The branch, master has been updated
via 3b90bfb s3:utils/profiles fix a use after free
via 4b41489 s3:registry/regfio fix some valgrind warnings
via 217a018 s3:registry/regfio read SD from the correct location
from 8c41795 s3-libsmb: Duplicate the memory before we free it.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3b90bfb1089e6a4b7e05e7ed62bb642521f57917
Author: Christian Ambach <[email protected]>
Date: Tue Nov 4 23:51:23 2014 +0100
s3:utils/profiles fix a use after free
path is a talloc-child of subkeys, so subkeys should not be freed before
calling
verbose_output
Signed-off-by: Christian Ambach <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Christian Ambach <[email protected]>
Autobuild-Date(master): Wed Dec 3 00:43:19 CET 2014 on sn-devel-104
commit 4b41489901b7f1a78ffd479128c3e0d309e53b53
Author: Christian Ambach <[email protected]>
Date: Tue Nov 4 23:50:07 2014 +0100
s3:registry/regfio fix some valgrind warnings
Signed-off-by: Christian Ambach <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
commit 217a0189c15761f6c7b24c9d7bfdbccf85de8e1d
Author: Christian Ambach <[email protected]>
Date: Tue Nov 4 23:47:26 2014 +0100
s3:registry/regfio read SD from the correct location
try to find the security descriptor at the data pointer, not at the
beginning of the hbin
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9629
Signed-off-by: Christian Ambach <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/registry/regfio.c | 10 ++++++----
source3/utils/profiles.c | 6 +++---
2 files changed, 9 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index fe80094..e49de26 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -768,8 +768,10 @@ static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN
*hbin, int depth, REGF_
if (!prs_copy_data_in(&hbin->ps, (const char
*)blob.data, blob.length))
return False;
} else {
- blob = data_blob_const(prs_data_p(&hbin->ps),
- prs_data_size(&hbin->ps));
+ blob = data_blob_const(
+ prs_data_p(&hbin->ps) + prs_offset(&hbin->ps),
+ prs_data_size(&hbin->ps) - prs_offset(&hbin->ps)
+ );
status = unmarshall_sec_desc(mem_ctx,
blob.data, blob.length,
&sk->sec_desc);
@@ -1739,7 +1741,7 @@ static bool create_vk_record(REGF_FILE *file, REGF_VK_REC
*vk,
/* make sure we don't try to copy from a NULL value pointer */
if ( vk->data_size != 0 )
- memcpy( &vk->data_off, regval_data_p(value),
sizeof(uint32) );
+ memcpy( &vk->data_off, regval_data_p(value),
vk->data_size);
vk->data_size |= VK_DATA_IN_OFFSET;
}
@@ -1804,7 +1806,7 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC
*h2 )
REGF_HASH_REC *hash =
&parent->subkeys.hashes[parent->subkey_index];
hash->nk_off = prs_offset( &nk->hbin->ps ) +
nk->hbin->first_hbin_off - HBIN_HDR_SIZE;
- memcpy( hash->keycheck, name, sizeof(uint32) );
+ memcpy(hash->keycheck, name, MIN(strlen(name),sizeof(uint32)));
hash->fullname = talloc_strdup( file->mem_ctx, name );
parent->subkey_index++;
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index 0f274ad..22c8f72 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -189,12 +189,12 @@ static bool copy_registry_tree( REGF_FILE *infile,
REGF_NK_REC *nk,
}
}
- /* values is a talloc()'d child of subkeys here so just throw it all
away */
-
- TALLOC_FREE( subkeys );
verbose_output("[%s]\n", path);
+ /* values is a talloc()'d child of subkeys here so just throw it all
away */
+ TALLOC_FREE(subkeys);
+
return True;
}
--
Samba Shared Repository
