summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-03-15 20:12:51 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:02 -0500
commitd177f1bc8f0cb5ad91c9146871ba2e93eb2988d2 (patch)
treef18cbf3d721fc6edad760849ea213ace1bfb88a1
parent61dfab9f705cb38e552dcec1822974433997543c (diff)
downloadsamba-d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2.tar.gz
samba-d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2.tar.bz2
samba-d177f1bc8f0cb5ad91c9146871ba2e93eb2988d2.zip
r5806: * fix a couple more segvs in spoolss
* comment out unused variable after jra's change to revert the 56bit des smb signing changes (This used to be commit 13ed08cd2a1097021cc44f4109859ba89db7df81)
-rw-r--r--source3/libsmb/smb_signing.c3
-rwxr-xr-xsource3/rpc_server/srv_spoolss.c3
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c23
3 files changed, 15 insertions, 14 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 500ff7cc6e..f0f2024e7b 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -255,7 +255,10 @@ static void simple_packet_signature(struct smb_basic_signing_context *data,
const size_t offset_end_of_sig = (smb_ss_field + 8);
unsigned char sequence_buf[8];
struct MD5Context md5_ctx;
+#if 0
+ /* JRA - apparently this is incorrect. */
unsigned char key_buf[16];
+#endif
/*
* Firstly put the sequence number into the first 4 bytes.
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index f846813a40..b3a67dd6cf 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -1244,6 +1244,9 @@ static BOOL api_spoolss_getjob(pipes_struct *p)
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
if(!spoolss_io_q_getjob("", &q_u, data, 0)) {
DEBUG(0,("spoolss_io_q_getjob: unable to unmarshall SPOOL_Q_GETJOB.\n"));
return False;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 053290f80f..3c611be9ac 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -8752,30 +8752,25 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum,
int i = 0;
BOOL found = False;
JOB_INFO_2 *info_2;
- WERROR ret;
+ WERROR result;
DEVICEMODE *devmode = NULL;
NT_DEVICEMODE *nt_devmode = NULL;
- info_2=SMB_MALLOC_P(JOB_INFO_2);
+ if ( !(info_2=SMB_MALLOC_P(JOB_INFO_2)) )
+ return WERR_NOMEM;
ZERO_STRUCTP(info_2);
- if (info_2 == NULL) {
- ret = WERR_NOMEM;
- goto done;
- }
-
for ( i=0; i<count && found==False; i++ )
{
if ((*queue)[i].job == (int)jobid)
found = True;
}
- if ( !found )
- {
+ if ( !found ) {
/* NT treats not found as bad param... yet another bad
choice */
- ret = WERR_INVALID_PARAM;
+ result = WERR_INVALID_PARAM;
goto done;
}
@@ -8799,18 +8794,18 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum,
*needed += spoolss_size_job_info_2(info_2);
if (*needed > offered) {
- ret = WERR_INSUFFICIENT_BUFFER;
+ result = WERR_INSUFFICIENT_BUFFER;
goto done;
}
if (!rpcbuf_alloc_size(buffer, *needed)) {
- ret = WERR_INSUFFICIENT_BUFFER;
+ result = WERR_NOMEM;
goto done;
}
smb_io_job_info_2("", buffer, info_2, 0);
- ret = WERR_OK;
+ result = WERR_OK;
done:
/* Cleanup allocated memory */
@@ -8818,7 +8813,7 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum,
free_job_info_2(info_2); /* Also frees devmode */
SAFE_FREE(info_2);
- return ret;
+ return result;
}
/****************************************************************************