The branch, master has been updated via eeb05bf... s4:winreg RPC - don't crash when incoming data wasn't correctly specified via bb507d1... s4:lib/registry/ldb.c - fix up registry backend to be more robust from 41be390... Fix the shell script in the root case. When run as root, make test now detects CAP_DAC_OVERRIDE being left on in error.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit eeb05bf746b0eeeba94fe51180e0ebf855c6967a Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Wed Mar 10 09:22:42 2010 +0100 s4:winreg RPC - don't crash when incoming data wasn't correctly specified Also found by the WINREG torture test enhancements by gd. commit bb507d1d49917fcdeebb8fc3c40b6fabf4055b7d Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Wed Mar 10 09:10:53 2010 +0100 s4:lib/registry/ldb.c - fix up registry backend to be more robust This should let the new WINREG tests written by gd at least pass against us. ----------------------------------------------------------------------- Summary of changes: source4/lib/registry/ldb.c | 14 +++++--------- source4/rpc_server/winreg/rpc_winreg.c | 10 ++++++++-- 2 files changed, 13 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c index 12722c9..a27c94e 100644 --- a/source4/lib/registry/ldb.c +++ b/source4/lib/registry/ldb.c @@ -183,11 +183,7 @@ static struct ldb_dn *reg_path_to_ldb(TALLOC_CTX *mem_ctx, local_ctx = talloc_new(mem_ctx); - if (add) { - ret = ldb_dn_new(mem_ctx, ldb, add); - } else { - ret = ldb_dn_new(mem_ctx, ldb, NULL); - } + ret = ldb_dn_new(mem_ctx, ldb, add); if (!ldb_dn_validate(ret)) { talloc_free(ret); talloc_free(local_ctx); @@ -202,7 +198,7 @@ static struct ldb_dn *reg_path_to_ldb(TALLOC_CTX *mem_ctx, if (begin) keyname = begin + 1; else keyname = mypath; - if(strlen(keyname)) { + if (keyname[0] != '\0') { if (!ldb_dn_add_base_fmt(ret, "key=%s", reg_ldb_escape(local_ctx, keyname))) @@ -373,7 +369,7 @@ static WERROR ldb_get_value(TALLOC_CTX *mem_ctx, struct hive_key *k, int ret; char *query; - if (strlen(name) == 0) { + if ((name == NULL) || (name[0] == '\0')) { /* default value */ return ldb_get_default_value(mem_ctx, k, NULL, data_type, data); } else { @@ -531,7 +527,7 @@ static WERROR ldb_del_value (struct hive_key *key, const char *child) struct ldb_message *msg; struct ldb_dn *childdn; - if (strlen(child) == 0) { + if ((child == NULL) || (child[0] == '\0')) { /* default value */ mem_ctx = talloc_init("ldb_del_value"); @@ -707,7 +703,7 @@ static WERROR ldb_set_value(struct hive_key *parent, msg = reg_ldb_pack_value(kd->ldb, mem_ctx, name, type, data); msg->dn = ldb_dn_copy(msg, kd->dn); - if (name[0] != '\0') { + if ((name != NULL) && (name[0] != '\0')) { /* For a default value, we add/overwrite the attributes to/of the hive. For a normal value, we create a new child. */ if (!ldb_dn_add_child_fmt(msg->dn, "value=%s", diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c index 13c311c..c12c0c5 100644 --- a/source4/rpc_server/winreg/rpc_winreg.c +++ b/source4/rpc_server/winreg/rpc_winreg.c @@ -496,9 +496,15 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call, if (!W_ERROR_IS_OK(result)) { /* if the lookup wasn't successful, send client query back */ - value_type = *r->in.type; + value_type = 0; + if (r->in.type != NULL) { + value_type = *r->in.type; + } value_data.data = r->in.data; - value_data.length = *r->in.data_length; + value_data.length = 0; + if (r->in.data_length != NULL) { + value_data.length = *r->in.data_length; + } } r->out.type = talloc(mem_ctx, uint32_t); -- Samba Shared Repository