diff options
author | Jeremy Allison <jra@samba.org> | 2010-02-02 16:32:51 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-02-02 16:32:51 -0800 |
commit | 110a6f29f0d130753419d5fc5c7b238ab30822ec (patch) | |
tree | c0089181401874c6225e2f371dce60dd9004595c | |
parent | 27920f4f90424fa6055d9611713b2df481bc73c2 (diff) | |
download | samba-110a6f29f0d130753419d5fc5c7b238ab30822ec.tar.gz samba-110a6f29f0d130753419d5fc5c7b238ab30822ec.tar.bz2 samba-110a6f29f0d130753419d5fc5c7b238ab30822ec.zip |
Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
Reported and found by Martin Hochreiter <linuxbox@wavenet.at>.
Ensure we copy the right amount of registry data into the outgoing
buffer.
Jeremy.
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index b1513dd329..e2e523d0de 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7634,8 +7634,15 @@ WERROR _spoolss_EnumPrinterData(pipes_struct *p, /* data - counted in bytes */ - if (r->out.data && regval_size(val)) { - memcpy(r->out.data, regval_data_p(val), regval_size(val)); + /* + * See the section "Dynamically Typed Query Parameters" + * in MS-RPRN. + */ + + if (r->out.data && regval_data_p(val) && + regval_size(val) && r->in.data_offered) { + memcpy(r->out.data, regval_data_p(val), + MIN(regval_size(val),r->in.data_offered)); } *r->out.data_needed = regval_size(val); |