summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-02-02 16:32:51 -0800
committerJeremy Allison <jra@samba.org>2010-02-02 16:32:51 -0800
commit110a6f29f0d130753419d5fc5c7b238ab30822ec (patch)
treec0089181401874c6225e2f371dce60dd9004595c
parent27920f4f90424fa6055d9611713b2df481bc73c2 (diff)
downloadsamba-110a6f29f0d130753419d5fc5c7b238ab30822ec.tar.gz
samba-110a6f29f0d130753419d5fc5c7b238ab30822ec.tar.bz2
samba-110a6f29f0d130753419d5fc5c7b238ab30822ec.zip
Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
Reported and found by Martin Hochreiter <linuxbox@wavenet.at>. Ensure we copy the right amount of registry data into the outgoing buffer. Jeremy.
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b1513dd329..e2e523d0de 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -7634,8 +7634,15 @@ WERROR _spoolss_EnumPrinterData(pipes_struct *p,
/* data - counted in bytes */
- if (r->out.data && regval_size(val)) {
- memcpy(r->out.data, regval_data_p(val), regval_size(val));
+ /*
+ * See the section "Dynamically Typed Query Parameters"
+ * in MS-RPRN.
+ */
+
+ if (r->out.data && regval_data_p(val) &&
+ regval_size(val) && r->in.data_offered) {
+ memcpy(r->out.data, regval_data_p(val),
+ MIN(regval_size(val),r->in.data_offered));
}
*r->out.data_needed = regval_size(val);