From f57cd1f63c900a7b17955cc7e11cd1f6b6b12474 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 27 Nov 2006 07:52:46 +0000
Subject: r19914: The "default" value with the name "" need different 0-length
 treatment as the other StringBufs, otherwise clicking on a key with this
 value being set leads to regedit.exe on w2k3 chew all memory. (This used to
 be commit b148cde7f39859102288a87b6f0bd2b250947a85)

---
 source3/librpc/idl/winreg.idl | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'source3/librpc/idl/winreg.idl')

diff --git a/source3/librpc/idl/winreg.idl b/source3/librpc/idl/winreg.idl
index a69079bf8e..c4907a199f 100644
--- a/source3/librpc/idl/winreg.idl
+++ b/source3/librpc/idl/winreg.idl
@@ -140,7 +140,6 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 		[size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name;
 	} winreg_StringBuf;
 
-
 	/******************/
 	/* Function: 0x09 */
 	WERROR winreg_EnumKey(
@@ -151,13 +150,22 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 		[in,out,unique] NTTIME           *last_changed_time
 	);
 
+	typedef struct {
+		[value(strlen_m_term(name)*2)] uint16 length; 
+		/* size cannot be auto-set by value() as it is the
+		   amount of space the server is allowed to use for this
+		   string in the reply, not its current size */
+		uint16 size;
+		[size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name;
+	} winreg_ValNameBuf;
+
 	/******************/
 	/* Function: 0x0a */
 
 	WERROR winreg_EnumValue(
 		[in,ref]        policy_handle *handle,
 		[in]            uint32 enum_index,
-		[in,out,ref]    winreg_StringBuf *name,
+		[in,out,ref]    winreg_ValNameBuf *name,
 		[in,out,unique] winreg_Type *type,
 		[in,out,unique,size_is(*data_size),length_is(*value_length)] uint8 *data,
 		[in,out,unique] uint32 *data_size,
-- 
cgit