1. catch data blobs with odd number of bytes (not an ucs2 string at all)
2. test the right ucs2 character to be 0
(prevent out-of bounds access/potential segfault)
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sun Oct 2 01:26:05 CEST 2011 on sn-devel-104
static bool is_zero_terminated_ucs2(const uint8_t* data, size_t len) {
const size_t idx = len/sizeof(smb_ucs2_t);
const smb_ucs2_t *str = (const smb_ucs2_t*)data;
- return (idx > 0) && (str[idx] == 0);
+
+ if ((len % sizeof(smb_ucs2_t)) != 0) {
+ return false;
+ }
+
+ if (idx == 0) {
+ return false;
+ }
+
+ return (str[idx-1] == 0);
}
int reg_format_value(struct reg_format* f, const char* name, uint32_t type,