The branch, master has been updated
via 5d10676... s4:winreg RPC - fix up the "QueryValue" call to work
against the enhanced torture test
via 490c0ce... s4:registry/ldb.c - if "name" isn't set we should return
WERR_INVALID_PARAM
from 667e8d8... nsswitch: build libnss_winbind.so with SOVERSION = 2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5d10676b3b726a75e2dabe5e8624a7b95b97c424
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Wed Mar 10 19:49:25 2010 +0100
s4:winreg RPC - fix up the "QueryValue" call to work against the enhanced
torture test
Found out by gd's updated torture test.
commit 490c0cefeb3fcbba3e8d38ecec23d3b438d58d92
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Wed Mar 10 09:47:02 2010 +0100
s4:registry/ldb.c - if "name" isn't set we should return WERR_INVALID_PARAM
-----------------------------------------------------------------------
Summary of changes:
source4/lib/registry/ldb.c | 6 +++++-
source4/rpc_server/winreg/rpc_winreg.c | 18 +++++++++++-------
2 files changed, 16 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c
index a27c94e..0213c54 100644
--- a/source4/lib/registry/ldb.c
+++ b/source4/lib/registry/ldb.c
@@ -369,7 +369,11 @@ static WERROR ldb_get_value(TALLOC_CTX *mem_ctx, struct
hive_key *k,
int ret;
char *query;
- if ((name == NULL) || (name[0] == '\0')) {
+ if (name == NULL) {
+ return WERR_INVALID_PARAM;
+ }
+
+ if (name[0] == '\0') {
/* default value */
return ldb_get_default_value(mem_ctx, k, NULL, data_type, data);
} else {
diff --git a/source4/rpc_server/winreg/rpc_winreg.c
b/source4/rpc_server/winreg/rpc_winreg.c
index c12c0c5..7a33a88 100644
--- a/source4/rpc_server/winreg/rpc_winreg.c
+++ b/source4/rpc_server/winreg/rpc_winreg.c
@@ -491,19 +491,23 @@ static WERROR dcesrv_winreg_QueryValue(struct
dcesrv_call_state *dce_call,
case SECURITY_SYSTEM:
case SECURITY_ADMINISTRATOR:
case SECURITY_USER:
+ if ((r->in.type == NULL) || (r->in.data_length == NULL) ||
+ (r->in.data_size == NULL)) {
+ return WERR_INVALID_PARAM;
+ }
+
result = reg_key_get_value_by_name(mem_ctx, key,
r->in.value_name->name, &value_type, &value_data);
if (!W_ERROR_IS_OK(result)) {
/* if the lookup wasn't successful, send client query
back */
- value_type = 0;
- if (r->in.type != NULL) {
- value_type = *r->in.type;
- }
+ value_type = *r->in.type;
value_data.data = r->in.data;
- value_data.length = 0;
- if (r->in.data_length != NULL) {
- value_data.length = *r->in.data_length;
+ value_data.length = *r->in.data_length;
+ } else {
+ if ((r->in.data != NULL)
+ && (*r->in.data_size < value_data.length)) {
+ return WERR_MORE_DATA;
}
}
--
Samba Shared Repository
