1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00

Fix a buffer handling bug when adding lots of registry keys

This is *ancient*... From 2002, and nobody noticed until someone added lots of
shares using net conf... :-)
This commit is contained in:
Volker Lendecke 2009-02-19 14:16:44 +01:00
parent 7d44cd50e8
commit d0ee90ace9

View File

@ -536,21 +536,36 @@ static bool regdb_store_keys_internal(const char *key, REGSUBKEY_CTR *ctr)
/* pack all the strings */
for (i=0; i<num_subkeys; i++) {
len += tdb_pack(buffer+len, buflen-len, "f",
regsubkey_ctr_specific_key(ctr, i));
if (len > buflen) {
/* allocate some extra space */
buffer = (uint8 *)SMB_REALLOC(buffer, len*2);
size_t thistime;
thistime = tdb_pack(buffer+len, buflen-len, "f",
regsubkey_ctr_specific_key(ctr, i));
if (len+thistime > buflen) {
size_t thistime2;
/*
* tdb_pack hasn't done anything because of the short
* buffer, allocate extra space.
*/
buffer = SMB_REALLOC_ARRAY(buffer, uint8_t,
(len+thistime)*2);
if(buffer == NULL) {
DEBUG(0, ("regdb_store_keys: Failed to realloc "
"memory of size [%d]\n", len*2));
"memory of size [%d]\n",
(len+thistime)*2));
ret = false;
goto done;
}
buflen = (len+thistime)*2;
thistime2 = tdb_pack(
buffer+len, buflen-len, "f",
regsubkey_ctr_specific_key(ctr, i));
if (thistime2 != thistime) {
DEBUG(0, ("tdb_pack failed\n"));
ret = false;
goto done;
}
buflen = len*2;
len = tdb_pack(buffer+len, buflen-len, "f",
regsubkey_ctr_specific_key(ctr, i));
}
len += thistime;
}
/* finally write out the data */