From eb8c8a0ecaa9bfd29f090db21fccdad7751767ae Mon Sep 17 00:00:00 2001
From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= <mwallnoefer@yahoo.de>
Date: Sun, 14 Mar 2010 17:40:14 +0100
Subject: [PATCH] s4:registry - util.c - add harder checks for inputs on
 "reg_val_data_string"

("NULL" result is error on most data types).
---
 source4/lib/registry/util.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/source4/lib/registry/util.c b/source4/lib/registry/util.c
index 7da53d381d5..6ff61942f9c 100644
--- a/source4/lib/registry/util.c
+++ b/source4/lib/registry/util.c
@@ -71,23 +71,27 @@ _PUBLIC_ char *reg_val_data_string(TALLOC_CTX *mem_ctx,
 	switch (type) {
 		case REG_EXPAND_SZ:
 		case REG_SZ:
-			convert_string_talloc_convenience(mem_ctx,
-							  iconv_convenience,
-							  CH_UTF16, CH_UNIX,
-							  data.data,
-							  data.length,
-							  (void **)&ret,
-							  NULL, false);
+			if (data.length % 2 == 0) {
+				convert_string_talloc_convenience(mem_ctx,
+								  iconv_convenience,
+								  CH_UTF16, CH_UNIX,
+								  data.data,
+								  data.length,
+								  (void **)&ret,
+								  NULL, false);
+			}
 			break;
 		case REG_BINARY:
 			ret = data_blob_hex_string_upper(mem_ctx, &data);
 			break;
 		case REG_DWORD:
-			if (IVAL(data.data, 0) == 0) {
-				ret = talloc_strdup(mem_ctx, "0");
-			} else {
-				ret = talloc_asprintf(mem_ctx, "0x%x",
-						      IVAL(data.data, 0));
+			if (data.length == sizeof(uint32_t)) {
+				if (IVAL(data.data, 0) == 0) {
+					ret = talloc_strdup(mem_ctx, "0");
+				} else {
+					ret = talloc_asprintf(mem_ctx, "0x%x",
+							      IVAL(data.data, 0));
+				}
 			}
 			break;
 		case REG_NONE:
-- 
2.11.4.GIT