diff options
| author | wilco@baanhofman.nl <wilco@baanhofman.nl> | 2010-07-26 20:13:22 +0200 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2010-09-19 12:34:54 -0700 |
| commit | d0cef92532f7c943e1c70d49ed96f090235b928e (patch) | |
| tree | 43767bd56569d7eda2f432f56228ffb84642f437 | |
| parent | 2c3f56098b0322db2e74e860a0f236fde9f74bbc (diff) | |
| download | samba-d0cef92532f7c943e1c70d49ed96f090235b928e.tar.gz samba-d0cef92532f7c943e1c70d49ed96f090235b928e.tar.bz2 samba-d0cef92532f7c943e1c70d49ed96f090235b928e.zip | |
Fix crash when no subkeys exist. Fix writing outside of buffer error by regf backend.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
| -rw-r--r-- | source4/lib/registry/regf.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/source4/lib/registry/regf.c b/source4/lib/registry/regf.c index cfbaaddf54..4d995ae90c 100644 --- a/source4/lib/registry/regf.c +++ b/source4/lib/registry/regf.c @@ -110,7 +110,7 @@ static DATA_BLOB hbin_get(const struct regf_data *data, uint32_t offset) hbin = hbin_by_offset(data, offset, &rel_offset); if (hbin == NULL) { - DEBUG(1, ("Can't find HBIN containing 0x%04x\n", offset)); + DEBUG(1, ("Can't find HBIN at 0x%04x\n", offset)); return ret; } @@ -314,7 +314,7 @@ static void hbin_free (struct regf_data *data, uint32_t offset) size = -size; /* If the next block is free, merge into big free block */ - if (rel_offset + size < hbin->offset_to_next) { + if (rel_offset + size < hbin->offset_to_next - 0x20) { next_size = IVALS(hbin->data, rel_offset+size); if (next_size > 0) { size += next_size; @@ -606,6 +606,11 @@ static WERROR regf_get_subkey_by_index(TALLOC_CTX *ctx, if (idx >= nk->num_subkeys) return WERR_NO_MORE_ITEMS; + /* Make sure that we don't crash if the key is empty */ + if (nk->subkeys_offset == -1) { + return WERR_NO_MORE_ITEMS; + } + data = hbin_get(private_data->hive, nk->subkeys_offset); if (!data.data) { DEBUG(0, ("Unable to find subkey list\n")); @@ -845,6 +850,11 @@ static WERROR regf_get_subkey_by_name(TALLOC_CTX *ctx, struct nk_block *nk = private_data->nk; uint32_t key_off = 0; + /* Make sure that we don't crash if the key is empty */ + if (nk->subkeys_offset == -1) { + return WERR_BADFILE; + } + data = hbin_get(private_data->hive, nk->subkeys_offset); if (!data.data) { DEBUG(0, ("Unable to find subkey list\n")); @@ -1764,6 +1774,7 @@ static WERROR regf_add_key(TALLOC_CTX *ctx, const struct hive_key *parent, *ret = (struct hive_key *)regf_get_key(ctx, regf, offset); + DEBUG(9, ("Storing key %s\n", name)); return regf_save_hbin(private_data->hive); } |