mirror of
https://github.com/samba-team/samba.git
synced 2025-02-02 09:47:23 +03:00
r19914: The "default" value with the name "" need different 0-length treatment as the
other StringBufs, otherwise clicking on a key with this value being set leads to regedit.exe on w2k3 chew all memory. (This used to be commit b148cde7f39859102288a87b6f0bd2b250947a85)
This commit is contained in:
Volker Lendecke
Gerald (Jerry) Carter
parent
213bc9d440
commit
f57cd1f63c
@ -841,7 +841,7 @@ int cac_RegEnumValues( CacServerHandle * hnd, TALLOC_CTX * mem_ctx,
|
||||
uint32 *pdata_size = &data_size;
|
||||
uint32 data_length = 0;
|
||||
uint32 *pdata_length = &data_length;
|
||||
struct winreg_StringBuf name_buf;
|
||||
struct winreg_ValNameBuf name_buf;
|
||||
enum winreg_Type *ptype = &types_out[num_values_out];
|
||||
|
||||
memset( name_buffer, 0x0, max_valnamelen );
|
||||
|
||||
@ -334,7 +334,7 @@ NTSTATUS rpccli_winreg_EnumKey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||
return werror_to_ntstatus(r.out.result);
|
||||
}
|
||||
|
||||
NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct winreg_StringBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t **data_size, uint32_t **value_length)
|
||||
NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct winreg_ValNameBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t **data_size, uint32_t **value_length)
|
||||
{
|
||||
struct winreg_EnumValue r;
|
||||
NTSTATUS status;
|
||||
|
||||
@ -11,7 +11,7 @@ NTSTATUS rpccli_winreg_CreateKey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
|
||||
NTSTATUS rpccli_winreg_DeleteKey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct winreg_String key);
|
||||
NTSTATUS rpccli_winreg_DeleteValue(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct winreg_String value);
|
||||
NTSTATUS rpccli_winreg_EnumKey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct winreg_StringBuf *name, struct winreg_StringBuf **keyclass, NTTIME **last_changed_time);
|
||||
NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct winreg_StringBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t **data_size, uint32_t **value_length);
|
||||
NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct winreg_ValNameBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t **data_size, uint32_t **value_length);
|
||||
NTSTATUS rpccli_winreg_FlushKey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle);
|
||||
NTSTATUS rpccli_winreg_GetKeySecurity(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, uint32_t sec_info, struct KeySecurityData *sd);
|
||||
NTSTATUS rpccli_winreg_LoadKey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct winreg_String *keyname, struct winreg_String *filename);
|
||||
|
||||
@ -335,6 +335,77 @@ _PUBLIC_ void ndr_print_winreg_StringBuf(struct ndr_print *ndr, const char *name
|
||||
ndr->depth--;
|
||||
}
|
||||
|
||||
NTSTATUS ndr_push_winreg_ValNameBuf(struct ndr_push *ndr, int ndr_flags, const struct winreg_ValNameBuf *r)
|
||||
{
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_push_align(ndr, 4));
|
||||
NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, strlen_m_term(r->name)*2));
|
||||
NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->size));
|
||||
NDR_CHECK(ndr_push_unique_ptr(ndr, r->name));
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
if (r->name) {
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->size/2));
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen_m_term(r->name)*2/2));
|
||||
NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->name, strlen_m_term(r->name)*2/2, sizeof(uint16_t), CH_UTF16));
|
||||
}
|
||||
}
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS ndr_pull_winreg_ValNameBuf(struct ndr_pull *ndr, int ndr_flags, struct winreg_ValNameBuf *r)
|
||||
{
|
||||
uint32_t _ptr_name;
|
||||
TALLOC_CTX *_mem_save_name_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_pull_align(ndr, 4));
|
||||
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length));
|
||||
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
|
||||
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name));
|
||||
if (_ptr_name) {
|
||||
NDR_PULL_ALLOC(ndr, r->name);
|
||||
} else {
|
||||
r->name = NULL;
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
if (r->name) {
|
||||
_mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->name, 0);
|
||||
NDR_CHECK(ndr_pull_array_size(ndr, &r->name));
|
||||
NDR_CHECK(ndr_pull_array_length(ndr, &r->name));
|
||||
if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name));
|
||||
}
|
||||
NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0);
|
||||
}
|
||||
if (r->name) {
|
||||
NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->name, r->size/2));
|
||||
}
|
||||
if (r->name) {
|
||||
NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->name, r->length/2));
|
||||
}
|
||||
}
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
_PUBLIC_ void ndr_print_winreg_ValNameBuf(struct ndr_print *ndr, const char *name, const struct winreg_ValNameBuf *r)
|
||||
{
|
||||
ndr_print_struct(ndr, name, "winreg_ValNameBuf");
|
||||
ndr->depth++;
|
||||
ndr_print_uint16(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?strlen_m_term(r->name)*2:r->length);
|
||||
ndr_print_uint16(ndr, "size", r->size);
|
||||
ndr_print_ptr(ndr, "name", r->name);
|
||||
ndr->depth++;
|
||||
if (r->name) {
|
||||
ndr_print_string(ndr, "name", r->name);
|
||||
}
|
||||
ndr->depth--;
|
||||
ndr->depth--;
|
||||
}
|
||||
|
||||
NTSTATUS ndr_push_KeySecurityAttribute(struct ndr_push *ndr, int ndr_flags, const struct KeySecurityAttribute *r)
|
||||
{
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
@ -1394,7 +1465,7 @@ NTSTATUS ndr_push_winreg_EnumValue(struct ndr_push *ndr, int flags, const struct
|
||||
NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.enum_index));
|
||||
if (r->in.name == NULL) return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||
NDR_CHECK(ndr_push_winreg_StringBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
|
||||
NDR_CHECK(ndr_push_winreg_ValNameBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
|
||||
NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.type));
|
||||
if (r->in.type) {
|
||||
NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, *r->in.type));
|
||||
@ -1417,7 +1488,7 @@ NTSTATUS ndr_push_winreg_EnumValue(struct ndr_push *ndr, int flags, const struct
|
||||
}
|
||||
if (flags & NDR_OUT) {
|
||||
if (r->out.name == NULL) return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||
NDR_CHECK(ndr_push_winreg_StringBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.name));
|
||||
NDR_CHECK(ndr_push_winreg_ValNameBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.name));
|
||||
NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.type));
|
||||
if (r->out.type) {
|
||||
NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, *r->out.type));
|
||||
@ -1470,7 +1541,7 @@ NTSTATUS ndr_pull_winreg_EnumValue(struct ndr_pull *ndr, int flags, struct winre
|
||||
}
|
||||
_mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->in.name, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_CHECK(ndr_pull_winreg_StringBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
|
||||
NDR_CHECK(ndr_pull_winreg_ValNameBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_type));
|
||||
if (_ptr_type) {
|
||||
@ -1543,7 +1614,7 @@ NTSTATUS ndr_pull_winreg_EnumValue(struct ndr_pull *ndr, int flags, struct winre
|
||||
}
|
||||
_mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->out.name, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_CHECK(ndr_pull_winreg_StringBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.name));
|
||||
NDR_CHECK(ndr_pull_winreg_ValNameBuf(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.name));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, LIBNDR_FLAG_REF_ALLOC);
|
||||
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_type));
|
||||
if (_ptr_type) {
|
||||
@ -1629,7 +1700,7 @@ _PUBLIC_ void ndr_print_winreg_EnumValue(struct ndr_print *ndr, const char *name
|
||||
ndr_print_uint32(ndr, "enum_index", r->in.enum_index);
|
||||
ndr_print_ptr(ndr, "name", r->in.name);
|
||||
ndr->depth++;
|
||||
ndr_print_winreg_StringBuf(ndr, "name", r->in.name);
|
||||
ndr_print_winreg_ValNameBuf(ndr, "name", r->in.name);
|
||||
ndr->depth--;
|
||||
ndr_print_ptr(ndr, "type", r->in.type);
|
||||
ndr->depth++;
|
||||
@ -1662,7 +1733,7 @@ _PUBLIC_ void ndr_print_winreg_EnumValue(struct ndr_print *ndr, const char *name
|
||||
ndr->depth++;
|
||||
ndr_print_ptr(ndr, "name", r->out.name);
|
||||
ndr->depth++;
|
||||
ndr_print_winreg_StringBuf(ndr, "name", r->out.name);
|
||||
ndr_print_winreg_ValNameBuf(ndr, "name", r->out.name);
|
||||
ndr->depth--;
|
||||
ndr_print_ptr(ndr, "type", r->out.type);
|
||||
ndr->depth++;
|
||||
|
||||
@ -92,6 +92,7 @@ void ndr_print_KeySecurityData(struct ndr_print *ndr, const char *name, const st
|
||||
void ndr_print_winreg_SecBuf(struct ndr_print *ndr, const char *name, const struct winreg_SecBuf *r);
|
||||
void ndr_print_winreg_CreateAction(struct ndr_print *ndr, const char *name, enum winreg_CreateAction r);
|
||||
void ndr_print_winreg_StringBuf(struct ndr_print *ndr, const char *name, const struct winreg_StringBuf *r);
|
||||
void ndr_print_winreg_ValNameBuf(struct ndr_print *ndr, const char *name, const struct winreg_ValNameBuf *r);
|
||||
void ndr_print_KeySecurityAttribute(struct ndr_print *ndr, const char *name, const struct KeySecurityAttribute *r);
|
||||
void ndr_print_QueryMultipleValue(struct ndr_print *ndr, const char *name, const struct QueryMultipleValue *r);
|
||||
void ndr_print_winreg_OpenHKCR(struct ndr_print *ndr, const char *name, int flags, const struct winreg_OpenHKCR *r);
|
||||
|
||||
@ -11,7 +11,7 @@ WERROR _winreg_CreateKey(pipes_struct *p, struct policy_handle *handle, struct w
|
||||
WERROR _winreg_DeleteKey(pipes_struct *p, struct policy_handle *handle, struct winreg_String key);
|
||||
WERROR _winreg_DeleteValue(pipes_struct *p, struct policy_handle *handle, struct winreg_String value);
|
||||
WERROR _winreg_EnumKey(pipes_struct *p, struct policy_handle *handle, uint32_t enum_index, struct winreg_StringBuf *name, struct winreg_StringBuf *keyclass, NTTIME *last_changed_time);
|
||||
WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle, uint32_t enum_index, struct winreg_StringBuf *name, enum winreg_Type *type, uint8_t *data, uint32_t *data_size, uint32_t *value_length);
|
||||
WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle, uint32_t enum_index, struct winreg_ValNameBuf *name, enum winreg_Type *type, uint8_t *data, uint32_t *data_size, uint32_t *value_length);
|
||||
WERROR _winreg_FlushKey(pipes_struct *p, struct policy_handle *handle);
|
||||
WERROR _winreg_GetKeySecurity(pipes_struct *p, struct policy_handle *handle, uint32_t sec_info, struct KeySecurityData *sd);
|
||||
WERROR _winreg_LoadKey(pipes_struct *p, struct policy_handle *handle, struct winreg_String *keyname, struct winreg_String *filename);
|
||||
|
||||
@ -53,6 +53,12 @@ struct winreg_StringBuf {
|
||||
const char *name;/* [unique,length_is(length/2),charset(UTF16),size_is(size/2)] */
|
||||
};
|
||||
|
||||
struct winreg_ValNameBuf {
|
||||
uint16_t length;/* [value(strlen_m_term(name)*2)] */
|
||||
uint16_t size;
|
||||
const char *name;/* [unique,length_is(length/2),charset(UTF16),size_is(size/2)] */
|
||||
};
|
||||
|
||||
struct KeySecurityAttribute {
|
||||
uint32_t data_size;
|
||||
struct KeySecurityData sec_data;
|
||||
@ -219,7 +225,7 @@ struct winreg_EnumValue {
|
||||
struct {
|
||||
struct policy_handle *handle;/* [ref] */
|
||||
uint32_t enum_index;
|
||||
struct winreg_StringBuf *name;/* [ref] */
|
||||
struct winreg_ValNameBuf *name;/* [ref] */
|
||||
enum winreg_Type *type;/* [unique] */
|
||||
uint8_t *data;/* [unique,length_is(*value_length),size_is(*data_size)] */
|
||||
uint32_t *data_size;/* [unique] */
|
||||
@ -227,7 +233,7 @@ struct winreg_EnumValue {
|
||||
} in;
|
||||
|
||||
struct {
|
||||
struct winreg_StringBuf *name;/* [ref] */
|
||||
struct winreg_ValNameBuf *name;/* [ref] */
|
||||
enum winreg_Type *type;/* [unique] */
|
||||
uint8_t *data;/* [unique,length_is(*value_length),size_is(*data_size)] */
|
||||
uint32_t *data_size;/* [unique] */
|
||||
|
||||
@ -140,7 +140,6 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
|
||||
[size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name;
|
||||
} winreg_StringBuf;
|
||||
|
||||
|
||||
/******************/
|
||||
/* Function: 0x09 */
|
||||
WERROR winreg_EnumKey(
|
||||
@ -151,13 +150,22 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
|
||||
[in,out,unique] NTTIME *last_changed_time
|
||||
);
|
||||
|
||||
typedef struct {
|
||||
[value(strlen_m_term(name)*2)] uint16 length;
|
||||
/* size cannot be auto-set by value() as it is the
|
||||
amount of space the server is allowed to use for this
|
||||
string in the reply, not its current size */
|
||||
uint16 size;
|
||||
[size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name;
|
||||
} winreg_ValNameBuf;
|
||||
|
||||
/******************/
|
||||
/* Function: 0x0a */
|
||||
|
||||
WERROR winreg_EnumValue(
|
||||
[in,ref] policy_handle *handle,
|
||||
[in] uint32 enum_index,
|
||||
[in,out,ref] winreg_StringBuf *name,
|
||||
[in,out,ref] winreg_ValNameBuf *name,
|
||||
[in,out,unique] winreg_Type *type,
|
||||
[in,out,unique,size_is(*data_size),length_is(*value_length)] uint8 *data,
|
||||
[in,out,unique] uint32 *data_size,
|
||||
|
||||
@ -626,7 +626,7 @@ WERROR _winreg_EnumKey(pipes_struct *p, struct policy_handle *handle, uint32_t e
|
||||
****************************************************************************/
|
||||
|
||||
WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle,
|
||||
uint32_t enum_index, struct winreg_StringBuf *name,
|
||||
uint32_t enum_index, struct winreg_ValNameBuf *name,
|
||||
enum winreg_Type *type, uint8_t *data,
|
||||
uint32_t *data_size, uint32_t *value_length)
|
||||
{
|
||||
@ -1317,14 +1317,6 @@ WERROR _winreg_SetValue(pipes_struct *p, struct policy_handle *handle, struct wi
|
||||
|
||||
key = info->key;
|
||||
|
||||
if (!name.name || (strlen(name.name) == 0)) {
|
||||
/*
|
||||
* This is the "Standard Value" for a key, we don't support
|
||||
* that (yet...)
|
||||
*/
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/* access checks first */
|
||||
|
||||
if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) )
|
||||
|
||||
@ -265,7 +265,7 @@ static NTSTATUS registry_enumvalues(TALLOC_CTX *ctx,
|
||||
uint32 *pvalue_length = &value_length;
|
||||
|
||||
char n;
|
||||
struct winreg_StringBuf name_buf;
|
||||
struct winreg_ValNameBuf name_buf;
|
||||
|
||||
n = '\0';
|
||||
name_buf.name = &n;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user