summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/utils/editreg.c34
1 files changed, 21 insertions, 13 deletions
diff --git a/source3/utils/editreg.c b/source3/utils/editreg.c
index f95ec29727..67dc06cf5d 100644
--- a/source3/utils/editreg.c
+++ b/source3/utils/editreg.c
@@ -960,17 +960,24 @@ SK_MAP *alloc_sk_map_entry(REGF *regf, KEY_SEC_DESC *tmp, int sk_off)
}
else { /* Simply allocate a new slot, unless we have to expand the list */
int index = regf->sk_count;
- if (regf->sk_count == regf->sk_map_size) {
- regf->sk_map = (SK_MAP *)realloc(regf->sk_map, regf->sk_map_size + 10);
+ if (regf->sk_count >= regf->sk_map_size) {
+ regf->sk_map = (SK_MAP *)realloc(regf->sk_map,
+ (regf->sk_map_size + 10)*sizeof(SK_MAP));
if (!regf->sk_map) {
free(tmp);
return NULL;
}
- index++;
+ /*
+ * Index already points at the first entry of the new block
+ */
+ regf->sk_map_size += 10;
}
(regf->sk_map)[index].sk_off = sk_off;
(regf->sk_map)[index].key_sec_desc = tmp;
regf->sk_count++;
+ if (regf->sk_map[2].key_sec_desc == 0x19) { /* Take us over */
+ fprintf(stderr, "%0x\n", regf->sk_map[7].key_sec_desc->sec_desc);
+ }
}
return regf->sk_map;
}
@@ -1022,7 +1029,7 @@ KEY_SEC_DESC *lookup_create_sec_key(REGF *regf, SK_MAP *sk_map, int sk_off)
}
/*
- * Allocate storage and uplicate a SID
+ * Allocate storage and duplicate a SID
* We could allocate the SID to be only the size needed, but I am too lazy.
*/
DOM_SID *dup_sid(DOM_SID *sid)
@@ -1036,7 +1043,7 @@ DOM_SID *dup_sid(DOM_SID *sid)
for (i=0; i<6; i++) {
tmp->auth[i] = sid->auth[i];
}
- for (i=0; i<tmp->auths; i++) {
+ for (i=0; i<tmp->auths&&i<MAXSUBAUTHS; i++) {
tmp->sub_auths[i] = sid->sub_auths[i];
}
return tmp;
@@ -1053,7 +1060,7 @@ ACE *dup_ace(REG_ACE *ace)
if (!tmp) return NULL;
- tmp->type = CVAL(&ace->flags);
+ tmp->type = CVAL(&ace->type);
tmp->flags = CVAL(&ace->flags);
tmp->perms = IVAL(&ace->perms);
tmp->trustee = dup_sid(&ace->trustee);
@@ -1080,6 +1087,7 @@ ACL *dup_acl(REG_ACL *acl)
ace = (REG_ACE *)&acl->aces;
for (i=0; i<num_aces; i++) {
tmp->aces[i] = dup_ace(ace);
+ ace = (REG_ACE *)((char *)ace + SVAL(&ace->length));
/* XXX: FIXME, should handle malloc errors */
}
@@ -1098,12 +1106,12 @@ SEC_DESC *process_sec_desc(REGF *regf, REG_SEC_DESC *sec_desc)
tmp->rev = SVAL(&sec_desc->rev);
tmp->type = SVAL(&sec_desc->type);
- tmp->owner = dup_sid((DOM_SID *)(sec_desc + IVAL(&sec_desc->owner_off)));
+ tmp->owner = dup_sid((DOM_SID *)((char *)sec_desc + IVAL(&sec_desc->owner_off)));
if (!tmp->owner) {
free(tmp);
return NULL;
}
- tmp->group = dup_sid((DOM_SID *)(sec_desc + IVAL(&sec_desc->owner_off)));
+ tmp->group = dup_sid((DOM_SID *)((char *)sec_desc + IVAL(&sec_desc->group_off)));
if (!tmp->group) {
free(tmp);
return NULL;
@@ -1112,12 +1120,12 @@ SEC_DESC *process_sec_desc(REGF *regf, REG_SEC_DESC *sec_desc)
/* Now pick up the SACL and DACL */
if (sec_desc->sacl_off)
- tmp->sacl = dup_acl((REG_ACL *)(sec_desc + IVAL(&sec_desc->sacl_off)));
+ tmp->sacl = dup_acl((REG_ACL *)((char *)sec_desc + IVAL(&sec_desc->sacl_off)));
else
tmp->sacl = NULL;
if (sec_desc->dacl_off)
- tmp->dacl = dup_acl((REG_ACL *)(sec_desc + IVAL(&sec_desc->dacl_off)));
+ tmp->dacl = dup_acl((REG_ACL *)((char *)sec_desc + IVAL(&sec_desc->dacl_off)));
else
tmp->dacl = NULL;
@@ -1203,7 +1211,7 @@ KEY_SEC_DESC *process_sk(REGF *regf, SK_HDR *sk_hdr, int sk_off, int size)
sk_prev_off = IVAL(&sk_hdr->prev_off);
tmp->prev = lookup_create_sec_key(regf, regf->sk_map, sk_prev_off);
assert(tmp->prev != NULL);
- sk_next_off = IVAL(&sk_hdr->prev_off);
+ sk_next_off = IVAL(&sk_hdr->next_off);
tmp->next = lookup_create_sec_key(regf, regf->sk_map, sk_next_off);
assert(tmp->next != NULL);
@@ -1636,9 +1644,9 @@ int print_sec(SEC_DESC *sec_desc)
{
fprintf(stdout, " SECURITY\n");
- fprintf(stdout, " Owner: \n");
+ fprintf(stdout, " Owner: ");
print_sid(sec_desc->owner);
- fprintf(stdout, " Group: \n");
+ fprintf(stdout, " Group: ");
print_sid(sec_desc->group);
return 1;
}