summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-03-25 01:37:08 +0000
committerJeremy Allison <jra@samba.org>2000-03-25 01:37:08 +0000
commit614929752ecfc7a2f621bc868406d3d77b63895d (patch)
tree5100be36de7c47f1b7b2ededbbdf8944fd039ae2
parent6814d0f45689d2a17af3d95511208421d10f5fce (diff)
downloadsamba-614929752ecfc7a2f621bc868406d3d77b63895d.tar.gz
samba-614929752ecfc7a2f621bc868406d3d77b63895d.tar.bz2
samba-614929752ecfc7a2f621bc868406d3d77b63895d.zip
rpc_parse/parse_spoolss.c: Added checks on mallocs/overflow checks on all prs_xx
calls. smbd/connection.c: Fix from David Lee <T.D.Lee@durham.ac.uk>. Jeremy. (This used to be commit 53721fbc7d2a986cf999b8f031a2d9003c0dccae)
-rw-r--r--source3/rpc_parse/parse_spoolss.c424
-rw-r--r--source3/smbd/connection.c116
2 files changed, 375 insertions, 165 deletions
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 8ff26e090c..d88761e081 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -55,14 +55,22 @@ This should be moved in a more generic lib.
********************************************************************/
static BOOL spoolss_io_system_time(char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime)
{
- prs_uint16("year", ps, depth, &(systime->year));
- prs_uint16("month", ps, depth, &(systime->month));
- prs_uint16("dayofweek", ps, depth, &(systime->dayofweek));
- prs_uint16("day", ps, depth, &(systime->day));
- prs_uint16("hour", ps, depth, &(systime->hour));
- prs_uint16("minute", ps, depth, &(systime->minute));
- prs_uint16("second", ps, depth, &(systime->second));
- prs_uint16("milliseconds", ps, depth, &(systime->milliseconds));
+ if(!prs_uint16("year", ps, depth, &(systime->year)))
+ return False;
+ if(!prs_uint16("month", ps, depth, &(systime->month)))
+ return False;
+ if(!prs_uint16("dayofweek", ps, depth, &(systime->dayofweek)))
+ return False;
+ if(!prs_uint16("day", ps, depth, &(systime->day)))
+ return False;
+ if(!prs_uint16("hour", ps, depth, &(systime->hour)))
+ return False;
+ if(!prs_uint16("minute", ps, depth, &(systime->minute)))
+ return False;
+ if(!prs_uint16("second", ps, depth, &(systime->second)))
+ return False;
+ if(!prs_uint16("milliseconds", ps, depth, &(systime->milliseconds)))
+ return False;
return True;
}
@@ -93,15 +101,22 @@ static BOOL smb_io_doc_info_1(char *desc, DOC_INFO_1 *info_1, prs_struct *ps, in
prs_debug(ps, depth, desc, "smb_io_doc_info_1");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("p_docname", ps, depth, &(info_1->p_docname));
- prs_uint32("p_outputfile", ps, depth, &(info_1->p_outputfile));
- prs_uint32("p_datatype", ps, depth, &(info_1->p_datatype));
+ if(!prs_uint32("p_docname", ps, depth, &(info_1->p_docname)))
+ return False;
+ if(!prs_uint32("p_outputfile", ps, depth, &(info_1->p_outputfile)))
+ return False;
+ if(!prs_uint32("p_datatype", ps, depth, &(info_1->p_datatype)))
+ return False;
- smb_io_unistr2("", &(info_1->docname), info_1->p_docname, ps, depth);
- smb_io_unistr2("", &(info_1->outputfile), info_1->p_outputfile, ps, depth);
- smb_io_unistr2("", &(info_1->datatype), info_1->p_datatype, ps, depth);
+ if(!smb_io_unistr2("", &(info_1->docname), info_1->p_docname, ps, depth))
+ return False;
+ if(!smb_io_unistr2("", &(info_1->outputfile), info_1->p_outputfile, ps, depth))
+ return False;
+ if(!smb_io_unistr2("", &(info_1->datatype), info_1->p_datatype, ps, depth))
+ return False;
return True;
}
@@ -118,16 +133,20 @@ static BOOL smb_io_doc_info(char *desc, DOC_INFO *info, prs_struct *ps, int dept
prs_debug(ps, depth, desc, "smb_io_doc_info");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("switch_value", ps, depth, &(info->switch_value));
+ if(!prs_uint32("switch_value", ps, depth, &(info->switch_value)))
+ return False;
- prs_uint32("doc_info_X ptr", ps, depth, &(useless_ptr));
+ if(!prs_uint32("doc_info_X ptr", ps, depth, &(useless_ptr)))
+ return False;
switch (info->switch_value)
{
case 1:
- smb_io_doc_info_1("",&(info->doc_info_1), ps, depth);
+ if(!smb_io_doc_info_1("",&(info->doc_info_1), ps, depth))
+ return False;
break;
case 2:
/*
@@ -160,11 +179,14 @@ static BOOL smb_io_doc_info_container(char *desc, DOC_INFO_CONTAINER *cont, prs_
prs_debug(ps, depth, desc, "smb_io_doc_info_container");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("level", ps, depth, &(cont->level));
+ if(!prs_uint32("level", ps, depth, &(cont->level)))
+ return False;
- smb_io_doc_info("",&(cont->docinfo), ps, depth);
+ if(!smb_io_doc_info("",&(cont->docinfo), ps, depth))
+ return False;
return True;
}
@@ -308,20 +330,28 @@ static BOOL smb_io_notify_info_data(char *desc,SPOOL_NOTIFY_INFO_DATA *data, prs
isvalue=data->enc_type;
- prs_align(ps);
- prs_uint16("type", ps, depth, &(data->type));
- prs_uint16("field", ps, depth, &(data->field));
+ if(!prs_align(ps))
+ return False;
+ if(!prs_uint16("type", ps, depth, &(data->type)))
+ return False;
+ if(!prs_uint16("field", ps, depth, &(data->field)))
+ return False;
/*prs_align(ps);*/
- prs_uint32("how many words", ps, depth, &how_many_words);
- prs_uint32("id", ps, depth, &(data->id));
- prs_uint32("how many words", ps, depth, &how_many_words);
+ if(!prs_uint32("how many words", ps, depth, &how_many_words))
+ return False;
+ if(!prs_uint32("id", ps, depth, &(data->id)))
+ return False;
+ if(!prs_uint32("how many words", ps, depth, &how_many_words))
+ return False;
/*prs_align(ps);*/
if (isvalue==True)
{
- prs_uint32("value[0]", ps, depth, &(data->notify_data.value[0]));
- prs_uint32("value[1]", ps, depth, &(data->notify_data.value[1]));
+ if(!prs_uint32("value[0]", ps, depth, &(data->notify_data.value[0])))
+ return False;
+ if(!prs_uint32("value[1]", ps, depth, &(data->notify_data.value[1])))
+ return False;
/*prs_align(ps);*/
}
else
@@ -329,8 +359,10 @@ static BOOL smb_io_notify_info_data(char *desc,SPOOL_NOTIFY_INFO_DATA *data, prs
/* it's a string */
/* length in ascii including \0 */
x=2*(data->notify_data.data.length+1);
- prs_uint32("string length", ps, depth, &x );
- prs_uint32("pointer", ps, depth, &useless_ptr);
+ if(!prs_uint32("string length", ps, depth, &x ))
+ return False;
+ if(!prs_uint32("pointer", ps, depth, &useless_ptr))
+ return False;
/*prs_align(ps);*/
}
@@ -349,17 +381,22 @@ BOOL smb_io_notify_info_data_strings(char *desc,SPOOL_NOTIFY_INFO_DATA *data,
prs_debug(ps, depth, desc, "smb_io_notify_info_data");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
+
isvalue=data->enc_type;
if (isvalue==False)
{
/* length of string in unicode include \0 */
x=data->notify_data.data.length+1;
- prs_uint32("string length", ps, depth, &x );
- prs_uint16s(True,"string",ps,depth,data->notify_data.data.string,x);
+ if(!prs_uint32("string length", ps, depth, &x ))
+ return False;
+ if(!prs_uint16s(True,"string",ps,depth,data->notify_data.data.string,x))
+ return False;
}
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
return True;
}
@@ -377,20 +414,26 @@ static BOOL smb_io_notify_info(char *desc, SPOOL_NOTIFY_INFO *info, prs_struct *
if(!prs_align(ps))
return False;
- prs_uint32("count", ps, depth, &(info->count));
- prs_uint32("version", ps, depth, &(info->version));
- prs_uint32("flags", ps, depth, &(info->flags));
- prs_uint32("count", ps, depth, &(info->count));
+ if(!prs_uint32("count", ps, depth, &(info->count)))
+ return False;
+ if(!prs_uint32("version", ps, depth, &(info->version)))
+ return False;
+ if(!prs_uint32("flags", ps, depth, &(info->flags)))
+ return False;
+ if(!prs_uint32("count", ps, depth, &(info->count)))
+ return False;
for (i=0;i<info->count;i++)
{
- smb_io_notify_info_data(desc, &(info->data[i]), ps, depth);
+ if(!smb_io_notify_info_data(desc, &(info->data[i]), ps, depth))
+ return False;
}
/* now do the strings at the end of the stream */
for (i=0;i<info->count;i++)
{
- smb_io_notify_info_data_strings(desc, &(info->data[i]), ps, depth);
+ if(!smb_io_notify_info_data_strings(desc, &(info->data[i]), ps, depth))
+ return False;
}
return True;
@@ -546,6 +589,8 @@ static BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE
{
if (UNMARSHALLING(ps)) {
devmode->private=(uint8 *)malloc(devmode->driverextra*sizeof(uint8));
+ if(devmode->private == NULL)
+ return False;
DEBUG(7,("spoolss_io_devmode: allocated memory [%d] for private\n",devmode->driverextra));
}
@@ -588,6 +633,8 @@ static BOOL spoolss_io_devmode_cont(char *desc, DEVMODE_CTR *dm_c, prs_struct *p
if (UNMARSHALLING(ps)) {
DEBUG(9,("Allocating memory for spoolss_io_devmode\n"));
dm_c->devmode=(DEVICEMODE *)malloc(sizeof(DEVICEMODE));
+ if(dm_c->devmode == NULL)
+ return False;
ZERO_STRUCTP(dm_c->devmode);
}
@@ -869,11 +916,14 @@ BOOL spoolss_io_q_startdocprinter(char *desc, SPOOL_Q_STARTDOCPRINTER *q_u, prs_
prs_debug(ps, depth, desc, "spoolss_io_q_startdocprinter");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
- smb_io_doc_info_container("",&(q_u->doc_info_container), ps, depth);
+ if(!smb_io_doc_info_container("",&(q_u->doc_info_container), ps, depth))
+ return False;
return True;
}
@@ -886,8 +936,10 @@ BOOL spoolss_io_r_startdocprinter(char *desc, SPOOL_R_STARTDOCPRINTER *r_u, prs_
{
prs_debug(ps, depth, desc, "spoolss_io_r_startdocprinter");
depth++;
- prs_uint32("jobid", ps, depth, &(r_u->jobid));
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("jobid", ps, depth, &(r_u->jobid)))
+ return False;
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -903,9 +955,11 @@ BOOL spoolss_io_q_enddocprinter(char *desc, SPOOL_Q_ENDDOCPRINTER *q_u, prs_stru
prs_debug(ps, depth, desc, "spoolss_io_q_enddocprinter");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
return True;
}
@@ -918,7 +972,8 @@ BOOL spoolss_io_r_enddocprinter(char *desc, SPOOL_R_ENDDOCPRINTER *r_u, prs_stru
{
prs_debug(ps, depth, desc, "spoolss_io_r_enddocprinter");
depth++;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -934,9 +989,11 @@ BOOL spoolss_io_q_startpageprinter(char *desc, SPOOL_Q_STARTPAGEPRINTER *q_u, pr
prs_debug(ps, depth, desc, "spoolss_io_q_startpageprinter");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
return True;
}
@@ -949,7 +1006,8 @@ BOOL spoolss_io_r_startpageprinter(char *desc, SPOOL_R_STARTPAGEPRINTER *r_u, pr
{
prs_debug(ps, depth, desc, "spoolss_io_r_startpageprinter");
depth++;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -965,9 +1023,11 @@ BOOL spoolss_io_q_endpageprinter(char *desc, SPOOL_Q_ENDPAGEPRINTER *q_u, prs_st
prs_debug(ps, depth, desc, "spoolss_io_q_endpageprinter");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
return True;
}
@@ -980,7 +1040,8 @@ BOOL spoolss_io_r_endpageprinter(char *desc, SPOOL_R_ENDPAGEPRINTER *r_u, prs_st
{
prs_debug(ps, depth, desc, "spoolss_io_r_endpageprinter");
depth++;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -996,18 +1057,26 @@ BOOL spoolss_io_q_writeprinter(char *desc, SPOOL_Q_WRITEPRINTER *q_u, prs_struct
prs_debug(ps, depth, desc, "spoolss_io_q_writeprinter");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
- prs_uint32("buffer_size", ps, depth, &(q_u->buffer_size));
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
+ if(!prs_uint32("buffer_size", ps, depth, &(q_u->buffer_size)))
+ return False;
if (q_u->buffer_size!=0)
{
q_u->buffer=(uint8 *)malloc(q_u->buffer_size*sizeof(uint8));
- prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size);
+ if(q_u->buffer == NULL)
+ return False;
+ if(!prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size))
+ return False;
}
- prs_align(ps);
- prs_uint32("buffer_size2", ps, depth, &(q_u->buffer_size2));
+ if(!prs_align(ps))
+ return False;
+ if(!prs_uint32("buffer_size2", ps, depth, &(q_u->buffer_size2)))
+ return False;
return True;
}
@@ -1020,8 +1089,10 @@ BOOL spoolss_io_r_writeprinter(char *desc, SPOOL_R_WRITEPRINTER *r_u, prs_struct
{
prs_debug(ps, depth, desc, "spoolss_io_r_writeprinter");
depth++;
- prs_uint32("buffer_written", ps, depth, &(r_u->buffer_written));
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("buffer_written", ps, depth, &(r_u->buffer_written)))
+ return False;
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -2605,9 +2676,11 @@ BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps
prs_debug(ps, depth, desc, "spoolss_io_r_setprinter");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -2633,8 +2706,10 @@ BOOL spoolss_io_q_setprinter(char *desc, SPOOL_Q_SETPRINTER *q_u, prs_struct *ps
if (!spoolss_io_devmode_cont(desc, &q_u->devmode_ctr, ps, depth))
return False;
- prs_uint32("security.size_of_buffer", ps, depth, &q_u->security.size_of_buffer);
- prs_uint32("security.data", ps, depth, &q_u->security.data);
+ if(!prs_uint32("security.size_of_buffer", ps, depth, &q_u->security.size_of_buffer))
+ return False;
+ if(!prs_uint32("security.data", ps, depth, &q_u->security.data))
+ return False;
if(!prs_uint32("command", ps, depth, &q_u->command))
return False;
@@ -2649,9 +2724,11 @@ BOOL spoolss_io_r_fcpn(char *desc, SPOOL_R_FCPN *r_u, prs_struct *ps, int depth)
prs_debug(ps, depth, desc, "spoolss_io_r_fcpn");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -2664,9 +2741,11 @@ BOOL spoolss_io_q_fcpn(char *desc, SPOOL_Q_FCPN *q_u, prs_struct *ps, int depth)
prs_debug(ps, depth, desc, "spoolss_io_q_fcpn");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
return True;
}
@@ -2802,9 +2881,11 @@ BOOL spoolss_io_r_schedulejob(char *desc, SPOOL_R_SCHEDULEJOB *r_u, prs_struct *
prs_debug(ps, depth, desc, "spoolss_io_r_schedulejob");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -2816,10 +2897,13 @@ BOOL spoolss_io_q_schedulejob(char *desc, SPOOL_Q_SCHEDULEJOB *q_u, prs_struct *
prs_debug(ps, depth, desc, "spoolss_io_q_schedulejob");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
- prs_uint32("jobid", ps, depth, &(q_u->jobid));
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
+ if(!prs_uint32("jobid", ps, depth, &(q_u->jobid)))
+ return False;
return True;
}
@@ -2831,9 +2915,11 @@ BOOL spoolss_io_r_setjob(char *desc, SPOOL_R_SETJOB *r_u, prs_struct *ps, int de
prs_debug(ps, depth, desc, "spoolss_io_r_setjob");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -2845,16 +2931,21 @@ BOOL spoolss_io_q_setjob(char *desc, SPOOL_Q_SETJOB *q_u, prs_struct *ps, int de
prs_debug(ps, depth, desc, "spoolss_io_q_setjob");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth);
- prs_uint32("jobid", ps, depth, &(q_u->jobid));
+ if(!smb_io_pol_hnd("printer handle",&(q_u->handle),ps,depth))
+ return False;
+ if(!prs_uint32("jobid", ps, depth, &(q_u->jobid)))
+ return False;
/*
* level is usually 0. If (level!=0) then I'm in trouble !
* I will try to generate setjob command with level!=0, one day.
*/
- prs_uint32("level", ps, depth, &(q_u->level));
- prs_uint32("command", ps, depth, &(q_u->command));
+ if(!prs_uint32("level", ps, depth, &(q_u->level)))
+ return False;
+ if(!prs_uint32("command", ps, depth, &(q_u->command)))
+ return False;
return True;
}
@@ -3191,14 +3282,20 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
* and by setprinter when updating printer's info
*/
case 1:
- if (UNMARSHALLING(ps))
+ if (UNMARSHALLING(ps)) {
il->info_1=(SPOOL_PRINTER_INFO_LEVEL_1 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_1));
+ if(il->info_1 == NULL)
+ return False;
+ }
if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))
return False;
break;
case 2:
- if (UNMARSHALLING(ps))
+ if (UNMARSHALLING(ps)) {
il->info_2=(SPOOL_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_2));
+ if(il->info_2 == NULL)
+ return False;
+ }
if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))
return False;
break;
@@ -3270,9 +3367,11 @@ BOOL spoolss_io_r_addprinterex(char *desc, SPOOL_R_ADDPRINTEREX *r_u, prs_struct
prs_debug(ps, depth, desc, "spoolss_io_r_addprinterex");
depth++;
- smb_io_pol_hnd("printer handle",&(r_u->handle),ps,depth);
+ if(!smb_io_pol_hnd("printer handle",&(r_u->handle),ps,depth))
+ return False;
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -3290,6 +3389,8 @@ BOOL spool_io_printer_driver_info_level_3(char *desc, SPOOL_PRINTER_DRIVER_INFO_
/* reading */
if (UNMARSHALLING(ps)) {
il=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *)malloc(sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3));
+ if(il == NULL)
+ return False;
ZERO_STRUCTP(il);
*q_u=il;
}
@@ -3381,7 +3482,9 @@ BOOL uniarray_2_ascarray(BUFFER5 *buf5, char ***ar)
src=buf5->buffer;
string=(char *)malloc(sizeof(char)*buf5->buf_len);
-
+ if(string == NULL)
+ return False;
+
destend = string + buf5->buf_len;
dest=string;
@@ -3392,6 +3495,8 @@ BOOL uniarray_2_ascarray(BUFFER5 *buf5, char ***ar)
/* that ugly for the first one but that's working */
array=(char **)Realloc(array, sizeof(char *)*(i+1));
+ if(array == NULL)
+ return False;
array[i++]=string;
while ( n < buf5->buf_len )
@@ -3399,6 +3504,8 @@ BOOL uniarray_2_ascarray(BUFFER5 *buf5, char ***ar)
if ( *(string++) == '\0' )
{
array=(char **)Realloc(array, sizeof(char *)*(i+1));
+ if(array == NULL)
+ return False;
array[i++]=string;
}
n++;
@@ -3422,10 +3529,11 @@ BOOL smb_io_unibuffer(char *desc, UNISTR2 *buffer, prs_struct *ps, int depth)
buffer->undoc=0;
buffer->uni_str_len=buffer->uni_max_len;
- prs_uint32("buffer_size", ps, depth, &(buffer->uni_max_len));
-
- prs_unistr2(True, "buffer ", ps, depth, buffer);
+ if(!prs_uint32("buffer_size", ps, depth, &(buffer->uni_max_len)))
+ return False;
+ if(!prs_unistr2(True, "buffer ", ps, depth, buffer))
+ return False;
return True;
}
@@ -3449,7 +3557,8 @@ BOOL spool_io_printer_driver_info_level(char *desc, SPOOL_PRINTER_DRIVER_INFO_LE
switch (il->level) {
case 3:
- spool_io_printer_driver_info_level_3("", &(il->info_3), ps, depth);
+ if(!spool_io_printer_driver_info_level_3("", &(il->info_3), ps, depth))
+ return False;
break;
}
@@ -3508,6 +3617,8 @@ BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni,
if (*asc==NULL)
{
*asc=(NT_PRINTER_DRIVER_INFO_LEVEL_3 *)malloc(sizeof(NT_PRINTER_DRIVER_INFO_LEVEL_3));
+ if(*asc == NULL)
+ return False;
ZERO_STRUCTP(*asc);
}
@@ -3554,6 +3665,8 @@ BOOL uni_2_asc_printer_info_2(const SPOOL_PRINTER_INFO_LEVEL_2 *uni,
DEBUGADD(8,("allocating memory\n"));
*asc=(NT_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(NT_PRINTER_INFO_LEVEL_2));
+ if(*asc == NULL)
+ return False;
ZERO_STRUCTP(*asc);
/* we allocate memory iff called from
@@ -3931,15 +4044,21 @@ BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_st
prs_debug(ps, depth, desc, "spoolss_io_q_setprinterdata");
depth++;
- prs_align(ps);
- smb_io_pol_hnd("printer handle", &(q_u->handle), ps, depth);
- smb_io_unistr2("", &(q_u->value), True, ps, depth);
+ if(!prs_align(ps))
+ return False;
+ if(!smb_io_pol_hnd("printer handle", &(q_u->handle), ps, depth))
+ return False;
+ if(!smb_io_unistr2("", &(q_u->value), True, ps, depth))
+ return False;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("type", ps, depth, &(q_u->type));
+ if(!prs_uint32("type", ps, depth, &(q_u->type)))
+ return False;
- prs_uint32("max_len", ps, depth, &(q_u->max_len));
+ if(!prs_uint32("max_len", ps, depth, &(q_u->max_len)))
+ return False;
switch (q_u->type)
{
@@ -3948,12 +4067,17 @@ BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_st
case 0x4:
case 0x7:
q_u->data=(uint8 *)malloc(q_u->max_len * sizeof(uint8));
- prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len);
- prs_align(ps);
+ if(q_u->data == NULL)
+ return False;
+ if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
+ return False;
+ if(!prs_align(ps))
+ return False;
break;
}
- prs_uint32("real_len", ps, depth, &(q_u->real_len));
+ if(!prs_uint32("real_len", ps, depth, &(q_u->real_len)))
+ return False;
return True;
}
@@ -3965,8 +4089,10 @@ BOOL spoolss_io_r_setprinterdata(char *desc, SPOOL_R_SETPRINTERDATA *r_u, prs_st
prs_debug(ps, depth, desc, "spoolss_io_r_setprinterdata");
depth++;
- prs_align(ps);
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_align(ps))
+ return False;
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -3981,6 +4107,8 @@ BOOL convert_specific_param(NT_PRINTER_PARAM **param, const UNISTR2 *value,
if (*param == NULL)
{
*param=(NT_PRINTER_PARAM *)malloc(sizeof(NT_PRINTER_PARAM));
+ if(*param == NULL)
+ return False;
ZERO_STRUCTP(*param);
DEBUGADD(6,("Allocated a new PARAM struct\n"));
}
@@ -3993,6 +4121,8 @@ BOOL convert_specific_param(NT_PRINTER_PARAM **param, const UNISTR2 *value,
(*param)->data_len=len;
(*param)->data=(uint8 *)malloc(len * sizeof(uint8));
+ if((*param)->data == NULL)
+ return False;
memcpy((*param)->data, data, len);
@@ -4007,20 +4137,30 @@ static BOOL spoolss_io_addform(char *desc, FORM *f, uint32 ptr, prs_struct *ps,
{
prs_debug(ps, depth, desc, "spoolss_io_addform");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
if (ptr!=0)
{
- prs_uint32("flags", ps, depth, &(f->flags));
- prs_uint32("name_ptr", ps, depth, &(f->name_ptr));
- prs_uint32("size_x", ps, depth, &(f->size_x));
- prs_uint32("size_y", ps, depth, &(f->size_y));
- prs_uint32("left", ps, depth, &(f->left));
- prs_uint32("top", ps, depth, &(f->top));
- prs_uint32("right", ps, depth, &(f->right));
- prs_uint32("bottom", ps, depth, &(f->bottom));
-
- smb_io_unistr2("", &(f->name), f->name_ptr, ps, depth);
+ if(!prs_uint32("flags", ps, depth, &(f->flags)))
+ return False;
+ if(!prs_uint32("name_ptr", ps, depth, &(f->name_ptr)))
+ return False;
+ if(!prs_uint32("size_x", ps, depth, &(f->size_x)))
+ return False;
+ if(!prs_uint32("size_y", ps, depth, &(f->size_y)))
+ return False;
+ if(!prs_uint32("left", ps, depth, &(f->left)))
+ return False;
+ if(!prs_uint32("top", ps, depth, &(f->top)))
+ return False;
+ if(!prs_uint32("right", ps, depth, &(f->right)))
+ return False;
+ if(!prs_uint32("bottom", ps, depth, &(f->bottom)))
+ return False;
+
+ if(!smb_io_unistr2("", &(f->name), f->name_ptr, ps, depth))
+ return False;
}
return True;
@@ -4034,15 +4174,21 @@ BOOL spoolss_io_q_addform(char *desc, SPOOL_Q_ADDFORM *q_u, prs_struct *ps, int
prs_debug(ps, depth, desc, "spoolss_io_q_addform");
depth++;
- prs_align(ps);
- smb_io_pol_hnd("printer handle", &(q_u->handle), ps, depth);
- prs_uint32("level", ps, depth, &(q_u->level));
- prs_uint32("level2", ps, depth, &(q_u->level2));
+ if(!prs_align(ps))
+ return False;
+ if(!smb_io_pol_hnd("printer handle", &(q_u->handle), ps, depth))
+ return False;
+ if(!prs_uint32("level", ps, depth, &(q_u->level)))
+ return False;
+ if(!prs_uint32("level2", ps, depth, &(q_u->level2)))
+ return False;
if (q_u->level==1)
{
- prs_uint32("useless_ptr", ps, depth, &(useless_ptr));
- spoolss_io_addform("", &(q_u->form), useless_ptr, ps, depth);
+ if(!prs_uint32("useless_ptr", ps, depth, &(useless_ptr)))
+ return False;
+ if(!spoolss_io_addform("", &(q_u->form), useless_ptr, ps, depth))
+ return False;
}
return True;
@@ -4055,8 +4201,10 @@ BOOL spoolss_io_r_addform(char *desc, SPOOL_R_ADDFORM *r_u, prs_struct *ps, int
prs_debug(ps, depth, desc, "spoolss_io_r_addform");
depth++;
- prs_align(ps);
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_align(ps))
+ return False;
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
@@ -4069,19 +4217,27 @@ BOOL spoolss_io_q_setform(char *desc, SPOOL_Q_SETFORM *q_u, prs_struct *ps, int
prs_debug(ps, depth, desc, "spoolss_io_q_setform");
depth++;
- prs_align(ps);
- smb_io_pol_hnd("printer handle", &(q_u->handle), ps, depth);
- smb_io_unistr2("", &(q_u->name), True, ps, depth);
+ if(!prs_align(ps))
+ return False;
+ if(!smb_io_pol_hnd("printer handle", &(q_u->handle), ps, depth))
+ return False;
+ if(!smb_io_unistr2("", &(q_u->name), True, ps, depth))
+ return False;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
- prs_uint32("level", ps, depth, &(q_u->level));
- prs_uint32("level2", ps, depth, &(q_u->level2));
+ if(!prs_uint32("level", ps, depth, &(q_u->level)))
+ return False;
+ if(!prs_uint32("level2", ps, depth, &(q_u->level2)))
+ return False;
if (q_u->level==1)
{
- prs_uint32("useless_ptr", ps, depth, &(useless_ptr));
- spoolss_io_addform("", &(q_u->form), useless_ptr, ps, depth);
+ if(!prs_uint32("useless_ptr", ps, depth, &(useless_ptr)))
+ return False;
+ if(!spoolss_io_addform("", &(q_u->form), useless_ptr, ps, depth))
+ return False;
}
return True;
@@ -4094,8 +4250,10 @@ BOOL spoolss_io_r_setform(char *desc, SPOOL_R_SETFORM *r_u, prs_struct *ps, int
prs_debug(ps, depth, desc, "spoolss_io_r_setform");
depth++;
- prs_align(ps);
- prs_uint32("status", ps, depth, &(r_u->status));
+ if(!prs_align(ps))
+ return False;
+ if(!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
return True;
}
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 972ffa52dd..95645bfdf6 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -216,7 +216,65 @@ static int utmp_fill(struct utmp *u, const connection_struct *conn, pid_t pid, i
return(rc);
}
-static void utmp_update(const pstring dirname, const struct utmp *u, const char *host)
+/* Default path (if possible) */
+#ifdef HAVE_UTMPX_H
+
+# ifdef UTMPX_FILE
+static char *ut_pathname = UTMPX_FILE;
+# else
+static char *ut_pathname = "";
+# endif
+# ifdef WTMPX_FILE
+static char *wt_pathname = WTMPX_FILE;
+# else
+static char *wt_pathname = "";
+# endif
+
+#else /* HAVE_UTMPX_H */
+
+# ifdef UTMP_FILE
+static char *ut_pathname = UTMP_FILE;
+# else
+static char *ut_pathname = "";
+# endif
+# ifdef WTMP_FILE
+static char *wt_pathname = WTMP_FILE;
+# else
+static char *wt_pathname = "";
+# endif
+
+#endif /* HAVE_UTMPX_H */
+
+static void uw_pathname(pstring fname, const char *uw_name)
+{
+ pstring dirname;
+
+ pstrcpy(dirname,lp_utmpdir());
+ trim_string(dirname,"","/");
+
+ /* Given directory: use it */
+ if (dirname != 0 && strlen(dirname) != 0) {
+ pstrcpy(fname, dirname);
+ pstrcat(fname, "/");
+ pstrcat(fname, uw_name);
+ return;
+ }
+
+ /* No given directory: attempt to use default paths */
+ if (uw_name[0] == 'u') {
+ pstrcpy(fname, ut_pathname);
+ return;
+ }
+
+ if (uw_name[0] == 'w') {
+ pstrcpy(fname, wt_pathname);
+ return;
+ }
+
+ pstrcpy(fname, "");
+}
+
+static void utmp_update(const struct utmp *u, const char *host)
{
pstring fname;
@@ -231,64 +289,62 @@ static void utmp_update(const pstring dirname, const struct utmp *u, const char
pstrcpy(ux.ut_host, host);
}
- pstrcpy(fname, dirname);
- pstrcat(fname, "utmpx");
- utmpxname(fname);
+ uw_pathname(fname, "utmpx");
+ DEBUG(2,("utmp_update: fname:%s\n", fname));
+ if (strlen(fname) != 0) {
+ utmpxname(fname);
+ }
uxrc = pututxline(&ux);
if (uxrc == NULL) {
DEBUG(2,("utmp_update: pututxline() failed\n"));
return;
}
- pstrcpy(fname, dirname);
- pstrcat(fname, "wtmpx");
- updwtmpx(fname, &ux);
+ uw_pathname(fname, "wtmpx");
+ DEBUG(2,("utmp_update: fname:%s\n", fname));
+ if (strlen(fname) != 0) {
+ updwtmpx(fname, &ux);
+ }
#else
- pstrcpy(fname, dirname);
- pstrcat(fname, "utmp");
-
- utmpname(fname);
+ uw_pathname(fname, "utmp");
+ DEBUG(2,("utmp_update: fname:%s\n", fname));
+ if (strlen(fname) != 0) {
+ utmpname(fname);
+ }
pututline(u);
- pstrcpy(fname, dirname);
- pstrcat(fname, "wtmp");
+ uw_pathname(fname, "wtmp");
- /* *** OK. Appending wtmp (as distinct from overwriting utmp) has
+ /* *** Hmmm. Appending wtmp (as distinct from overwriting utmp) has
me baffled. How is it to be done? *** */
#endif
}
-static void utmp_yield(int pid, const connection_struct *conn)
+static void utmp_yield(pid_t pid, const connection_struct *conn)
{
struct utmp u;
- pstring dirname;
if (! lp_utmp(SNUM(conn))) {
DEBUG(2,("utmp_yield: lp_utmp() NULL\n"));
return;
}
- pstrcpy(dirname,lp_utmpdir());
- trim_string(dirname,"","/");
- pstrcat(dirname,"/");
-
- DEBUG(2,("utmp_yield: dir:%s conn: user:%s cnum:%d i:%d\n",
- dirname, conn->user, conn->cnum, conn->cnum));
+ DEBUG(2,("utmp_yield: conn: user:%s cnum:%d i:%d\n",
+ conn->user, conn->cnum, i));
memset((char *)&u, '\0', sizeof(struct utmp));
u.ut_type = DEAD_PROCESS;
u.ut_exit.e_termination = 0;
u.ut_exit.e_exit = 0;
if (utmp_fill(&u, conn, pid, conn->cnum) == 0) {
- utmp_update(dirname, &u, NULL);
+ utmp_update(&u, NULL);
}
}
-static void utmp_claim(const struct connections_data *crec, const connection_struct *conn)
+static void utmp_claim(const struct connect_record *crec, const connection_struct *conn)
{
extern int Client;
struct utmp u;
- pstring dirname;
if (conn == NULL) {
DEBUG(2,("utmp_claim: conn NULL\n"));
@@ -300,12 +356,8 @@ static void utmp_claim(const struct connections_data *crec, const connection_str
return;
}
- pstrcpy(dirname,lp_utmpdir());
- trim_string(dirname,"","/");
- pstrcat(dirname,"/");
-
- DEBUG(2,("utmp_claim: dir:%s conn: user:%s cnum:%d i:%d\n",
- dirname, conn->user, conn->cnum, conn->cnum));
+ DEBUG(2,("utmp_claim: conn: user:%s cnum:%d i:%d\n",
+ conn->user, conn->cnum, i));
DEBUG(2,("utmp_claim: crec: pid:%d, cnum:%d name:%s addr:%s mach:%s DNS:%s\n",
crec->pid, crec->cnum, crec->name, crec->addr, crec->machine, client_name(Client)));
@@ -313,7 +365,7 @@ static void utmp_claim(const struct connections_data *crec, const connection_str
memset((char *)&u, '\0', sizeof(struct utmp));
u.ut_type = USER_PROCESS;
if (utmp_fill(&u, conn, crec->pid, conn->cnum) == 0) {
- utmp_update(dirname, &u, crec->machine);
+ utmp_update(&u, crec->machine);
}
}