[SCM] Samba Shared Repository - branch master updated

Michael Adam obnox at samba.org
Sat Oct 1 17:27:03 MDT 2011 

The branch, master has been updated
       via  95bb2c2 s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string
       via  b9da423 s3:registry: reg_format: handle unterminated REG_SZ blobs
      from  595cc42 Add the new test_nttrans_fsctl.c to waf

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 95bb2c23e6e9c52a1e34916dff05b1d306278bc6
Author: Michael Adam <obnox at samba.org>
Date:   Thu Sep 29 18:06:56 2011 +0200

    s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string
    
    1. catch data blobs with odd number of bytes (not an ucs2 string at all)
    2. test the right ucs2 character to be 0
       (prevent out-of bounds access/potential segfault)
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Sun Oct  2 01:26:05 CEST 2011 on sn-devel-104

commit b9da4235566ffdd649d7b4a6ca05cecd02cfbd20
Author: Gregor Beck <gbeck at sernet.de>
Date:   Tue Sep 6 09:24:10 2011 +0200

    s3:registry: reg_format: handle unterminated REG_SZ blobs
    
    Signed-off-by: Michael Adam <obnox at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/registry/reg_format.c |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/registry/reg_format.c b/source3/registry/reg_format.c
index 658076c..db03961 100644
--- a/source3/registry/reg_format.c
+++ b/source3/registry/reg_format.c
@@ -326,6 +326,21 @@ done:
 	return ret;
 }
 
+static bool is_zero_terminated_ucs2(const uint8_t* data, size_t len) {
+	const size_t idx = len/sizeof(smb_ucs2_t);
+	const smb_ucs2_t *str = (const smb_ucs2_t*)data;
+
+	if ((len % sizeof(smb_ucs2_t)) != 0) {
+		return false;
+	}
+
+	if (idx == 0) {
+		return false;
+	}
+
+	return (str[idx-1] == 0);
+}
+
 int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
 		     const uint8_t* data, size_t len)
 {
@@ -334,7 +349,9 @@ int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
 
 	switch (type) {
 	case REG_SZ:
-		if (!(f->flags & REG_FMT_HEX_SZ)) {
+		if (!(f->flags & REG_FMT_HEX_SZ)
+		    && is_zero_terminated_ucs2(data, len))
+		{
 			char* str = NULL;
 			size_t dlen;
 			if (pull_ucs2_talloc(mem_ctx, &str, (const smb_ucs2_t*)data, &dlen)) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list