From c404c8950d4c4a5ab56e5a1b7b895403cfa0ea18 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 13 Jun 2008 15:30:08 +0200 Subject: Fix a crash in _winreg_QueryValue Coverity ID 474, value_length and type are both unique, not ref pointers and can thus be NULL. Karolin, please merge this to -stable. Thanks, Volker (cherry picked from commit 999533c0ccced59141d8baff5bc248d63e2a966f) (This used to be commit 7e07ec68f15908a998f83d615a1b4d1349935a54) --- source3/rpc_server/srv_winreg_nt.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 7b74871104..84bcf0bf89 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -230,6 +230,10 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r) if ( !regkey ) return WERR_BADFID; + if ((r->out.value_length == NULL) || (r->out.type == NULL)) { + return WERR_INVALID_PARAM; + } + *r->out.value_length = *r->out.type = REG_NONE; DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->key->name)); -- cgit