summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorwilco@baanhofman.nl <wilco@baanhofman.nl>2010-07-26 20:13:22 +0200
committerJelmer Vernooij <jelmer@samba.org>2010-09-19 12:34:54 -0700
commitd0cef92532f7c943e1c70d49ed96f090235b928e (patch)
tree43767bd56569d7eda2f432f56228ffb84642f437 /source4
parent2c3f56098b0322db2e74e860a0f236fde9f74bbc (diff)
downloadsamba-d0cef92532f7c943e1c70d49ed96f090235b928e.tar.gz
samba-d0cef92532f7c943e1c70d49ed96f090235b928e.tar.bz2
samba-d0cef92532f7c943e1c70d49ed96f090235b928e.zip
Fix crash when no subkeys exist. Fix writing outside of buffer error by regf backend.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/lib/registry/regf.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/source4/lib/registry/regf.c b/source4/lib/registry/regf.c
index cfbaaddf54..4d995ae90c 100644
--- a/source4/lib/registry/regf.c
+++ b/source4/lib/registry/regf.c
@@ -110,7 +110,7 @@ static DATA_BLOB hbin_get(const struct regf_data *data, uint32_t offset)
hbin = hbin_by_offset(data, offset, &rel_offset);
if (hbin == NULL) {
- DEBUG(1, ("Can't find HBIN containing 0x%04x\n", offset));
+ DEBUG(1, ("Can't find HBIN at 0x%04x\n", offset));
return ret;
}
@@ -314,7 +314,7 @@ static void hbin_free (struct regf_data *data, uint32_t offset)
size = -size;
/* If the next block is free, merge into big free block */
- if (rel_offset + size < hbin->offset_to_next) {
+ if (rel_offset + size < hbin->offset_to_next - 0x20) {
next_size = IVALS(hbin->data, rel_offset+size);
if (next_size > 0) {
size += next_size;
@@ -606,6 +606,11 @@ static WERROR regf_get_subkey_by_index(TALLOC_CTX *ctx,
if (idx >= nk->num_subkeys)
return WERR_NO_MORE_ITEMS;
+ /* Make sure that we don't crash if the key is empty */
+ if (nk->subkeys_offset == -1) {
+ return WERR_NO_MORE_ITEMS;
+ }
+
data = hbin_get(private_data->hive, nk->subkeys_offset);
if (!data.data) {
DEBUG(0, ("Unable to find subkey list\n"));
@@ -845,6 +850,11 @@ static WERROR regf_get_subkey_by_name(TALLOC_CTX *ctx,
struct nk_block *nk = private_data->nk;
uint32_t key_off = 0;
+ /* Make sure that we don't crash if the key is empty */
+ if (nk->subkeys_offset == -1) {
+ return WERR_BADFILE;
+ }
+
data = hbin_get(private_data->hive, nk->subkeys_offset);
if (!data.data) {
DEBUG(0, ("Unable to find subkey list\n"));
@@ -1764,6 +1774,7 @@ static WERROR regf_add_key(TALLOC_CTX *ctx, const struct hive_key *parent,
*ret = (struct hive_key *)regf_get_key(ctx, regf, offset);
+ DEBUG(9, ("Storing key %s\n", name));
return regf_save_hbin(private_data->hive);
}