fix printer driver rpc to prevent core dumps.

(This used to be commit 0c82d139e3eb20a00016df30f33835ab5150ecea)
author: Herb Lewis <herb@samba.org> 1998-01-02 13:33:20 +0000
committer: Herb Lewis <herb@samba.org> 1998-01-02 13:33:20 +0000
commit: 19d7833b7a853dd26138814221062fd1041e8f2e (patch)
tree: cfc59d23526394074a0f2e8159333f8a279d8e42
parent: 32b1501b1e026d85b8d50b4a923424eeeed230e2 (diff)
download: samba-19d7833b7a853dd26138814221062fd1041e8f2e.tar.gz
samba-19d7833b7a853dd26138814221062fd1041e8f2e.tar.bz2
samba-19d7833b7a853dd26138814221062fd1041e8f2e.zip
1 files changed, 73 insertions, 65 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index af1c928ba2..994e0b293b 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -594,16 +594,17 @@ static void fill_printq_info(int cnum, int snum, int uLevel,
 
   if (uLevel==52) {
     int i,ok=0;
-    pstring tok,driver,datafile, langmon, helpfile, datatype;
+    pstring tok,driver,datafile,langmon,helpfile,datatype;
     char *p,*q;
     FILE *f;
     pstring fname;
 
     strcpy(fname,lp_driverfile());
-
     f=fopen(fname,"r");
     if (!f) {
-      DEBUG(0,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno)));
+      DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno)));
+      desc->errcode=NERR_notsupported;
+      return;
     }
 
     p=(char *)malloc(8192*sizeof(char));
@@ -613,80 +614,80 @@ static void fill_printq_info(int cnum, int snum, int uLevel,
     /* lookup the long printer driver name in the file description */
     while (f && !feof(f) && !ok)
     {
+      p = q;			/* reset string pointer */
       fgets(p,8191,f);
       p[strlen(p)-1]='\0';
-      next_token(&p,tok,":");
-      if(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))) ok=1;
+      if (next_token(&p,tok,":") &&
+        (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))))
+	ok=1;
     }
-
     fclose(f);
 
-    next_token(&p,driver,":");			/* driver file name */
-    next_token(&p,datafile,":");		/* data file name */
-/*
- * for the next tokens - which may be empty - I have to check for empty
- * tokens first because the next_token function will skip all empty
- * token fields 
- */
-    if (*p == ':') {
-	*helpfile = '\0';
-	p++;
-    }else
-        next_token(&p,helpfile,":");		/* help file */
-    if (*p == ':') {
-	*langmon = '\0';
-	p++;
-    }else
-        next_token(&p,langmon,":");		/* language monitor */
-
-    next_token(&p,datatype,":");		/* default data type */
-
-    PACKI(desc,"W",0x0400);                      /* don't know */
-    PACKS(desc,"z",lp_printerdriver(snum));      /* long printer name */
+    /* driver file name */
+    if (ok && !next_token(&p,driver,":")) ok = 0;
+    /* data file name */
+    if (ok && !next_token(&p,datafile,":")) ok = 0;
+      /*
+       * for the next tokens - which may be empty - I have to check for empty
+       * tokens first because the next_token function will skip all empty
+       * token fields 
+       */
+    if (ok) {
+      /* help file */
+      if (*p == ':') {
+	  *helpfile = '\0';
+	  p++;
+      } else if (!next_token(&p,helpfile,":")) ok = 0;
+    }
 
-    if (ok)
-    {
+    if (ok) {
+      /* language monitor */
+      if (*p == ':') {
+	  *langmon = '\0';
+	  p++;
+      } else if (!next_token(&p,langmon,":")) ok = 0;
+    }
+
+    /* default data type */
+    if (ok && !next_token(&p,datatype,":")) ok = 0;
+
+    if (ok) {
+      PACKI(desc,"W",0x0400);                    /* don't know */
+      PACKS(desc,"z",lp_printerdriver(snum));    /* long printer name */
       PACKS(desc,"z",driver);                    /* Driverfile Name */
       PACKS(desc,"z",datafile);                  /* Datafile name */
       PACKS(desc,"z",langmon);			 /* language monitor */
+      PACKS(desc,"z",lp_driverlocation(snum));   /* share to retrieve files */
+      PACKS(desc,"z",datatype);			 /* default data type */
+      PACKS(desc,"z",helpfile);                  /* helpfile name */
+      PACKS(desc,"z",driver);                    /* driver name */
       DEBUG(3,("Driver:%s:\n",driver));
       DEBUG(3,("Data File:%s:\n",datafile));
       DEBUG(3,("Language Monitor:%s:\n",langmon));
-    }
-    else 
-    {
-      PACKS(desc,"z","");
-      PACKS(desc,"z","");
-      PACKS(desc,"z","");
-    }
-
-    PACKS(desc,"z",lp_driverlocation(snum));       /* share to retrieve files */
-    if (ok) {
-      PACKS(desc,"z",datatype);			   /* default data type */
-      PACKS(desc,"z",helpfile);                    /* helpfile name */
-      PACKS(desc,"z",driver);                      /* driver name */
       DEBUG(3,("Data Type:%s:\n",datatype));
       DEBUG(3,("Help File:%s:\n",helpfile));
-    }
-    else {
-      PACKS(desc,"z","RAW");
-      PACKS(desc,"z","");
-      PACKS(desc,"z","");
-    }
-    PACKI(desc,"N",count);                         /* number of files to copy */
-    for (i=0;i<count;i++)
-    {
-      next_token(&p,tok,",");
-      PACKS(desc,"z",tok);                        /* driver files to copy */
-      DEBUG(3,("file:%s:\n",tok));
+      PACKI(desc,"N",count);                     /* number of files to copy */
+      for (i=0;i<count;i++)
+      {
+	/* no need to check return value here - it was already tested in
+	 * get_printerdrivernumber
+	 */
+        next_token(&p,tok,",");
+        PACKS(desc,"z",tok);                        /* driver files to copy */
+        DEBUG(3,("file:%s:\n",tok));
+      }
+
+      DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",
+	    SERVICE(snum),count));
+    } else {
+      DEBUG(3,("fill_printq_info: Can't supply driver files\n"));
+      desc->errcode=NERR_notsupported;
     }
     free(q);
   }
-
-  DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",SERVICE(snum),count));
 }
 
-/* This function returns the number of file for a given driver */
+/* This function returns the number of files for a given driver */
 int get_printerdrivernumber(int snum)
 {
   int i=0,ok=0;
@@ -700,7 +701,7 @@ int get_printerdrivernumber(int snum)
   DEBUG(4,("In get_printerdrivernumber: %s\n",fname));
   f=fopen(fname,"r");
   if (!f) {
-    DEBUG(0,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno)));
+    DEBUG(3,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno)));
     return(0);
   }
 
@@ -710,20 +711,27 @@ int get_printerdrivernumber(int snum)
   /* lookup the long printer driver name in the file description */
   while (!feof(f) && !ok)
   {
+    p = q;			/* reset string pointer */
     fgets(p,8191,f);
-    next_token(&p,tok,":");
-    if(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))) ok=1;
+    if (next_token(&p,tok,":") &&
+      (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) 
+	ok=1;
   }
+  fclose(f);
 
   if (ok) {
-    /* skip 2 fields */
-    next_token(&p,tok,":");  /* short name */
-    next_token(&p,tok,":");  /* driver name */
+    /* skip 5 fields */
+    i = 5;
+    while (*p && i) {
+      if (*p++ == ':') i--;
+    }
+    if (!*p || i)
+      return(0);
+
     /* count the number of files */
     while (next_token(&p,tok,","))
        i++;
   }
-  fclose(f);
   free(q);
 
   return(i);
author	Herb Lewis <herb@samba.org>	1998-01-02 13:33:20 +0000
committer	Herb Lewis <herb@samba.org>	1998-01-02 13:33:20 +0000
commit	19d7833b7a853dd26138814221062fd1041e8f2e (patch)
tree	cfc59d23526394074a0f2e8159333f8a279d8e42
parent	32b1501b1e026d85b8d50b4a923424eeeed230e2 (diff)
download	samba-19d7833b7a853dd26138814221062fd1041e8f2e.tar.gz samba-19d7833b7a853dd26138814221062fd1041e8f2e.tar.bz2 samba-19d7833b7a853dd26138814221062fd1041e8f2e.zip