Bug 4705 - regshell segfault when try to access a key value
regshell segfault when try to access a key value
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: Other
unspecified
x86 Linux
: P3 regression
: ---
Assigned To: Andrew Bartlett
Andrew Bartlett
:
Depends on: 4717
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-18 10:07 UTC by Roberto Alcini
Modified: 2008-01-07 13:01 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Roberto Alcini 2007-06-18 10:07:47 UTC
I've tried regshell from Samba Version 4.0.0tp5 and Samba Version 4.0.0tp6, but it  always segfaults. The target host is a Windows 2003 Server English with ntlm2 enabled.

The command line used is:
./regshell -R ncacn_np:ip_address -U administrator
and when logged the command 'list' at the end of enumeration triggers the problem.

Same results if i i try the command print on an existent key name.
Comment 1 Roberto Alcini 2007-06-20 07:52:47 UTC
The problem is in the decoding of rpc response containing the key data. 
This problem is similar to problem described in ticket 4717. With gdb i found that the problem is in the winreg_EnumValue fullfilling, because the field out.max_valbufsize results always uninitialized even if other methods don't check its value before to use it as results it segfaults.
Comment 2 Andrew Bartlett 2007-07-16 23:36:12 UTC
The registry code is under a rewrite by jelmer.  I'm not yet sure when that newer code will land, but am hesitent to dive into this in the meantime. 

Let's look at this again if/when jelmer's branch is either merged, or abandoned. 

Thanks,
Comment 3 Matthias Dieter Wallnöfer 2007-08-31 05:34:53 UTC
Seems to be reproducible also with the new backend. I wasn't even able to login in the right way!
Comment 4 Jelmer Vernooij 2008-01-07 13:01:08 UTC
This has been fixed in svn.