From edebbc248515a4d3c205cb945f411292f189d6ec Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 10 Aug 2006 00:29:23 +0000 Subject: [PATCH] DEVEL15-windows-backconnectionhostnames-fix-20060809 The previous code failed to specify the correct size of the REG_MULTI_SZ being written to the registry when appending an additional name to the list of Back Connection Host names. This would cause the written string to contain FOO\0B instead of FOO\0\BAR\0\0 this caused problems for Windows 2000 lsass.exe which failed to properly allocate the buffer for RegQueryValueEx and failed to check that it did not read beyond the buffer. If the list was not terminated with two nuls an exception would be thrown that could result in a lock being orphaned on the NTLMNameTable. This would in turn prevent authentications to UNC resources from completing. As a result, the startup of afsd_service.exe would fail if a GlobalAutoMapper drive was configured. The work around is to set the correct value in the registry before switching machine names or installing/removing the Microsoft Loopback Adapter. (cherry picked from commit cca848edb12abea4deb8f676b07182575d61186d) --- src/WINNT/afsd/afsd_init.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/WINNT/afsd/afsd_init.c b/src/WINNT/afsd/afsd_init.c index 916501e77..54b563f07 100644 --- a/src/WINNT/afsd/afsd_init.c +++ b/src/WINNT/afsd/afsd_init.c @@ -270,7 +270,7 @@ configureBackConnectionHostNames(void) HKEY hkMSV10; HKEY hkClient; DWORD dwType; - DWORD dwSize; + DWORD dwSize, dwAllocSize; DWORD dwValue; PBYTE pHostNames = NULL, pName = NULL; BOOL bNameFound = FALSE; @@ -283,11 +283,15 @@ configureBackConnectionHostNames(void) { if (RegQueryValueEx( hkMSV10, "BackConnectionHostNames", 0, &dwType, NULL, &dwSize) == ERROR_SUCCESS) { - dwSize += strlen(cm_NetbiosName) + 1; - pHostNames = malloc(dwSize); + dwAllocSize += 1 /* in case the source string is not nul terminated */ + + strlen(cm_NetbiosName) + 2; + pHostNames = malloc(dwAllocSize); + dwSize = dwAllocSize; if (RegQueryValueEx( hkMSV10, "BackConnectionHostNames", 0, &dwType, pHostNames, &dwSize) == ERROR_SUCCESS) { - for (pName = pHostNames; *pName ; pName += strlen(pName) + 1) + for (pName = pHostNames; + (pName - pHostNames < dwSize) && *pName ; + pName += strlen(pName) + 1) { if ( !stricmp(pName, cm_NetbiosName) ) { bNameFound = TRUE; @@ -301,7 +305,6 @@ configureBackConnectionHostNames(void) size_t size = strlen(cm_NetbiosName) + 2; if ( !pHostNames ) { pHostNames = malloc(size); - dwSize = size; pName = pHostNames; } StringCbCopyA(pName, size, cm_NetbiosName); @@ -309,6 +312,7 @@ configureBackConnectionHostNames(void) *pName = '\0'; /* add a second nul terminator */ dwType = REG_MULTI_SZ; + dwSize = pName - pHostNames + 1; RegSetValueEx( hkMSV10, "BackConnectionHostNames", 0, dwType, pHostNames, dwSize); if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, -- 2.39.5