The branch, master has been updated via eb8c8a0... s4:registry - util.c - add harder checks for inputs on "reg_val_data_string" via 508c218... Revert "s4-smbtorture: skip extended SetValue test against Samba (both dont survive)." via bb1ac0c... s4:registry - ldb.c - provide a mechanism for storing UTF8/binary REG_DWORD values via fbce5de... s4:registry - ldb.c - provide a mechansim for storing UTF8/binary REG_SZ/REG_EXPAND_SZ values via 95bfd17... s4:registry - ldb.c - fix up a strange LDB filter via f72790d... s4:registry - ldb.c - fix up the memory handling in "reg_ldb_unpack_value" via 33eb1c9... s4:registry - ldb.c - check more for possible "Out of memory" circumstances via 9b3c457... s4:registry - ldb.c - remove superfluous "query" variable via cd3c870... s4:registry - ldb.c - Consider result values in "reg_ldb_pack_value" via 3c6792b... s4:registry - ldb.c - Move the "val" structure from 727fb85... s3: Remove some unused #defines
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit eb8c8a0ecaa9bfd29f090db21fccdad7751767ae Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sun Mar 14 17:40:14 2010 +0100 s4:registry - util.c - add harder checks for inputs on "reg_val_data_string" ("NULL" result is error on most data types). commit 508c218eb2f4bf8c45dc9d481576c87ed4fecbd3 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 13:37:18 2010 +0100 Revert "s4-smbtorture: skip extended SetValue test against Samba (both dont survive)." This reverts commit 40e2c04f8aba605e951810751222559ea0d32ebd. s4 should support now also the extended "SetValue" tests. commit bb1ac0c75c2f42dff972bae36b3814e5ad1142f9 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sun Mar 14 17:18:29 2010 +0100 s4:registry - ldb.c - provide a mechanism for storing UTF8/binary REG_DWORD values We need to support this as gd's WINREG torture test shows. commit fbce5ded301a79846356b3809275e10b0a4b6860 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sun Mar 14 10:30:19 2010 +0100 s4:registry - ldb.c - provide a mechansim for storing UTF8/binary REG_SZ/REG_EXPAND_SZ values We need to support this as gd's WINREG torture test shows. commit 95bfd17e080e439ab3185a1544c64bbe17067306 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 21:13:59 2010 +0100 s4:registry - ldb.c - fix up a strange LDB filter commit f72790daaa6ecef922edcfba38effdc8e5885782 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 20:03:03 2010 +0100 s4:registry - ldb.c - fix up the memory handling in "reg_ldb_unpack_value" Don't substitute existing data blobs with new ones and make sure, that the result objects in the data blob don't have memory dependencies of the LDB value input. commit 33eb1c95e55bb26aee7ee3876e38136eb56ef36e Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 19:37:13 2010 +0100 s4:registry - ldb.c - check more for possible "Out of memory" circumstances commit 9b3c45754e9f610a095e6e1b191bb33235e8c314 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 19:30:43 2010 +0100 s4:registry - ldb.c - remove superfluous "query" variable commit cd3c870333d49460c9598a9928622454cd2cefc5 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 19:29:03 2010 +0100 s4:registry - ldb.c - Consider result values in "reg_ldb_pack_value" Break on errors and return NULL and otherwise the message pointer. commit 3c6792bc76323f821bc9e44ea3d724ce39e9081f Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sat Mar 13 18:39:54 2010 +0100 s4:registry - ldb.c - Move the "val" structure Move it into the REG_SZ/REG_EXPAND_SZ case block since it's used only there. Plus convert it from static into dynamic talloc'ed. ----------------------------------------------------------------------- Summary of changes: source4/lib/registry/ldb.c | 188 ++++++++++++++++++++++++++++++++++-------- source4/lib/registry/util.c | 28 ++++--- source4/torture/rpc/winreg.c | 14 ++- 3 files changed, 179 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c index 0213c54..9e77f1f 100644 --- a/source4/lib/registry/ldb.c +++ b/source4/lib/registry/ldb.c @@ -61,9 +61,22 @@ static void reg_ldb_unpack_value(TALLOC_CTX *mem_ctx, case REG_SZ: case REG_EXPAND_SZ: if (val != NULL) { - convert_string_talloc(mem_ctx, CH_UTF8, CH_UTF16, - val->data, val->length, - (void **)&data->data, &data->length, false); + if (val->data[0] != '\0') { + /* The data should be provided as UTF16 string */ + convert_string_talloc(mem_ctx, CH_UTF8, CH_UTF16, + val->data, val->length, + (void **)&data->data, &data->length, false); + } else { + /* Provide a possibility to store also UTF8 + * REG_SZ/REG_EXPAND_SZ values. This is done + * by adding a '\0' in front of the data */ + data->data = talloc_size(mem_ctx, val->length - 1); + if (data->data != NULL) { + memcpy(data->data, val->data + 1, + val->length - 1); + } + data->length = val->length - 1; + } } else { data->data = NULL; data->length = 0; @@ -72,9 +85,25 @@ static void reg_ldb_unpack_value(TALLOC_CTX *mem_ctx, case REG_DWORD: if (val != NULL) { - uint32_t tmp = strtoul((char *)val->data, NULL, 0); - *data = data_blob_talloc(mem_ctx, NULL, 4); - SIVAL(data->data, 0, tmp); + if (val->data[0] != '\0') { + /* The data is a plain DWORD */ + uint32_t tmp = strtoul((char *)val->data, NULL, 0); + data->data = talloc_size(mem_ctx, sizeof(uint32_t) + 1); + if (data->data != NULL) { + SIVAL(data->data, 0, tmp); + } + data->length = sizeof(uint32_t); + } else { + /* Provide a possibility to store also UTF8 + * REG_DWORD values. This is done by adding a + * '\0' in front of the data */ + data->data = talloc_size(mem_ctx, val->length - 1); + if (data->data != NULL) { + memcpy(data->data, val->data + 1, + val->length - 1); + } + data->length = val->length - 1; + } } else { data->data = NULL; data->length = 0; @@ -84,7 +113,9 @@ static void reg_ldb_unpack_value(TALLOC_CTX *mem_ctx, case REG_BINARY: default: if (val != NULL) { - *data = data_blob_talloc(mem_ctx, val->data, val->length); + data->data = talloc_memdup(mem_ctx, val->data, + val->length); + data->length = val->length; } else { data->data = NULL; data->length = 0; @@ -98,34 +129,105 @@ static struct ldb_message *reg_ldb_pack_value(struct ldb_context *ctx, const char *name, uint32_t type, DATA_BLOB data) { - struct ldb_val val; - struct ldb_message *msg = talloc_zero(mem_ctx, struct ldb_message); - char *type_s; + struct ldb_message *msg; + char *name_dup, *type_str; + int ret; - ldb_msg_add_string(msg, "value", talloc_strdup(mem_ctx, name)); + msg = talloc_zero(mem_ctx, struct ldb_message); + if (msg == NULL) { + return NULL; + } + + name_dup = talloc_strdup(msg, name); + if (name_dup == NULL) { + talloc_free(msg); + return NULL; + } + + ret = ldb_msg_add_string(msg, "value", name_dup); + if (ret != LDB_SUCCESS) { + talloc_free(msg); + return NULL; + } switch (type) { case REG_SZ: case REG_EXPAND_SZ: if ((data.length > 0) && (data.data != NULL) && (data.data[0] != '\0')) { - convert_string_talloc(mem_ctx, CH_UTF16, CH_UTF8, - (void *)data.data, - data.length, - (void **)&val.data, &val.length, false); - ldb_msg_add_value(msg, "data", &val, NULL); + struct ldb_val *val; + bool ret2; + + val = talloc_zero(msg, struct ldb_val); + if (val == NULL) { + talloc_free(msg); + return NULL; + } + + if (data.length % 2 == 0) { + /* The data is provided as UTF16 string */ + ret2 = convert_string_talloc(mem_ctx, CH_UTF16, CH_UTF8, + (void *)data.data, data.length, + (void **)&val->data, &val->length, + false); + if (!ret2) { + talloc_free(msg); + return NULL; + } + } else { + /* Provide a possibility to store also UTF8 + * REG_SZ/REG_EXPAND_SZ values. This is done + * by adding a '\0' in front of the data */ + val->data = talloc_size(msg, data.length + 1); + if (val->data == NULL) { + talloc_free(msg); + return NULL; + } + val->data[0] = '\0'; + memcpy(val->data + 1, data.data, data.length); + val->length = data.length + 1; + } + ret = ldb_msg_add_value(msg, "data", val, NULL); } else { - ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); + ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); } break; case REG_DWORD: if ((data.length > 0) && (data.data != NULL)) { - ldb_msg_add_string(msg, "data", - talloc_asprintf(mem_ctx, "0x%x", - IVAL(data.data, 0))); + if (data.length == sizeof(uint32_t)) { + char *conv_str; + + conv_str = talloc_asprintf(msg, "0x%x", IVAL(data.data, 0)); + if (conv_str == NULL) { + talloc_free(msg); + return NULL; + } + ret = ldb_msg_add_string(msg, "data", conv_str); + } else { + /* Provide a possibility to store also UTF8 + * REG_DWORD values. This is done by adding a + * '\0' in front of the data */ + struct ldb_val *val; + + val = talloc_zero(msg, struct ldb_val); + if (val == NULL) { + talloc_free(msg); + return NULL; + } + + val->data = talloc_size(msg, data.length + 1); + if (val->data == NULL) { + talloc_free(msg); + return NULL; + } + val->data[0] = '\0'; + memcpy(val->data + 1, data.data, data.length); + val->length = data.length + 1; + ret = ldb_msg_add_value(msg, "data", val, NULL); + } } else { - ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); + ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); } break; @@ -133,15 +235,29 @@ static struct ldb_message *reg_ldb_pack_value(struct ldb_context *ctx, default: if ((data.length > 0) && (data.data != NULL) && (data.data[0] != '\0')) { - ldb_msg_add_value(msg, "data", &data, NULL); + ret = ldb_msg_add_value(msg, "data", &data, NULL); } else { - ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); + ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); } break; } - type_s = talloc_asprintf(mem_ctx, "%u", type); - ldb_msg_add_string(msg, "type", type_s); + if (ret != LDB_SUCCESS) { + talloc_free(msg); + return NULL; + } + + type_str = talloc_asprintf(mem_ctx, "%u", type); + if (type_str == NULL) { + talloc_free(msg); + return NULL; + } + + ret = ldb_msg_add_string(msg, "type", type_str); + if (ret != LDB_SUCCESS) { + talloc_free(msg); + return NULL; + } return msg; } @@ -312,7 +428,7 @@ static WERROR ldb_get_default_value(TALLOC_CTX *mem_ctx, struct hive_key *k, struct ldb_result *res; int ret; - ret = ldb_search(c, mem_ctx, &res, kd->dn, LDB_SCOPE_BASE, attrs, "%s", ""); + ret = ldb_search(c, mem_ctx, &res, kd->dn, LDB_SCOPE_BASE, attrs, "(key=*)"); if (ret != LDB_SUCCESS) { DEBUG(0, ("Error getting default value for '%s': %s\n", @@ -367,7 +483,6 @@ static WERROR ldb_get_value(TALLOC_CTX *mem_ctx, struct hive_key *k, struct ldb_context *c = kd->ldb; struct ldb_result *res; int ret; - char *query; if (name == NULL) { return WERR_INVALID_PARAM; @@ -378,9 +493,8 @@ static WERROR ldb_get_value(TALLOC_CTX *mem_ctx, struct hive_key *k, return ldb_get_default_value(mem_ctx, k, NULL, data_type, data); } else { /* normal value */ - query = talloc_asprintf(mem_ctx, "(value=%s)", name); - ret = ldb_search(c, mem_ctx, &res, kd->dn, LDB_SCOPE_ONELEVEL, NULL, "%s", query); - talloc_free(query); + ret = ldb_search(c, mem_ctx, &res, kd->dn, LDB_SCOPE_ONELEVEL, + NULL, "(value=%s)", name); if (ret != LDB_SUCCESS) { DEBUG(0, ("Error getting values for '%s': %s\n", @@ -410,6 +524,7 @@ static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, const struct hive_key *h, struct ldb_context *c = kd->ldb; ldap_path = reg_path_to_ldb(mem_ctx, h, name, NULL); + W_ERROR_HAVE_NO_MEMORY(ldap_path); ret = ldb_search(c, mem_ctx, &res, ldap_path, LDB_SCOPE_BASE, NULL, "(key=*)"); @@ -489,8 +604,10 @@ static WERROR ldb_add_key(TALLOC_CTX *mem_ctx, const struct hive_key *parent, int ret; msg = ldb_msg_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(msg); msg->dn = reg_path_to_ldb(msg, parent, name, NULL); + W_ERROR_HAVE_NO_MEMORY(msg->dn); ldb_msg_add_string(msg, "key", talloc_strdup(mem_ctx, name)); if (classname != NULL) @@ -510,6 +627,7 @@ static WERROR ldb_add_key(TALLOC_CTX *mem_ctx, const struct hive_key *parent, DEBUG(2, ("key added: %s\n", ldb_dn_get_linearized(msg->dn))); newkd = talloc_zero(mem_ctx, struct ldb_key_data); + W_ERROR_HAVE_NO_MEMORY(newkd); newkd->ldb = talloc_reference(newkd, parentkd->ldb); newkd->key.ops = ®_backend_ldb; newkd->dn = talloc_steal(newkd, msg->dn); @@ -536,7 +654,9 @@ static WERROR ldb_del_value (struct hive_key *key, const char *child) mem_ctx = talloc_init("ldb_del_value"); msg = talloc_zero(mem_ctx, struct ldb_message); + W_ERROR_HAVE_NO_MEMORY(msg); msg->dn = ldb_dn_copy(msg, kd->dn); + W_ERROR_HAVE_NO_MEMORY(msg->dn); ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL); ldb_msg_add_empty(msg, "type", LDB_FLAG_MOD_DELETE, NULL); @@ -598,10 +718,7 @@ static WERROR ldb_del_key(const struct hive_key *key, const char *name) } ldap_path = reg_path_to_ldb(mem_ctx, key, name, NULL); - if (!ldap_path) { - talloc_free(mem_ctx); - return WERR_FOOBAR; - } + W_ERROR_HAVE_NO_MEMORY(ldap_path); /* Search for subkeys */ ret = ldb_search(c, mem_ctx, &res_keys, ldap_path, LDB_SCOPE_ONELEVEL, @@ -705,7 +822,10 @@ static WERROR ldb_set_value(struct hive_key *parent, TALLOC_CTX *mem_ctx = talloc_init("ldb_set_value"); msg = reg_ldb_pack_value(kd->ldb, mem_ctx, name, type, data); + W_ERROR_HAVE_NO_MEMORY(msg); + msg->dn = ldb_dn_copy(msg, kd->dn); + W_ERROR_HAVE_NO_MEMORY(msg->dn); if ((name != NULL) && (name[0] != '\0')) { /* For a default value, we add/overwrite the attributes to/of the hive. diff --git a/source4/lib/registry/util.c b/source4/lib/registry/util.c index 7da53d3..6ff6194 100644 --- a/source4/lib/registry/util.c +++ b/source4/lib/registry/util.c @@ -71,23 +71,27 @@ _PUBLIC_ char *reg_val_data_string(TALLOC_CTX *mem_ctx, switch (type) { case REG_EXPAND_SZ: case REG_SZ: - convert_string_talloc_convenience(mem_ctx, - iconv_convenience, - CH_UTF16, CH_UNIX, - data.data, - data.length, - (void **)&ret, - NULL, false); + if (data.length % 2 == 0) { + convert_string_talloc_convenience(mem_ctx, + iconv_convenience, + CH_UTF16, CH_UNIX, + data.data, + data.length, + (void **)&ret, + NULL, false); + } break; case REG_BINARY: ret = data_blob_hex_string_upper(mem_ctx, &data); break; case REG_DWORD: - if (IVAL(data.data, 0) == 0) { - ret = talloc_strdup(mem_ctx, "0"); - } else { - ret = talloc_asprintf(mem_ctx, "0x%x", - IVAL(data.data, 0)); + if (data.length == sizeof(uint32_t)) { + if (IVAL(data.data, 0) == 0) { + ret = talloc_strdup(mem_ctx, "0"); + } else { + ret = talloc_asprintf(mem_ctx, "0x%x", + IVAL(data.data, 0)); + } } break; case REG_NONE: diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 538def6..15d4535 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -2043,9 +2043,8 @@ static bool test_SetValue_extended(struct dcerpc_pipe *p, }; int t, l; - if (torture_setting_bool(tctx, "samba3", false) || - torture_setting_bool(tctx, "samba4", false)) { - torture_skip(tctx, "skipping extended SetValue test against Samba"); + if (torture_setting_bool(tctx, "samba3", false)) { + torture_skip(tctx, "skipping extended SetValue test against Samba 3"); } torture_comment(tctx, "Testing SetValue (extended formats)\n"); @@ -2152,8 +2151,13 @@ static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p, if (created) { torture_assert(tctx, test_SetValue_simple(p, tctx, &newhandle), "simple SetValue test failed"); - torture_assert(tctx, test_SetValue_extended(p, tctx, &newhandle), - "extended SetValue test failed"); + if (!test_SetValue_extended(p, tctx, &newhandle)) { + if (torture_setting_bool(tctx, "samba3", false)) { + torture_warning(tctx, "extended SetValue test failed"); + } else { + torture_fail(tctx, "extended SetValue test failed"); + } + } } if (created && !test_CloseKey(p, tctx, &newhandle)) -- Samba Shared Repository