diff options
| author | Jeremy Allison <jra@samba.org> | 2007-05-22 20:20:01 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:43 -0500 |
| commit | 71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a (patch) | |
| tree | 873d148c4731b4d909d3bc1f50ddab49f5849182 /source3/rpc_parse/parse_spoolss.c | |
| parent | 725e90f1572be8734c321a3d638abdf778038349 (diff) | |
| download | samba-71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a.tar.gz samba-71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a.tar.bz2 samba-71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a.zip | |
r23080: Fix bug #4637 - we hads missed some cases where
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6fa276ca4b0726fbb7baf0daafbdc46d)
Diffstat (limited to 'source3/rpc_parse/parse_spoolss.c')
| -rw-r--r-- | source3/rpc_parse/parse_spoolss.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index 936587fdf5..4cd410d728 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -256,7 +256,7 @@ static BOOL smb_io_notify_option_type_ctr(const char *desc, SPOOL_NOTIFY_OPTION_ return False; /* reading */ - if (UNMARSHALLING(ps)) + if (UNMARSHALLING(ps) && ctr->count) if((ctr->type=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION_TYPE,ctr->count)) == NULL) return False; @@ -415,7 +415,7 @@ BOOL smb_io_notify_info_data_strings(const char *desc,SPOOL_NOTIFY_INFO_DATA *da if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length)) return False; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && data->notify_data.data.length) { data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, data->notify_data.data.length); @@ -434,7 +434,7 @@ BOOL smb_io_notify_info_data_strings(const char *desc,SPOOL_NOTIFY_INFO_DATA *da case NOTIFY_POINTER: - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && data->notify_data.data.length) { data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, data->notify_data.data.length); @@ -494,9 +494,13 @@ BOOL smb_io_notify_info_data_strings(const char *desc,SPOOL_NOTIFY_INFO_DATA *da /* Tallocate memory for string */ - data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2); - if (!data->notify_data.data.string) - return False; + if (x) { + data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2); + if (!data->notify_data.data.string) + return False; + } else { + data->notify_data.data.string = NULL; + } if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x)) return False; @@ -6001,14 +6005,14 @@ BOOL spoolss_io_q_setprinterdata(const char *desc, SPOOL_Q_SETPRINTERDATA *q_u, case REG_BINARY: case REG_DWORD: case REG_MULTI_SZ: - if (q_u->max_len) { - if (UNMARSHALLING(ps)) - q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len); - if(q_u->data == NULL) - return False; - if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len)) - return False; - } + if (q_u->max_len) { + if (UNMARSHALLING(ps)) + q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len); + if(q_u->data == NULL) + return False; + if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len)) + return False; + } if(!prs_align(ps)) return False; break; @@ -7031,7 +7035,7 @@ static BOOL spoolss_io_printer_enum_values_ctr(const char *desc, prs_struct *ps, /* first loop to write basic enum_value information */ - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && ctr->size_of_array) { ctr->values = PRS_ALLOC_MEM(ps, PRINTER_ENUM_VALUES, ctr->size_of_array); if (!ctr->values) return False; |