s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2...

1. catch data blobs with odd number of bytes (not an ucs2 string at all)
2. test the right ucs2 character to be 0
   (prevent out-of bounds access/potential segfault)

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sun Oct  2 01:26:05 CEST 2011 on sn-devel-104
(cherry picked from commit 95bb2c23e6e9c52a1e34916dff05b1d306278bc6)

The last 2 patches address bug #8528 (SEGFAULT from net registry export on not
zero terminated REG_SZ values).

diff --git a/source3/registry/reg_format.c b/source3/registry/reg_format.c
index 77a27fcc0a25686777802f0ecfcd8252601114e8..db03961919b550010304b1c2f5624f30904edf3b 100644 (file)
--- a/source3/registry/reg_format.c
+++ b/source3/registry/reg_format.c
@@ -329,7 +329,16 @@ done:
 static bool is_zero_terminated_ucs2(const uint8_t* data, size_t len) {
        const size_t idx = len/sizeof(smb_ucs2_t);
        const smb_ucs2_t *str = (const smb_ucs2_t*)data;
-       return (idx > 0) && (str[idx] == 0);
+
+       if ((len % sizeof(smb_ucs2_t)) != 0) {
+               return false;
+       }
+
+       if (idx == 0) {
+               return false;
+       }
+
+       return (str[idx-1] == 0);
 }
 
 int reg_format_value(struct reg_format* f, const char* name, uint32_t type,