summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-03-03 06:47:37 +0000
committerJeremy Allison <jra@samba.org>2001-03-03 06:47:37 +0000
commite2e56e84f07c9427990a2269c5970c1acb4c3967 (patch)
tree5b6426c6aad56ff9683686648d1223cc6748d6f0
parent93169a1f34f180f8a469a25532792f23e55e6966 (diff)
downloadsamba-e2e56e84f07c9427990a2269c5970c1acb4c3967.tar.gz
samba-e2e56e84f07c9427990a2269c5970c1acb4c3967.tar.bz2
samba-e2e56e84f07c9427990a2269c5970c1acb4c3967.zip
Fixed up overrun read when marshelling SYSTEMTIME struct. This was a subtle one...
Jeremy. (This used to be commit 65275e73ee7c58352ee20175cbbb43378e16f417)
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 830f5cdcf4..5c40052295 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1996,12 +1996,13 @@ static void spoolss_notify_submitted_time(int snum,
{
struct tm *t;
uint32 len;
+ SYSTEMTIME st;
t=gmtime(&queue->time);
len = sizeof(SYSTEMTIME);
- data->notify_data.data.length = len;
+ data->notify_data.data.length = len/2 - 1;
data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
if (!data->notify_data.data.string) {
@@ -2009,7 +2010,8 @@ static void spoolss_notify_submitted_time(int snum,
return;
}
- make_systemtime((SYSTEMTIME*)(data->notify_data.data.string), t);
+ make_systemtime(&st, t);
+ memcpy(data->notify_data.data.string,&st,len);
}
#define END 65535