From: Gregor Beck <gbeck@sernet.de>
Date: Tue, 6 Sep 2011 07:24:10 +0000 (+0200)
Subject: s3:registry: reg_format: handle unterminated REG_SZ blobs
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11287cec6a53717c7abc5a54c2607f8ffb33d8bb;p=thirdparty%2Fsamba.git

s3:registry: reg_format: handle unterminated REG_SZ blobs

Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit b9da4235566ffdd649d7b4a6ca05cecd02cfbd20)
---

diff --git a/source3/registry/reg_format.c b/source3/registry/reg_format.c
index 658076c5cfe..77a27fcc0a2 100644
--- a/source3/registry/reg_format.c
+++ b/source3/registry/reg_format.c
@@ -326,6 +326,12 @@ done:
 	return ret;
 }
 
+static bool is_zero_terminated_ucs2(const uint8_t* data, size_t len) {
+	const size_t idx = len/sizeof(smb_ucs2_t);
+	const smb_ucs2_t *str = (const smb_ucs2_t*)data;
+	return (idx > 0) && (str[idx] == 0);
+}
+
 int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
 		     const uint8_t* data, size_t len)
 {
@@ -334,7 +340,9 @@ int reg_format_value(struct reg_format* f, const char* name, uint32_t type,
 
 	switch (type) {
 	case REG_SZ:
-		if (!(f->flags & REG_FMT_HEX_SZ)) {
+		if (!(f->flags & REG_FMT_HEX_SZ)
+		    && is_zero_terminated_ucs2(data, len))
+		{
 			char* str = NULL;
 			size_t dlen;
 			if (pull_ucs2_talloc(mem_ctx, &str, (const smb_ucs2_t*)data, &dlen)) {