s3:registry: add safety check for return value of tdb_unpack to regdb_fetch_keys_inte...
authorMichael Adam <obnox@samba.org>
Mon, 2 Nov 2009 23:47:37 +0000 (00:47 +0100)
committerMichael Adam <obnox@samba.org>
Tue, 3 Nov 2009 00:02:38 +0000 (01:02 +0100)
Prevents segfaults in some situations.

(For a non existent or empty record, we sometimes rely on the fetch operation
 to return dsize==0 and sometimes we rely on dptr==NULL.)

Michael

source3/registry/reg_backend_db.c

index 2b6259c03ad330cff0154e391629f0acbfefaa7e..2cd359353717f4792da54969556ae28167ae0fd7 100644 (file)
@@ -1470,6 +1470,10 @@ static WERROR regdb_fetch_keys_internal(struct db_context *db, const char *key,
        buf = value.dptr;
        buflen = value.dsize;
        len = tdb_unpack( buf, buflen, "d", &num_items);
        buf = value.dptr;
        buflen = value.dsize;
        len = tdb_unpack( buf, buflen, "d", &num_items);
+       if (len == (uint32_t)-1) {
+               werr = WERR_NOT_FOUND;
+               goto done;
+       }
 
        werr = regsubkey_ctr_reinit(ctr);
        W_ERROR_NOT_OK_GOTO_DONE(werr);
 
        werr = regsubkey_ctr_reinit(ctr);
        W_ERROR_NOT_OK_GOTO_DONE(werr);