZE); ZERO_STRUCT(r); r.in.handle = &mykeydata->pol; @@ -262,12 +266,12 @@ static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx, r.in.name = &name; r.in.type = type; r.in.value = &value; - r.in.size = &mykeydata->max_valbufsize; + r.in.size = &val_size; r.in.length = &zero; r.out.name = &name; r.out.type = type; r.out.value = &value; - r.out.size = &zero2; + r.out.size = &val_size; r.out.length = &zero; status = dcerpc_winreg_EnumValue(mykeydata->pipe, mem_ctx, &r); @@ -297,7 +301,7 @@ static WERROR rpc_get_subkey_by_index(TALLOC_CTX *mem_ctx, NTTIME change_time = 0; NTSTATUS status; - chars_to_winreg_StringBuf(mem_ctx, &namebuf, " ", 1024); + chars_to_winreg_StringBuf(mem_ctx, &namebuf, " ", MAX_NAMESIZE); chars_to_winreg_StringBuf(mem_ctx, &classbuf, NULL, 0); ZERO_STRUCT(r); |