diff options
author | Gerald Carter <jerry@samba.org> | 2005-03-15 20:12:51 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:02 -0500 |
commit | d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2 (patch) | |
tree | f18cbf3d721fc6edad760849ea213ace1bfb88a1 | |
parent | 61dfab9f705cb38e552dcec1822974433997543c (diff) | |
download | samba-d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2.tar.gz samba-d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2.tar.bz2 samba-d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2.zip |
r5806: * fix a couple more segvs in spoolss
* comment out unused variable after jra's change to revert the 56bit des
smb signing changes
(This used to be commit 13ed08cd2a1097021cc44f4109859ba89db7df81)
-rw-r--r-- | source3/libsmb/smb_signing.c | 3 | ||||
-rwxr-xr-x | source3/rpc_server/srv_spoolss.c | 3 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 23 |
3 files changed, 15 insertions, 14 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 500ff7cc6e..f0f2024e7b 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -255,7 +255,10 @@ static void simple_packet_signature(struct smb_basic_signing_context *data, const size_t offset_end_of_sig = (smb_ss_field + 8); unsigned char sequence_buf[8]; struct MD5Context md5_ctx; +#if 0 + /* JRA - apparently this is incorrect. */ unsigned char key_buf[16]; +#endif /* * Firstly put the sequence number into the first 4 bytes. diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c index f846813a40..b3a67dd6cf 100755 --- a/source3/rpc_server/srv_spoolss.c +++ b/source3/rpc_server/srv_spoolss.c @@ -1244,6 +1244,9 @@ static BOOL api_spoolss_getjob(pipes_struct *p) prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + if(!spoolss_io_q_getjob("", &q_u, data, 0)) { DEBUG(0,("spoolss_io_q_getjob: unable to unmarshall SPOOL_Q_GETJOB.\n")); return False; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 053290f80f..3c611be9ac 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -8752,30 +8752,25 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, int i = 0; BOOL found = False; JOB_INFO_2 *info_2; - WERROR ret; + WERROR result; DEVICEMODE *devmode = NULL; NT_DEVICEMODE *nt_devmode = NULL; - info_2=SMB_MALLOC_P(JOB_INFO_2); + if ( !(info_2=SMB_MALLOC_P(JOB_INFO_2)) ) + return WERR_NOMEM; ZERO_STRUCTP(info_2); - if (info_2 == NULL) { - ret = WERR_NOMEM; - goto done; - } - for ( i=0; i<count && found==False; i++ ) { if ((*queue)[i].job == (int)jobid) found = True; } - if ( !found ) - { + if ( !found ) { /* NT treats not found as bad param... yet another bad choice */ - ret = WERR_INVALID_PARAM; + result = WERR_INVALID_PARAM; goto done; } @@ -8799,18 +8794,18 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, *needed += spoolss_size_job_info_2(info_2); if (*needed > offered) { - ret = WERR_INSUFFICIENT_BUFFER; + result = WERR_INSUFFICIENT_BUFFER; goto done; } if (!rpcbuf_alloc_size(buffer, *needed)) { - ret = WERR_INSUFFICIENT_BUFFER; + result = WERR_NOMEM; goto done; } smb_io_job_info_2("", buffer, info_2, 0); - ret = WERR_OK; + result = WERR_OK; done: /* Cleanup allocated memory */ @@ -8818,7 +8813,7 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, free_job_info_2(info_2); /* Also frees devmode */ SAFE_FREE(info_2); - return ret; + return result; } /**************************************************************************** |