diff options
author | Volker Lendecke <vl@samba.org> | 2009-02-19 14:16:44 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-02-20 08:53:30 +0100 |
commit | 7480b88af9bd1ed36abb816c85f69746d444dadc (patch) | |
tree | 0f7ad6ca0dce4cf64260c31b3001b14a8b22ae08 | |
parent | 924e5aee5e73a7b54061193a274f2ad662c6b230 (diff) | |
download | samba-7480b88af9bd1ed36abb816c85f69746d444dadc.tar.gz |
Fix a buffer handling bug when adding lots of registry keys
This is *ancient*... From 2002, and nobody noticed until someone added lots of
shares using net conf... :-)
(cherry picked from commit 36ae846d15027df5e3a02ffabb08183dad9f6517)
(cherry picked from commit 13f0a2903257677cc107f861e4ed2b58e52a1e21)
-rw-r--r-- | source/registry/reg_backend_db.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/source/registry/reg_backend_db.c b/source/registry/reg_backend_db.c index 6f4c614b9a5..a3cdaa7d41e 100644 --- a/source/registry/reg_backend_db.c +++ b/source/registry/reg_backend_db.c @@ -536,21 +536,36 @@ static bool regdb_store_keys_internal(const char *key, REGSUBKEY_CTR *ctr) /* pack all the strings */ for (i=0; i<num_subkeys; i++) { - len += tdb_pack(buffer+len, buflen-len, "f", - regsubkey_ctr_specific_key(ctr, i)); - if (len > buflen) { - /* allocate some extra space */ - buffer = (uint8 *)SMB_REALLOC(buffer, len*2); + size_t thistime; + + thistime = tdb_pack(buffer+len, buflen-len, "f", + regsubkey_ctr_specific_key(ctr, i)); + if (len+thistime > buflen) { + size_t thistime2; + /* + * tdb_pack hasn't done anything because of the short + * buffer, allocate extra space. + */ + buffer = SMB_REALLOC_ARRAY(buffer, uint8_t, + (len+thistime)*2); if(buffer == NULL) { DEBUG(0, ("regdb_store_keys: Failed to realloc " - "memory of size [%d]\n", len*2)); + "memory of size [%d]\n", + (len+thistime)*2)); + ret = false; + goto done; + } + buflen = (len+thistime)*2; + thistime2 = tdb_pack( + buffer+len, buflen-len, "f", + regsubkey_ctr_specific_key(ctr, i)); + if (thistime2 != thistime) { + DEBUG(0, ("tdb_pack failed\n")); ret = false; goto done; } - buflen = len*2; - len = tdb_pack(buffer+len, buflen-len, "f", - regsubkey_ctr_specific_key(ctr, i)); } + len += thistime; } /* finally write out the data */ |