From 1e178ffc03456064bfd2ec330b9b6b6217c8561d Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Date: Sat, 13 Sep 2008 14:26:08 +0200
Subject: Registry client library: Fix some buffer problems

This buffer maximum values are used in Windows (2000), so I take them also for SAMBA 4.
---
 source4/lib/registry/rpc.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'source4')

diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c
index 2792bd556b..7469bb60d8 100644
--- a/source4/lib/registry/rpc.c
+++ b/source4/lib/registry/rpc.c
@@ -21,6 +21,9 @@
 #include "registry.h"
 #include "librpc/gen_ndr/ndr_winreg_c.h"
 
+#define MAX_NAMESIZE 512
+#define MAX_VALSIZE 32768
+
 struct rpc_key {
 	struct registry_key key;
 	struct policy_handle pol;
@@ -245,7 +248,8 @@ static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx,
 	struct winreg_EnumValue r;
 	struct winreg_StringBuf name;
 	uint8_t value;
-	uint32_t zero = 0, zero2 = 0;
+	uint32_t val_size = MAX_VALSIZE;
+	uint32_t zero = 0;
 	WERROR error;
 	NTSTATUS status;
 
@@ -254,7 +258,7 @@ static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx,
 		if(!W_ERROR_IS_OK(error)) return error;
 	}
 
-	chars_to_winreg_StringBuf(mem_ctx, &name, "", mykeydata->max_valbufsize);
+	chars_to_winreg_StringBuf(mem_ctx, &name, "", MAX_NAMESIZE);
 
 	ZERO_STRUCT(r);
 	r.in.handle = &mykeydata->pol;
@@ -262,12 +266,12 @@ static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx,
 	r.in.name = &name;
 	r.in.type = type;
 	r.in.value = &value;
-	r.in.size = &mykeydata->max_valbufsize;
+	r.in.size = &val_size;
 	r.in.length = &zero;
 	r.out.name = &name;
 	r.out.type = type;
 	r.out.value = &value;
-	r.out.size = &zero2;
+	r.out.size = &val_size;
 	r.out.length = &zero;
 
 	status = dcerpc_winreg_EnumValue(mykeydata->pipe, mem_ctx, &r);
@@ -297,7 +301,7 @@ static WERROR rpc_get_subkey_by_index(TALLOC_CTX *mem_ctx,
 	NTTIME change_time = 0;
 	NTSTATUS status;
 
-	chars_to_winreg_StringBuf(mem_ctx, &namebuf, " ", 1024);
+	chars_to_winreg_StringBuf(mem_ctx, &namebuf, " ", MAX_NAMESIZE);
 	chars_to_winreg_StringBuf(mem_ctx, &classbuf, NULL, 0);
 
 	ZERO_STRUCT(r);
-- 
cgit