diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2010-03-10 19:49:25 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2010-03-10 19:49:25 +0100 |
commit | 5d10676b3b726a75e2dabe5e8624a7b95b97c424 (patch) | |
tree | 97d5ef82f6c961989ca49555db581bae9c04121f | |
parent | 490c0cefeb3fcbba3e8d38ecec23d3b438d58d92 (diff) | |
download | samba-5d10676b3b726a75e2dabe5e8624a7b95b97c424.tar.gz samba-5d10676b3b726a75e2dabe5e8624a7b95b97c424.tar.bz2 samba-5d10676b3b726a75e2dabe5e8624a7b95b97c424.zip |
s4:winreg RPC - fix up the "QueryValue" call to work against the enhanced torture test
Found out by gd's updated torture test.
-rw-r--r-- | source4/rpc_server/winreg/rpc_winreg.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c index c12c0c52e7..7a33a88e0d 100644 --- a/source4/rpc_server/winreg/rpc_winreg.c +++ b/source4/rpc_server/winreg/rpc_winreg.c @@ -491,19 +491,23 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call, case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: case SECURITY_USER: + if ((r->in.type == NULL) || (r->in.data_length == NULL) || + (r->in.data_size == NULL)) { + return WERR_INVALID_PARAM; + } + result = reg_key_get_value_by_name(mem_ctx, key, r->in.value_name->name, &value_type, &value_data); if (!W_ERROR_IS_OK(result)) { /* if the lookup wasn't successful, send client query back */ - value_type = 0; - if (r->in.type != NULL) { - value_type = *r->in.type; - } + value_type = *r->in.type; value_data.data = r->in.data; - value_data.length = 0; - if (r->in.data_length != NULL) { - value_data.length = *r->in.data_length; + value_data.length = *r->in.data_length; + } else { + if ((r->in.data != NULL) + && (*r->in.data_size < value_data.length)) { + return WERR_MORE_DATA; } } |