The branch, master has been updated via 5d10676... s4:winreg RPC - fix up the "QueryValue" call to work against the enhanced torture test via 490c0ce... s4:registry/ldb.c - if "name" isn't set we should return WERR_INVALID_PARAM from 667e8d8... nsswitch: build libnss_winbind.so with SOVERSION = 2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 5d10676b3b726a75e2dabe5e8624a7b95b97c424 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Wed Mar 10 19:49:25 2010 +0100 s4:winreg RPC - fix up the "QueryValue" call to work against the enhanced torture test Found out by gd's updated torture test. commit 490c0cefeb3fcbba3e8d38ecec23d3b438d58d92 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Wed Mar 10 09:47:02 2010 +0100 s4:registry/ldb.c - if "name" isn't set we should return WERR_INVALID_PARAM ----------------------------------------------------------------------- Summary of changes: source4/lib/registry/ldb.c | 6 +++++- source4/rpc_server/winreg/rpc_winreg.c | 18 +++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c index a27c94e..0213c54 100644 --- a/source4/lib/registry/ldb.c +++ b/source4/lib/registry/ldb.c @@ -369,7 +369,11 @@ static WERROR ldb_get_value(TALLOC_CTX *mem_ctx, struct hive_key *k, int ret; char *query; - if ((name == NULL) || (name[0] == '\0')) { + if (name == NULL) { + return WERR_INVALID_PARAM; + } + + if (name[0] == '\0') { /* default value */ return ldb_get_default_value(mem_ctx, k, NULL, data_type, data); } else { diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c index c12c0c5..7a33a88 100644 --- a/source4/rpc_server/winreg/rpc_winreg.c +++ b/source4/rpc_server/winreg/rpc_winreg.c @@ -491,19 +491,23 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call, case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: case SECURITY_USER: + if ((r->in.type == NULL) || (r->in.data_length == NULL) || + (r->in.data_size == NULL)) { + return WERR_INVALID_PARAM; + } + result = reg_key_get_value_by_name(mem_ctx, key, r->in.value_name->name, &value_type, &value_data); if (!W_ERROR_IS_OK(result)) { /* if the lookup wasn't successful, send client query back */ - value_type = 0; - if (r->in.type != NULL) { - value_type = *r->in.type; - } + value_type = *r->in.type; value_data.data = r->in.data; - value_data.length = 0; - if (r->in.data_length != NULL) { - value_data.length = *r->in.data_length; + value_data.length = *r->in.data_length; + } else { + if ((r->in.data != NULL) + && (*r->in.data_size < value_data.length)) { + return WERR_MORE_DATA; } } -- Samba Shared Repository