From d89a951517744c523d26af5e0e71d70fcc9f643b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 27 Sep 2006 03:43:42 +0000 Subject: [PATCH] r18940: Fix a few memory corruption bugs to make CreateKey() and DeleteKey() work (This used to be commit e7e3e35c1def29430dc69d3311d5779575659ec5) --- source3/rpc_server/srv_winreg_nt.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index cb2c7956797..03320b38f68 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -1189,7 +1189,9 @@ WERROR _winreg_CreateKey( pipes_struct *p, struct policy_handle *handle, struct /* copy the new key name (just the lower most keyname) */ - pstrcpy( name, ptr+1 ); + if ( (name = talloc_strdup( p->mem_ctx, ptr+1 )) == NULL ) { + return WERR_NOMEM; + } } else { /* use the existing open key information */ @@ -1334,11 +1336,15 @@ WERROR _winreg_DeleteKey(pipes_struct *p, struct policy_handle *handle, struct w pstrcpy( newkeyname, name ); ptr = strrchr( newkeyname, '\\' ); *ptr = '\0'; - pstrcpy( name, ptr+1 ); + if ( (name = talloc_strdup( p->mem_ctx, ptr+1 )) == NULL ) { + result = WERR_NOMEM; + goto done; + } result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) ); - if ( !W_ERROR_IS_OK(result) ) - return result; + if ( !W_ERROR_IS_OK(result) ) { + goto done; + } } else { /* use the existing open key information */