r6995: * fixing segfault when writing out registry values of zero length

* add RegSaveKey() client function
* add 'net rpc registry save' subcommand
(This used to be commit f35e0a0a8d8df5c39e61ebd34c4aecbc5c9bb635)

4 files changed, 47 insertions, 13 deletions

diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index ab6be77f18..6049b9bdd6 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -1653,8 +1653,11 @@ static BOOL create_vk_record( REGF_FILE *file, REGF_VK_REC *vk, REGISTRY_VALUE *
 		vk->data_off = prs_offset( &data_hbin->ps ) + data_hbin->first_hbin_off - HBIN_HDR_SIZE;
 	}
 	else {
+		/* make sure we don't try to copy from a NULL value pointer */
+
+		if ( vk->data_size != 0 ) 
+			memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
 		vk->data_size |= VK_DATA_IN_OFFSET;		
-		memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
 	}
 
 	return True;
diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c
index 164bdd3129..74866e4b8e 100644
--- a/source3/rpc_client/cli_reg.c
+++ b/source3/rpc_client/cli_reg.c
@@ -651,6 +651,31 @@ WERROR cli_reg_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	return out.status;
 }
 
+/****************************************************************************
+do a REG Query Info
+****************************************************************************/
+WERROR cli_reg_save_key( struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                         POLICY_HND *hnd, const char *filename )
+{
+	REG_Q_SAVE_KEY in;
+	REG_R_SAVE_KEY out;
+	prs_struct qbuf, rbuf;
+
+	ZERO_STRUCT (in);
+	ZERO_STRUCT (out);
+	
+	init_q_reg_save_key( &in, hnd, filename );
+
+	CLI_DO_RPC( cli, mem_ctx, PI_WINREG, REG_SAVE_KEY, 
+	            in, out, 
+	            qbuf, rbuf,
+	            reg_io_q_save_key,
+	            reg_io_r_save_key,
+	            WERR_GENERAL_FAILURE );
+
+	return out.status;
+}
+
 
 /* 
  #################################################################
diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c
index ce23d15a11..7e8ae03039 100644
--- a/source3/rpc_parse/parse_reg.c
+++ b/source3/rpc_parse/parse_reg.c
@@ -621,6 +621,16 @@ BOOL reg_io_r_restore_key(const char *desc,  REG_R_RESTORE_KEY *r_u, prs_struct
 }
 
 /*******************************************************************
+********************************************************************/
+
+void init_q_reg_save_key( REG_Q_SAVE_KEY *q_u, POLICY_HND *handle, const char *fname )
+{
+	memcpy(&q_u->pol, handle, sizeof(q_u->pol));
+	init_unistr4( &q_u->filename, fname, UNI_STR_TERMINATE );
+	q_u->sec_attr = NULL;
+}
+
+/*******************************************************************
 reads or writes a structure.
 ********************************************************************/
 
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 53378fadef..f97f67a13b 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -198,7 +198,7 @@ static int rpc_registry_enumerate( int argc, const char **argv )
 /********************************************************************
 ********************************************************************/
 
-static NTSTATUS rpc_registry_backup_internal( const DOM_SID *domain_sid, const char *domain_name, 
+static NTSTATUS rpc_registry_save_internal( const DOM_SID *domain_sid, const char *domain_name, 
                                            struct cli_state *cli, TALLOC_CTX *mem_ctx, 
                                            int argc, const char **argv )
 {
@@ -206,7 +206,6 @@ static NTSTATUS rpc_registry_backup_internal( const DOM_SID *domain_sid, const c
 	uint32 hive;
 	pstring subpath;
 	POLICY_HND pol_hive, pol_key; 
-	REGF_FILE *regfile;
 	
 	if (argc != 2 ) {
 		d_printf("Usage:    net rpc backup <path> <file> \n");
@@ -232,17 +231,14 @@ static NTSTATUS rpc_registry_backup_internal( const DOM_SID *domain_sid, const c
 		return werror_to_ntstatus(result);
 	}
 	
-	/* open the file */
-	
-	if ( !(regfile = regfio_open( argv[1], (O_RDWR|O_CREAT|O_TRUNC), 0600 )) ) {
-		d_printf("Unable to open registry file [%s]\n", argv[1]);
-		return werror_to_ntstatus(WERR_GENERAL_FAILURE);
+	result = cli_reg_save_key( cli, mem_ctx, &pol_key, argv[1] );
+	if ( !W_ERROR_IS_OK(result) ) {
+		d_printf("Unable to save [%s] to %s:%s\n", argv[0], cli->desthost, argv[1]);
 	}
 	
 	
 	/* cleanup */
 	
-	regfio_close( regfile );
 	cli_reg_close( cli, mem_ctx, &pol_key );
 	cli_reg_close( cli, mem_ctx, &pol_hive );
 
@@ -252,10 +248,10 @@ static NTSTATUS rpc_registry_backup_internal( const DOM_SID *domain_sid, const c
 /********************************************************************
 ********************************************************************/
 
-static int rpc_registry_backup( int argc, const char **argv )
+static int rpc_registry_save( int argc, const char **argv )
 {
 	return run_rpc_command( NULL, PI_WINREG, 0, 
-		rpc_registry_backup_internal, argc, argv );
+		rpc_registry_save_internal, argc, argv );
 }
 
 
@@ -467,7 +463,7 @@ static int rpc_registry_copy( int argc, const char **argv )
 static int net_help_registry( int argc, const char **argv )
 {
 	d_printf("net rpc registry enumerate <path> [recurse]  Enumerate the subkeya and values for a given registry path\n");
-	d_printf("net rpc registry backup <path> <file>        Backup a registry tree to a local file\n");
+	d_printf("net rpc registry save <path> <file>          Backup a registry tree to a file on the server\n");
 	d_printf("net rpc registry dump <file>                 Dump the contents of a registry file to stdout\n");
 	
 	return -1;
@@ -480,7 +476,7 @@ int net_rpc_registry(int argc, const char **argv)
 {
 	struct functable func[] = {
 		{"enumerate", rpc_registry_enumerate},
-		{"backup",    rpc_registry_backup},
+		{"save",      rpc_registry_save},
 		{"dump",      rpc_registry_dump},
 		{"copy",      rpc_registry_copy},
 		{NULL, NULL}