Bug 7453 - winreg: QueryValue crashes on NULL pointer dereference
Summary: winreg: QueryValue crashes on NULL pointer dereference
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 3.5.3
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-25 07:14 UTC by Guenther Deschner
Modified: 2012-05-23 20:10 UTC (History)
1 user (show)

See Also:
asn: review+


Attachments
patch for 3.5 (the core server fix and also enable RPC-WINREG during make test) (4.00 KB, patch)
2010-05-25 07:15 UTC, Guenther Deschner
no flags Details
fixed version of that patch (enabled wrong test) (4.00 KB, patch)
2010-05-25 07:19 UTC, Guenther Deschner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2010-05-25 07:14:47 UTC
winreg: QueryValue crashes on NULL pointer dereference

(already fixed in master)
Comment 1 Guenther Deschner 2010-05-25 07:15:47 UTC
Created attachment 5738 [details]
patch for 3.5 (the core server fix and also enable RPC-WINREG during make test)
Comment 2 Guenther Deschner 2010-05-25 07:19:05 UTC
Created attachment 5739 [details]
fixed version of that patch (enabled wrong test)
Comment 3 Andreas Schneider 2010-05-25 07:46:05 UTC
The patches look fine.
Comment 4 Michael Adam 2010-05-26 02:49:55 UTC
The patchset contains three fixes (plus the enabling of WINREG-RPC).

* there are actually two fixes of NULL handling
  (for in.name and for out.data)
  => ok for these
* the "change notify call" patch does not seem to be related?
  Is it just to make smbtorture not fail?
  I don't quite understand it.
* I guess we can enable the test again when it passes...
Comment 5 Guenther Deschner 2010-05-27 05:50:51 UTC
(In reply to comment #4)
> The patchset contains three fixes (plus the enabling of WINREG-RPC).
> 
> * there are actually two fixes of NULL handling
>   (for in.name and for out.data)
>   => ok for these

good, thanks

> * the "change notify call" patch does not seem to be related?
>   Is it just to make smbtorture not fail?

yes. It was really sad that we didnt have RPC-WINREG running against s3 earlier which probably would have catched that.

>   I don't quite understand it.
> * I guess we can enable the test again when it passes...

yes, this what that patch is about.

taking this as a +1 and reassigning to karolin for inclusion.
Comment 6 Karolin Seeger 2010-05-27 07:05:45 UTC
Pushed to v3-5-test.
Closing out bug report.

Thanks!
Comment 7 Michael Adam 2010-05-27 09:20:48 UTC
(In reply to comment #5)
> (In reply to comment #4)
> > The patchset contains three fixes (plus the enabling of WINREG-RPC).
> > 
> > * there are actually two fixes of NULL handling
> >   (for in.name and for out.data)
> >   => ok for these
> 
> good, thanks
> 
> > * the "change notify call" patch does not seem to be related?
> >   Is it just to make smbtorture not fail?
> 
> yes. It was really sad that we didnt have RPC-WINREG running against s3 earlier
> which probably would have catched that.
> 
> >   I don't quite understand it.
> > * I guess we can enable the test again when it passes...
> 
> yes, this what that patch is about.
> 
> taking this as a +1 and reassigning to karolin for inclusion.

Yes, ok! :-)