s3:registry: reg_format: handle unterminated REG_SZ blobs

author Gregor Beck <gbeck@sernet.de>

Tue, 6 Sep 2011 07:24:10 +0000 (09:24 +0200)

committer Michael Adam <obnox@samba.org>

Sat, 1 Oct 2011 21:51:05 +0000 (23:51 +0200)
author Gregor Beck <gbeck@sernet.de>
Tue, 6 Sep 2011 07:24:10 +0000 (09:24 +0200)
committer Michael Adam <obnox@samba.org>
Sat, 1 Oct 2011 21:51:05 +0000 (23:51 +0200)
diff --git a/source3/registry/reg_format.c b/source3/registry/reg_format.c

index 658076c5cfe8d5ddc9773941eb4133c4e3ac8dff..77a27fcc0a25686777802f0ecfcd8252601114e8 100644 (file)
--- a/source3/registry/reg_format.c
+++ b/source3/registry/reg_format.c
@@ -326,6 +326,12 @@ done:
         return ret;
  }
  
+static bool is_zero_terminated_ucs2(const uint8_t* data, size_t len) {
+       const size_t idx = len/sizeof(smb_ucs2_t);
+       const smb_ucs2_t *str = (const smb_ucs2_t*)data;
+       return (idx > 0) && (str[idx] == 0);
+}
+
  int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
                      const uint8_t* data, size_t len)
  {
@@ -334,7 +340,9 @@ int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
  
         switch (type) {
         case REG_SZ:
-               if (!(f->flags & REG_FMT_HEX_SZ)) {
+               if (!(f->flags & REG_FMT_HEX_SZ)
+                   && is_zero_terminated_ucs2(data, len))
+               {
                         char* str = NULL;
                         size_t dlen;
                         if (pull_ucs2_talloc(mem_ctx, &str, (const smb_ucs2_t*)data, &dlen)) {
author	Gregor Beck <gbeck@sernet.de>
	Tue, 6 Sep 2011 07:24:10 +0000 (09:24 +0200)
committer	Michael Adam <obnox@samba.org>
	Sat, 1 Oct 2011 21:51:05 +0000 (23:51 +0200)