From 9fffd12799239219a276b1ca83319d1340d97232 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Aug 2005 01:25:58 +0000 Subject: r9338: fixed the winreg IDL to be correct for the EnumKey and EnumValue calls. The previous IDL was just a workaround for the limitations of our older rpc infrastructure. Now that Jelmer has added much improved string support using the charset keyword we can correctly implemenent the unusual winreg string buffers. Jelmer, note the little comment I put on winreg_StringBuf() about why I couldn't use [value()] for the length field. This also fixes EnumKey() and EnumValue() to use NTTIME fields for the last_changed_time. I don't know why we were using a pair of uint32's, as it is just a NTTIME. (This used to be commit 8354b016122cc4f3cff042b3ada1de07e1614eb7) --- source4/rpc_server/winreg/rpc_winreg.c | 50 ++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 12 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c index 050df29727..431323d1b6 100644 --- a/source4/rpc_server/winreg/rpc_winreg.c +++ b/source4/rpc_server/winreg/rpc_winreg.c @@ -166,11 +166,13 @@ static WERROR winreg_EnumKey(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem r->out.result = reg_key_get_subkey_by_index(mem_ctx, (struct registry_key *)h->data, r->in.enum_index, &key); if (W_ERROR_IS_OK(r->out.result)) { - r->out.key_name_len = strlen(key->name); - r->out.out_name = talloc_zero(mem_ctx, struct winreg_EnumKeyNameResponse); - r->out.out_name->name = key->name; - r->out.class = talloc_zero(mem_ctx, struct winreg_String); - r->out.last_changed_time = talloc_zero(mem_ctx, struct winreg_Time); + if (2*strlen_m(key->name) > r->in.name->size) { + return WERR_MORE_DATA; + } + r->out.name->length = 2*strlen_m(key->name); + r->out.name->name = key->name; + r->out.class = talloc_zero(mem_ctx, struct winreg_StringBuf); + r->out.last_changed_time = &key->last_mod; } return r->out.result; @@ -196,14 +198,38 @@ static WERROR winreg_EnumValue(struct dcesrv_call_state *dce_call, TALLOC_CTX *m if (!W_ERROR_IS_OK(result)) { return result; } + + /* the client can optionally pass a NULL for type, meaning they don't + want that back */ + if (r->in.type != NULL) { + r->out.type = talloc(mem_ctx, uint32_t); + *r->out.type = value->data_type; + } + + /* check the client has enough room for the value */ + if (r->in.size != NULL && + value->data_len > *r->in.size) { + return WERR_MORE_DATA; + } - r->out.type = talloc(mem_ctx, uint32_t); - *r->out.type = value->data_type; - r->out.name_out.name = value->name; - r->out.value = value->data_blk; - r->out.size = talloc(mem_ctx, uint32_t); - r->out.length = r->out.size; - *r->out.size = value->data_len; + /* and enough room for the name */ + if (r->in.name->size < 2*strlen_m(value->name)) { + return WERR_MORE_DATA; + } + + r->out.name->name = value->name; + r->out.name->length = 2*strlen_m(value->name); + r->out.name->size = 2*strlen_m(value->name); + + if (r->in.value) { + r->out.value = value->data_blk; + } + + if (r->in.size) { + r->out.size = talloc(mem_ctx, uint32_t); + *r->out.size = value->data_len; + r->out.length = r->out.size; + } return WERR_OK; } -- cgit