diff options
| author | Gerald Carter <jerry@samba.org> | 2004-01-14 19:12:06 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2004-01-14 19:12:06 +0000 |
| commit | e7615b5776604af23592ed26dc0aa3ae0076835e (patch) | |
| tree | 9db9b110a05be5cb7049932e215f77fa242ebee7 | |
| parent | 1dce4ebed861a6dfbd19da20601d92bc9be3484a (diff) | |
| download | samba-e7615b5776604af23592ed26dc0aa3ae0076835e.tar.gz samba-e7615b5776604af23592ed26dc0aa3ae0076835e.tar.bz2 samba-e7615b5776604af23592ed26dc0aa3ae0076835e.zip | |
bug 660; using byte order safe macros (or tdb_unpack) when reading 2 or 4 byte values from a tdb buffer
(This used to be commit be9f25bea94415af6b631a9c6e7af28d9d6e6565)
| -rw-r--r-- | source3/printing/printing.c | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/source3/printing/printing.c b/source3/printing/printing.c index bdcd950450..ae7291bfc7 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -71,7 +71,7 @@ uint16 pjobid_to_rap(int snum, uint32 jobid) key.dsize = sizeof(jinfo); data = tdb_fetch(rap_tdb, key); if (data.dptr && data.dsize == sizeof(uint16)) { - memcpy(&rap_jobid, data.dptr, sizeof(uint16)); + rap_jobid = SVAL(data.dptr, 0); SAFE_FREE(data.dptr); DEBUG(10,("pjobid_to_rap: jobid %u maps to RAP jobid %u\n", (unsigned int)jobid, @@ -149,7 +149,7 @@ static void rap_jobid_delete(int snum, uint32 jobid) DEBUG(10,("rap_jobid_delete: deleting jobid %u\n", (unsigned int)jobid )); - memcpy(&rap_jobid, data.dptr, sizeof(uint16)); + rap_jobid = SVAL(data.dptr, 0); SAFE_FREE(data.dptr); data.dptr = (char *)&rap_jobid; data.dsize = sizeof(rap_jobid); @@ -615,7 +615,7 @@ static void print_unix_job(int snum, print_queue_struct *q, uint32 jobid) pj.spooled = True; fstrcpy(pj.filename, old_pj ? old_pj->filename : ""); if (jobid < UNIX_JOB_START) { - pj.smbjob = (old_pj != NULL ? True : False); + pj.smbjob = True; fstrcpy(pj.jobname, old_pj ? old_pj->jobname : "Remote Downlevel Document"); } else { pj.smbjob = False; @@ -648,7 +648,7 @@ static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void if ( key.dsize != sizeof(jobid) ) return 0; - memcpy(&jobid, key.dptr, sizeof(jobid)); + jobid = IVAL(key.dptr, 0); if ( unpack_pjob( data.dptr, data.dsize, &pjob ) == -1 ) return 0; free_nt_devicemode( &pjob.nt_devmode ); @@ -775,7 +775,7 @@ static pid_t get_updating_pid(fstring printer_name) return (pid_t)-1; } - memcpy(&updating_pid, data.dptr, sizeof(pid_t)); + updating_pid = IVAL(data.dptr, 0); SAFE_FREE(data.dptr); if (process_exists(updating_pid)) @@ -921,7 +921,7 @@ static void check_job_changed(int snum, TDB_DATA data, uint32 jobid) for (i = 0; i < job_count; i++) { uint32 ch_jobid; - memcpy(&ch_jobid, data.dptr + (i*4), 4); + ch_jobid = IVAL(data.dptr, i*4); if (ch_jobid == jobid) remove_from_jobs_changed(snum, jobid); } @@ -1407,7 +1407,7 @@ static BOOL remove_from_jobs_changed(int snum, uint32 jobid) for (i = 0; i < job_count; i++) { uint32 ch_jobid; - memcpy(&ch_jobid, data.dptr + (i*4), 4); + ch_jobid = IVAL(data.dptr, i*4); if (ch_jobid == jobid) { if (i < job_count -1 ) memmove(data.dptr + (i*4), data.dptr + (i*4) + 4, (job_count - i - 1)*4 ); @@ -1754,6 +1754,8 @@ static int get_queue_status(int snum, print_status_struct *status) data = tdb_fetch(pdb->tdb, key); if (data.dptr) { if (data.dsize == sizeof(print_status_struct)) + /* this memcpy is ok since the status struct was + not packed before storing it in the tdb */ memcpy(status, data.dptr, sizeof(print_status_struct)); SAFE_FREE(data.dptr); } @@ -2124,12 +2126,10 @@ static BOOL get_stored_queue_info(struct tdb_print_db *pdb, int snum, int *pcoun /* Get the stored queue data. */ data = tdb_fetch(pdb->tdb, key); - - if (data.dptr == NULL || data.dsize < 4) - qcount = 0; - else - memcpy(&qcount, data.dptr, 4); - + + if (data.dptr && data.dsize >= sizeof(qcount)) + len += tdb_unpack(data.dptr + len, data.dsize - len, "d", &qcount); + /* Get the changed jobs list. */ key.dptr = "INFO/jobs_changed"; key.dsize = strlen(key.dptr); @@ -2148,10 +2148,10 @@ static BOOL get_stored_queue_info(struct tdb_print_db *pdb, int snum, int *pcoun goto out; /* Retrieve the linearised queue data. */ - len = 0; + for( i = 0; i < qcount; i++) { uint32 qjob, qsize, qpage_count, qstatus, qpriority, qtime; - len += tdb_unpack(data.dptr + 4 + len, data.dsize - len, "ddddddff", + len += tdb_unpack(data.dptr + len, data.dsize - len, "ddddddff", &qjob, &qsize, &qpage_count, @@ -2175,7 +2175,7 @@ static BOOL get_stored_queue_info(struct tdb_print_db *pdb, int snum, int *pcoun uint32 jobid; struct printjob *pjob; - memcpy(&jobid, &cgdata.dptr[i*4], 4); + jobid = IVAL(&cgdata.dptr, i*4); DEBUG(5,("get_stored_queue_info: changed job = %u\n", (unsigned int)jobid)); pjob = print_job_find(snum, jobid); if (!pjob) { @@ -2260,6 +2260,8 @@ int print_queue_status(int snum, data = tdb_fetch(pdb->tdb, key); if (data.dptr) { if (data.dsize == sizeof(*status)) { + /* this memcpy is ok since the status struct was + not packed before storing it in the tdb */ memcpy(status, data.dptr, sizeof(*status)); } SAFE_FREE(data.dptr); |