Bug 7453 - winreg: QueryValue crashes on NULL pointer dereference
Summary: winreg: QueryValue crashes on NULL pointer dereference
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 3.5.3
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-25 07:14 UTC by Guenther Deschner
Modified: 2012-05-23 20:10 UTC (History)
1 user (show)

See Also:
asn: review+

Attachments
patch for 3.5 (the core server fix and also enable RPC-WINREG during make test) (4.00 KB, patch)
2010-05-25 07:15 UTC, Guenther Deschner 		no flags Details
fixed version of that patch (enabled wrong test) (4.00 KB, patch)
2010-05-25 07:19 UTC, Guenther Deschner 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2010-05-25 07:14:47 UTC 
winreg: QueryValue crashes on NULL pointer dereference

(already fixed in master)
Comment 1 Guenther Deschner 2010-05-25 07:15:47 UTC 
Created attachment 5738 [details]
patch for 3.5 (the core server fix and also enable RPC-WINREG during make test)
Comment 2 Guenther Deschner 2010-05-25 07:19:05 UTC 
Created attachment 5739 [details]
fixed version of that patch (enabled wrong test)
Comment 3 Andreas Schneider 2010-05-25 07:46:05 UTC 
The patches look fine.
Comment 4 Michael Adam 2010-05-26 02:49:55 UTC 
The patchset contains three fixes (plus the enabling of WINREG-RPC).

* there are actually two fixes of NULL handling
  (for in.name and for out.data)
  => ok for these
* the "change notify call" patch does not seem to be related?
  Is it just to make smbtorture not fail?
  I don't quite understand it.
* I guess we can enable the test again when it passes...
Comment 5 Guenther Deschner 2010-05-27 05:50:51 UTC 
(In reply to comment #4)
> The patchset contains three fixes (plus the enabling of WINREG-RPC).
> 
> * there are actually two fixes of NULL handling
>   (for in.name and for out.data)
>   => ok for these

good, thanks

> * the "change notify call" patch does not seem to be related?
>   Is it just to make smbtorture not fail?

yes. It was really sad that we didnt have RPC-WINREG running against s3 earlier which probably would have catched that.

>   I don't quite understand it.
> * I guess we can enable the test again when it passes...

yes, this what that patch is about.

taking this as a +1 and reassigning to karolin for inclusion.
Comment 6 Karolin Seeger 2010-05-27 07:05:45 UTC 
Pushed to v3-5-test.
Closing out bug report.

Thanks!
Comment 7 Michael Adam 2010-05-27 09:20:48 UTC 
(In reply to comment #5)
> (In reply to comment #4)
> > The patchset contains three fixes (plus the enabling of WINREG-RPC).
> > 
> > * there are actually two fixes of NULL handling
> >   (for in.name and for out.data)
> >   => ok for these
> 
> good, thanks
> 
> > * the "change notify call" patch does not seem to be related?
> >   Is it just to make smbtorture not fail?
> 
> yes. It was really sad that we didnt have RPC-WINREG running against s3 earlier
> which probably would have catched that.
> 
> >   I don't quite understand it.
> > * I guess we can enable the test again when it passes...
> 
> yes, this what that patch is about.
> 
> taking this as a +1 and reassigning to karolin for inclusion.

Yes, ok! :-)