summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-02-19 14:16:44 +0100
committerKarolin Seeger <kseeger@samba.org>2009-02-20 08:53:30 +0100
commit7480b88af9bd1ed36abb816c85f69746d444dadc (patch)
tree0f7ad6ca0dce4cf64260c31b3001b14a8b22ae08
parent924e5aee5e73a7b54061193a274f2ad662c6b230 (diff)
downloadsamba-7480b88af9bd1ed36abb816c85f69746d444dadc.tar.gz
Fix a buffer handling bug when adding lots of registry keys
This is *ancient*... From 2002, and nobody noticed until someone added lots of shares using net conf... :-) (cherry picked from commit 36ae846d15027df5e3a02ffabb08183dad9f6517) (cherry picked from commit 13f0a2903257677cc107f861e4ed2b58e52a1e21)
Diffstat
-rw-r--r--source/registry/reg_backend_db.c33
1 files changed, 24 insertions, 9 deletions
diff --git a/source/registry/reg_backend_db.c b/source/registry/reg_backend_db.c
index 6f4c614b9a5..a3cdaa7d41e 100644
--- a/source/registry/reg_backend_db.c
+++ b/source/registry/reg_backend_db.c
@@ -536,21 +536,36 @@ static bool regdb_store_keys_internal(const char *key, REGSUBKEY_CTR *ctr)
/* pack all the strings */
for (i=0; i<num_subkeys; i++) {
- len += tdb_pack(buffer+len, buflen-len, "f",
- regsubkey_ctr_specific_key(ctr, i));
- if (len > buflen) {
- /* allocate some extra space */
- buffer = (uint8 *)SMB_REALLOC(buffer, len*2);
+ size_t thistime;
+
+ thistime = tdb_pack(buffer+len, buflen-len, "f",
+ regsubkey_ctr_specific_key(ctr, i));
+ if (len+thistime > buflen) {
+ size_t thistime2;
+ /*
+ * tdb_pack hasn't done anything because of the short
+ * buffer, allocate extra space.
+ */
+ buffer = SMB_REALLOC_ARRAY(buffer, uint8_t,
+ (len+thistime)*2);
if(buffer == NULL) {
DEBUG(0, ("regdb_store_keys: Failed to realloc "
- "memory of size [%d]\n", len*2));
+ "memory of size [%d]\n",
+ (len+thistime)*2));
+ ret = false;
+ goto done;
+ }
+ buflen = (len+thistime)*2;
+ thistime2 = tdb_pack(
+ buffer+len, buflen-len, "f",
+ regsubkey_ctr_specific_key(ctr, i));
+ if (thistime2 != thistime) {
+ DEBUG(0, ("tdb_pack failed\n"));
ret = false;
goto done;
}
- buflen = len*2;
- len = tdb_pack(buffer+len, buflen-len, "f",
- regsubkey_ctr_specific_key(ctr, i));
}
+ len += thistime;
}
/* finally write out the data */
View Lorry Controller Status