[SCM] Samba Shared Repository - branch master updated

Sat, 01 Oct 2011 16:27:24 -0700 

The branch, master has been updated
       via  95bb2c2 s3:registry: fix the test for a REG_SZ blob possibly being 
a zero terminated ucs2 string
       via  b9da423 s3:registry: reg_format: handle unterminated REG_SZ blobs
      from  595cc42 Add the new test_nttrans_fsctl.c to waf

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 95bb2c23e6e9c52a1e34916dff05b1d306278bc6
Author: Michael Adam <ob...@samba.org>
Date:   Thu Sep 29 18:06:56 2011 +0200

    s3:registry: fix the test for a REG_SZ blob possibly being a zero 
terminated ucs2 string
    
    1. catch data blobs with odd number of bytes (not an ucs2 string at all)
    2. test the right ucs2 character to be 0
       (prevent out-of bounds access/potential segfault)
    
    Autobuild-User: Michael Adam <ob...@samba.org>
    Autobuild-Date: Sun Oct  2 01:26:05 CEST 2011 on sn-devel-104

commit b9da4235566ffdd649d7b4a6ca05cecd02cfbd20
Author: Gregor Beck <gb...@sernet.de>
Date:   Tue Sep 6 09:24:10 2011 +0200

    s3:registry: reg_format: handle unterminated REG_SZ blobs
    
    Signed-off-by: Michael Adam <ob...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/registry/reg_format.c |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/registry/reg_format.c b/source3/registry/reg_format.c
index 658076c..db03961 100644
--- a/source3/registry/reg_format.c
+++ b/source3/registry/reg_format.c
@@ -326,6 +326,21 @@ done:
        return ret;
 }
 
+static bool is_zero_terminated_ucs2(const uint8_t* data, size_t len) {
+       const size_t idx = len/sizeof(smb_ucs2_t);
+       const smb_ucs2_t *str = (const smb_ucs2_t*)data;
+
+       if ((len % sizeof(smb_ucs2_t)) != 0) {
+               return false;
+       }
+
+       if (idx == 0) {
+               return false;
+       }
+
+       return (str[idx-1] == 0);
+}
+
 int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
                     const uint8_t* data, size_t len)
 {
@@ -334,7 +349,9 @@ int reg_format_value(struct reg_format* f, const char* 
name, uint32_t type,
 
        switch (type) {
        case REG_SZ:
-               if (!(f->flags & REG_FMT_HEX_SZ)) {
+               if (!(f->flags & REG_FMT_HEX_SZ)
+                   && is_zero_terminated_ucs2(data, len))
+               {
                        char* str = NULL;
                        size_t dlen;
                        if (pull_ucs2_talloc(mem_ctx, &str, (const 
smb_ucs2_t*)data, &dlen)) {


-- 
Samba Shared Repository

Reply via email to