diff options
| author | Gerald Carter <jerry@samba.org> | 2005-03-15 19:43:44 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:01 -0500 |
| commit | 61dfab9f705cb38e552dcec1822974433997543c (patch) | |
| tree | f2b5b3f412f7a31c0de1057a9592a3fdcc6fb427 /source3/rpc_server | |
| parent | 3b7dccf076628114d4fb1f67ab7aa05457de367d (diff) | |
| download | samba-61dfab9f705cb38e552dcec1822974433997543c.tar.gz samba-61dfab9f705cb38e552dcec1822974433997543c.tar.bz2 samba-61dfab9f705cb38e552dcec1822974433997543c.zip | |
r5805: merging spoolss parsing changes from trunk and cleaning up resulting segvs
(This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 908 |
1 files changed, 509 insertions, 399 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index ffeeb0af9a..053290f80f 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -644,41 +644,6 @@ static BOOL open_printer_hnd(pipes_struct *p, POLICY_HND *hnd, char *name, uint3 return True; } -/**************************************************************************** - Allocate more memory for a BUFFER. -****************************************************************************/ - -static BOOL alloc_buffer_size(NEW_BUFFER *buffer, uint32 buffer_size) -{ - prs_struct *ps; - uint32 extra_space; - uint32 old_offset; - - ps= &buffer->prs; - - /* damn, I'm doing the reverse operation of prs_grow() :) */ - if (buffer_size < prs_data_size(ps)) - extra_space=0; - else - extra_space = buffer_size - prs_data_size(ps); - - /* - * save the offset and move to the end of the buffer - * prs_grow() checks the extra_space against the offset - */ - old_offset=prs_offset(ps); - prs_set_offset(ps, prs_data_size(ps)); - - if (!prs_grow(ps, extra_space)) - return False; - - prs_set_offset(ps, old_offset); - - buffer->string_at_end=prs_data_size(ps); - - return True; -} - /*************************************************************************** check to see if the client motify handle is monitoring the notification given by (notify_type, notify_field). @@ -4121,7 +4086,7 @@ static void free_dev_mode(DEVICEMODE *dev) if (dev == NULL) return; - SAFE_FREE(dev->private); + SAFE_FREE(dev->private); SAFE_FREE(dev); } @@ -4404,13 +4369,14 @@ static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *p Spoolss_enumprinters. ********************************************************************/ -static WERROR enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_1(uint32 flags, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int snum; int i; int n_services=lp_numservices(); PRINTER_INFO_1 *tp, *printers=NULL; PRINTER_INFO_1 current_prt; + WERROR result = WERR_OK; DEBUG(4,("enum_all_printers_info_1\n")); @@ -4438,29 +4404,36 @@ static WERROR enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 for (i=0; i<*returned; i++) (*needed) += spoolss_size_printer_info_1(&printers[i]); - if (!alloc_buffer_size(buffer, *needed)) - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } /* fill the buffer with the structures */ for (i=0; i<*returned; i++) smb_io_printer_info_1("", buffer, &printers[i], 0); +out: /* clear memory */ + SAFE_FREE(printers); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } - else - return WERR_OK; + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; + + return result; } /******************************************************************** enum_all_printers_info_1_local. *********************************************************************/ -static WERROR enum_all_printers_info_1_local(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_1_local(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { DEBUG(4,("enum_all_printers_info_1_local\n")); @@ -4471,7 +4444,7 @@ static WERROR enum_all_printers_info_1_local(NEW_BUFFER *buffer, uint32 offered, enum_all_printers_info_1_name. *********************************************************************/ -static WERROR enum_all_printers_info_1_name(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_1_name(fstring name, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { char *s = name; @@ -4492,13 +4465,14 @@ static WERROR enum_all_printers_info_1_name(fstring name, NEW_BUFFER *buffer, ui enum_all_printers_info_1_remote. *********************************************************************/ -static WERROR enum_all_printers_info_1_remote(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_1_remote(fstring name, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PRINTER_INFO_1 *printer; fstring printername; fstring desc; fstring comment; DEBUG(4,("enum_all_printers_info_1_remote\n")); + WERROR result = WERR_OK; /* JFM: currently it's more a place holder than anything else. * In the spooler world there is a notion of server registration. @@ -4525,23 +4499,27 @@ static WERROR enum_all_printers_info_1_remote(fstring name, NEW_BUFFER *buffer, /* check the required size. */ *needed += spoolss_size_printer_info_1(printer); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_info_1("", buffer, printer, 0); +out: /* clear memory */ SAFE_FREE(printer); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } - else - return WERR_OK; + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; + + return result; } #endif @@ -4550,7 +4528,7 @@ static WERROR enum_all_printers_info_1_remote(fstring name, NEW_BUFFER *buffer, enum_all_printers_info_1_network. *********************************************************************/ -static WERROR enum_all_printers_info_1_network(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_1_network(fstring name, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { char *s = name; @@ -4579,13 +4557,14 @@ static WERROR enum_all_printers_info_1_network(fstring name, NEW_BUFFER *buffer, * called from api_spoolss_enumprinters (see this to understand) ********************************************************************/ -static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enum_all_printers_info_2(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int snum; int i; int n_services=lp_numservices(); PRINTER_INFO_2 *tp, *printers=NULL; PRINTER_INFO_2 current_prt; + WERROR result = WERR_OK; for (snum=0; snum<n_services; snum++) { if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) { @@ -4610,30 +4589,31 @@ static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint3 for (i=0; i<*returned; i++) (*needed) += spoolss_size_printer_info_2(&printers[i]); - if (!alloc_buffer_size(buffer, *needed)) { - for (i=0; i<*returned; i++) { - free_devmode(printers[i].devmode); - } - SAFE_FREE(printers); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ for (i=0; i<*returned; i++) smb_io_printer_info_2("", buffer, &(printers[i]), 0); +out: /* clear memory */ for (i=0; i<*returned; i++) { free_devmode(printers[i].devmode); } SAFE_FREE(printers); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } - else - return WERR_OK; + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; + + return result; } /******************************************************************** @@ -4641,7 +4621,7 @@ static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint3 ********************************************************************/ static WERROR enumprinters_level1( uint32 flags, fstring name, - NEW_BUFFER *buffer, uint32 offered, + RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { /* Not all the flags are equals */ @@ -4668,7 +4648,7 @@ static WERROR enumprinters_level1( uint32 flags, fstring name, ********************************************************************/ static WERROR enumprinters_level2( uint32 flags, fstring servername, - NEW_BUFFER *buffer, uint32 offered, + RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { char *s = servername; @@ -4697,7 +4677,7 @@ static WERROR enumprinters_level2( uint32 flags, fstring servername, ********************************************************************/ static WERROR enumprinters_level5( uint32 flags, fstring servername, - NEW_BUFFER *buffer, uint32 offered, + RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { /* return enum_all_printers_info_5(buffer, offered, needed, returned);*/ @@ -4715,7 +4695,7 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_ uint32 flags = q_u->flags; UNISTR2 *servername = &q_u->servername; uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; @@ -4723,8 +4703,11 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_ fstring name; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_enumprinters\n")); @@ -4764,9 +4747,10 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_ /**************************************************************************** ****************************************************************************/ -static WERROR getprinter_level_0(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_0(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_0 *printer=NULL; + WERROR result = WERR_OK; if((printer=SMB_MALLOC_P(PRINTER_INFO_0)) == NULL) return WERR_NOMEM; @@ -4776,30 +4760,34 @@ static WERROR getprinter_level_0(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_0(printer); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_info_0("", buffer, printer, 0); +out: /* clear memory */ - SAFE_FREE(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } + SAFE_FREE(printer); - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinter_level_1(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_1(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_1 *printer=NULL; + WERROR result = WERR_OK; if((printer=SMB_MALLOC_P(PRINTER_INFO_1)) == NULL) return WERR_NOMEM; @@ -4809,30 +4797,33 @@ static WERROR getprinter_level_1(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_1(printer); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_info_1("", buffer, printer, 0); +out: /* clear memory */ SAFE_FREE(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinter_level_2(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_2(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_2 *printer=NULL; + WERROR result = WERR_OK; if((printer=SMB_MALLOC_P(PRINTER_INFO_2))==NULL) return WERR_NOMEM; @@ -4842,33 +4833,34 @@ static WERROR getprinter_level_2(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_2(printer); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_info_2(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; } - /* fill the buffer with the structures */ - if (!smb_io_printer_info_2("", buffer, printer, 0)) { - free_printer_info_2(printer); - return WERR_NOMEM; + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } + + /* fill the buffer with the structures */ + if (!smb_io_printer_info_2("", buffer, printer, 0)) + result = WERR_NOMEM; +out: /* clear memory */ free_printer_info_2(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinter_level_3(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_3(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_3 *printer=NULL; + WERROR result = WERR_OK; if (!construct_printer_info_3(print_hnd, &printer, snum)) return WERR_NOMEM; @@ -4876,30 +4868,33 @@ static WERROR getprinter_level_3(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_3(printer); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_info_3(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_info_3("", buffer, printer, 0); +out: /* clear memory */ free_printer_info_3(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinter_level_4(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_4(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_4 *printer=NULL; + WERROR result = WERR_OK; if((printer=SMB_MALLOC_P(PRINTER_INFO_4))==NULL) return WERR_NOMEM; @@ -4910,30 +4905,33 @@ static WERROR getprinter_level_4(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_4(printer); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_info_4(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_info_4("", buffer, printer, 0); +out: /* clear memory */ free_printer_info_4(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinter_level_5(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_5(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_5 *printer=NULL; + WERROR result = WERR_OK; if((printer=SMB_MALLOC_P(PRINTER_INFO_5))==NULL) return WERR_NOMEM; @@ -4944,27 +4942,30 @@ static WERROR getprinter_level_5(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_5(printer); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_info_5(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_info_5("", buffer, printer, 0); +out: /* clear memory */ free_printer_info_5(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + return result; } -static WERROR getprinter_level_7(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinter_level_7(Printer_entry *print_hnd, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { PRINTER_INFO_7 *printer=NULL; + WERROR result = WERR_OK; if((printer=SMB_MALLOC_P(PRINTER_INFO_7))==NULL) return WERR_NOMEM; @@ -4975,22 +4976,25 @@ static WERROR getprinter_level_7(Printer_entry *print_hnd, int snum, NEW_BUFFER /* check the required size. */ *needed += spoolss_size_printer_info_7(printer); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_info_7(printer); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } /* fill the buffer with the structures */ smb_io_printer_info_7("", buffer, printer, 0); +out: /* clear memory */ free_printer_info_7(printer); - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + return result; } /**************************************************************************** @@ -5000,7 +5004,7 @@ WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET { POLICY_HND *handle = &q_u->handle; uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; Printer_entry *Printer=find_printer_index_by_hnd(p, handle); @@ -5008,8 +5012,11 @@ WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET int snum; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } *needed=0; @@ -5433,149 +5440,154 @@ static void free_printer_driver_info_3(DRIVER_INFO_3 *info) static void free_printer_driver_info_6(DRIVER_INFO_6 *info) { SAFE_FREE(info->dependentfiles); - } /**************************************************************************** ****************************************************************************/ -static WERROR getprinterdriver2_level1(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinterdriver2_level1(fstring servername, fstring architecture, uint32 version, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_1 *info=NULL; - WERROR status; + WERROR result; if((info=SMB_MALLOC_P(DRIVER_INFO_1)) == NULL) return WERR_NOMEM; - status=construct_printer_driver_info_1(info, snum, servername, architecture, version); - if (!W_ERROR_IS_OK(status)) { - SAFE_FREE(info); - return status; - } + result = construct_printer_driver_info_1(info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(result)) + goto out; /* check the required size. */ *needed += spoolss_size_printer_driver_info_1(info); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_driver_info_1("", buffer, info, 0); +out: /* clear memory */ SAFE_FREE(info); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinterdriver2_level2(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinterdriver2_level2(fstring servername, fstring architecture, uint32 version, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_2 *info=NULL; - WERROR status; + WERROR result; if((info=SMB_MALLOC_P(DRIVER_INFO_2)) == NULL) return WERR_NOMEM; - status=construct_printer_driver_info_2(info, snum, servername, architecture, version); - if (!W_ERROR_IS_OK(status)) { - SAFE_FREE(info); - return status; - } + result = construct_printer_driver_info_2(info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(result)) + goto out; /* check the required size. */ *needed += spoolss_size_printer_driver_info_2(info); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_driver_info_2("", buffer, info, 0); +out: /* clear memory */ SAFE_FREE(info); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinterdriver2_level3(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinterdriver2_level3(fstring servername, fstring architecture, uint32 version, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_3 info; - WERROR status; + WERROR result; ZERO_STRUCT(info); - status=construct_printer_driver_info_3(&info, snum, servername, architecture, version); - if (!W_ERROR_IS_OK(status)) { - return status; - } + result = construct_printer_driver_info_3(&info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(result)) + goto out; /* check the required size. */ *needed += spoolss_size_printer_driver_info_3(&info); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_driver_info_3(&info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_driver_info_3("", buffer, &info, 0); +out: free_printer_driver_info_3(&info); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - - return WERR_OK; + return result; } /**************************************************************************** ****************************************************************************/ -static WERROR getprinterdriver2_level6(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinterdriver2_level6(fstring servername, fstring architecture, uint32 version, int snum, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_6 info; - WERROR status; + WERROR result; ZERO_STRUCT(info); - status=construct_printer_driver_info_6(&info, snum, servername, architecture, version); - if (!W_ERROR_IS_OK(status)) { - return status; - } + result = construct_printer_driver_info_6(&info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(result)) + goto out; /* check the required size. */ *needed += spoolss_size_printer_driver_info_6(&info); - if (!alloc_buffer_size(buffer, *needed)) { - free_printer_driver_info_6(&info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ smb_io_printer_driver_info_6("", buffer, &info, 0); +out: free_printer_driver_info_6(&info); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - - return WERR_OK; + return result; } /**************************************************************************** @@ -5587,7 +5599,7 @@ WERROR _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_ UNISTR2 *uni_arch = &q_u->architecture; uint32 level = q_u->level; uint32 clientmajorversion = q_u->clientmajorversion; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *servermajorversion = &r_u->servermajorversion; @@ -5599,8 +5611,11 @@ WERROR _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_ int snum; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_getprinterdriver2\n")); @@ -6389,8 +6404,10 @@ WERROR _spoolss_fcpn(pipes_struct *p, SPOOL_Q_FCPN *q_u, SPOOL_R_FCPN *r_u) WERROR _spoolss_addjob(pipes_struct *p, SPOOL_Q_ADDJOB *q_u, SPOOL_R_ADDJOB *r_u) { - /* that's an [in out] buffer (despite appearences to the contrary) */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); + /* that's an [in out] buffer */ + + if ( q_u->buffer ) + rpcbuf_move(q_u->buffer, &r_u->buffer); r_u->needed = 0; return WERR_INVALID_PARAM; /* this is what a NT server @@ -6476,11 +6493,12 @@ static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, static WERROR enumjobs_level1(print_queue_struct *queue, int snum, NT_PRINTER_INFO_LEVEL *ntprinter, - NEW_BUFFER *buffer, uint32 offered, + RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { JOB_INFO_1 *info; int i; + WERROR result = WERR_OK; info=SMB_MALLOC_ARRAY(JOB_INFO_1,*returned); if (info==NULL) { @@ -6498,24 +6516,28 @@ static WERROR enumjobs_level1(print_queue_struct *queue, int snum, for (i=0; i<*returned; i++) (*needed) += spoolss_size_job_info_1(&info[i]); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ for (i=0; i<*returned; i++) smb_io_job_info_1("", buffer, &info[i], 0); +out: /* clear memory */ SAFE_FREE(info); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** @@ -6524,19 +6546,17 @@ static WERROR enumjobs_level1(print_queue_struct *queue, int snum, static WERROR enumjobs_level2(print_queue_struct *queue, int snum, NT_PRINTER_INFO_LEVEL *ntprinter, - NEW_BUFFER *buffer, uint32 offered, + RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { JOB_INFO_2 *info = NULL; int i; - WERROR result; + WERROR result = WERR_OK; DEVICEMODE *devmode = NULL; - info=SMB_MALLOC_ARRAY(JOB_INFO_2,*returned); - if (info==NULL) { + if ( !(info = SMB_MALLOC_ARRAY(JOB_INFO_2,*returned)) ) { *returned=0; - result = WERR_NOMEM; - goto done; + return WERR_NOMEM; } /* this should not be a failure condition if the devmode is NULL */ @@ -6544,8 +6564,7 @@ static WERROR enumjobs_level2(print_queue_struct *queue, int snum, devmode = construct_dev_mode(snum); for (i=0; i<*returned; i++) - fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter, - devmode); + fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter, devmode); free_a_printer(&ntprinter, 2); SAFE_FREE(queue); @@ -6555,29 +6574,26 @@ static WERROR enumjobs_level2(print_queue_struct *queue, int snum, (*needed) += spoolss_size_job_info_2(&info[i]); if (*needed > offered) { - *returned=0; result = WERR_INSUFFICIENT_BUFFER; - goto done; + goto out; } - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(info); - result = WERR_INSUFFICIENT_BUFFER; - goto done; + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the structures */ for (i=0; i<*returned; i++) smb_io_job_info_2("", buffer, &info[i], 0); - result = WERR_OK; - - done: - free_a_printer(&ntprinter, 2); +out: free_devmode(devmode); - SAFE_FREE(queue); SAFE_FREE(info); + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; + return result; } @@ -6590,7 +6606,7 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO { POLICY_HND *handle = &q_u->handle; uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; @@ -6601,8 +6617,11 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO print_queue_struct *queue=NULL; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_enumjobs\n")); @@ -6703,15 +6722,15 @@ WERROR _spoolss_setjob(pipes_struct *p, SPOOL_Q_SETJOB *q_u, SPOOL_R_SETJOB *r_u Enumerates all printer drivers at level 1. ****************************************************************************/ -static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int i; int ndrivers; uint32 version; fstring *list = NULL; - NT_PRINTER_DRIVER_INFO_LEVEL driver; DRIVER_INFO_1 *tdi1, *driver_info_1=NULL; + WERROR result = WERR_OK; *returned=0; @@ -6757,9 +6776,14 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture *needed += spoolss_size_printer_driver_info_1(&driver_info_1[i]); } - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(driver_info_1); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the driver structures */ @@ -6768,29 +6792,28 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture smb_io_printer_driver_info_1("", buffer, &driver_info_1[i], 0); } +out: SAFE_FREE(driver_info_1); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** Enumerates all printer drivers at level 2. ****************************************************************************/ -static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int i; int ndrivers; uint32 version; fstring *list = NULL; - NT_PRINTER_DRIVER_INFO_LEVEL driver; DRIVER_INFO_2 *tdi2, *driver_info_2=NULL; + WERROR result = WERR_OK; *returned=0; @@ -6837,9 +6860,14 @@ static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture *needed += spoolss_size_printer_driver_info_2(&(driver_info_2[i])); } - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(driver_info_2); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the form structures */ @@ -6848,29 +6876,28 @@ static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture smb_io_printer_driver_info_2("", buffer, &(driver_info_2[i]), 0); } +out: SAFE_FREE(driver_info_2); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** Enumerates all printer drivers at level 3. ****************************************************************************/ -static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture, RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int i; int ndrivers; uint32 version; fstring *list = NULL; - NT_PRINTER_DRIVER_INFO_LEVEL driver; DRIVER_INFO_3 *tdi3, *driver_info_3=NULL; + WERROR result = WERR_OK; *returned=0; @@ -6917,28 +6944,32 @@ static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture *needed += spoolss_size_printer_driver_info_3(&driver_info_3[i]); } - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(driver_info_3); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; } - + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } + /* fill the buffer with the driver structures */ for (i=0; i<*returned; i++) { DEBUGADD(6,("adding driver [%d] to buffer\n",i)); smb_io_printer_driver_info_3("", buffer, &driver_info_3[i], 0); } +out: for (i=0; i<*returned; i++) SAFE_FREE(driver_info_3[i].dependentfiles); - + SAFE_FREE(driver_info_3); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** @@ -6948,22 +6979,25 @@ static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture WERROR _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS *q_u, SPOOL_R_ENUMPRINTERDRIVERS *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; - fstring *list = NULL; fstring servername; fstring architecture; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_enumprinterdrivers\n")); - *needed=0; - *returned=0; + + *needed = 0; + *returned = 0; unistr2_to_ascii(architecture, &q_u->environment, sizeof(architecture)-1); unistr2_to_ascii(servername, &q_u->name, sizeof(servername)-1); @@ -6979,8 +7013,6 @@ WERROR _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS case 3: return enumprinterdrivers_level3(servername, architecture, buffer, offered, needed, returned); default: - *returned=0; - SAFE_FREE(list); return WERR_UNKNOWN_LEVEL; } } @@ -7006,7 +7038,7 @@ static void fill_form_1(FORM_1 *form, nt_forms_struct *list) WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMFORMS *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *numofforms = &r_u->numofforms; @@ -7019,8 +7051,11 @@ WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMF int i; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_enumforms\n")); DEBUGADD(5,("Offered buffer size [%d]\n", offered)); @@ -7032,7 +7067,8 @@ WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMF DEBUGADD(5,("Number of user forms [%d]\n", *numofforms)); *numofforms += numbuiltinforms; - if (*numofforms == 0) return WERR_NO_MORE_ITEMS; + if (*numofforms == 0) + return WERR_NO_MORE_ITEMS; switch (level) { case 1: @@ -7068,10 +7104,17 @@ WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMF *needed=buffer_size; - if (!alloc_buffer_size(buffer, buffer_size)){ + if (*needed > offered) { SAFE_FREE(forms_1); + *numofforms=0; return WERR_INSUFFICIENT_BUFFER; } + + if (!rpcbuf_alloc_size(buffer, buffer_size)){ + SAFE_FREE(forms_1); + *numofforms=0; + return WERR_NOMEM; + } /* fill the buffer with the form structures */ for (i=0; i<numbuiltinforms; i++) { @@ -7085,12 +7128,7 @@ WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMF SAFE_FREE(forms_1); - if (*needed > offered) { - *numofforms=0; - return WERR_INSUFFICIENT_BUFFER; - } - else - return WERR_OK; + return WERR_OK; default: SAFE_FREE(list); @@ -7107,7 +7145,7 @@ WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * { uint32 level = q_u->level; UNISTR2 *uni_formname = &q_u->formname; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; @@ -7120,8 +7158,11 @@ WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * int numofforms=0, i=0; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } unistr2_to_ascii(form_name, uni_formname, sizeof(form_name)-1); @@ -7165,13 +7206,11 @@ WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * *needed=spoolss_size_form_1(&form_1); - if (!alloc_buffer_size(buffer, buffer_size)){ + if (*needed > offered) return WERR_INSUFFICIENT_BUFFER; - } - if (*needed > offered) { - return WERR_INSUFFICIENT_BUFFER; - } + if (!rpcbuf_alloc_size(buffer, buffer_size)) + return WERR_NOMEM; /* fill the buffer with the form structures */ DEBUGADD(6,("adding form %s [%d] to buffer\n", form_name, i)); @@ -7209,10 +7248,11 @@ static void fill_port_2(PORT_INFO_2 *port, const char *name) enumports level 1. ****************************************************************************/ -static WERROR enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumports_level_1(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PORT_INFO_1 *ports=NULL; int i=0; + WERROR result = WERR_OK; if (*lp_enumports_cmd()) { char *cmd = lp_enumports_cmd(); @@ -7274,9 +7314,14 @@ static WERROR enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need *needed += spoolss_size_port_info_1(&ports[i]); } - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(ports); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the ports structures */ @@ -7285,24 +7330,24 @@ static WERROR enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need smb_io_port_1("", buffer, &ports[i], 0); } +out: SAFE_FREE(ports); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** enumports level 2. ****************************************************************************/ -static WERROR enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumports_level_2(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PORT_INFO_2 *ports=NULL; int i=0; + WERROR result = WERR_OK; if (*lp_enumports_cmd()) { char *cmd = lp_enumports_cmd(); @@ -7372,9 +7417,14 @@ static WERROR enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need *needed += spoolss_size_port_info_2(&ports[i]); } - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(ports); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } /* fill the buffer with the ports structures */ @@ -7383,14 +7433,13 @@ static WERROR enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need smb_io_port_2("", buffer, &ports[i], 0); } +out: SAFE_FREE(ports); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** @@ -7400,14 +7449,17 @@ static WERROR enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need WERROR _spoolss_enumports( pipes_struct *p, SPOOL_Q_ENUMPORTS *q_u, SPOOL_R_ENUMPORTS *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_enumports\n")); @@ -7741,7 +7793,7 @@ static void fill_driverdir_1(DRIVER_DIRECTORY_1 *info, char *name) /**************************************************************************** ****************************************************************************/ -static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environment, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environment, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { pstring path; pstring long_archi; @@ -7749,6 +7801,7 @@ static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen char *pservername; const char *short_archi; DRIVER_DIRECTORY_1 *info=NULL; + WERROR result = WERR_OK; unistr2_to_ascii(servername, name, sizeof(servername)-1); unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi)-1); @@ -7778,19 +7831,22 @@ static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen *needed += spoolss_size_driverdir_info_1(info); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } smb_io_driverdir_1("", buffer, info, 0); +out: SAFE_FREE(info); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - - return WERR_OK; + return result; } /**************************************************************************** @@ -7801,13 +7857,16 @@ WERROR _spoolss_getprinterdriverdirectory(pipes_struct *p, SPOOL_Q_GETPRINTERDRI UNISTR2 *name = &q_u->name; UNISTR2 *uni_environment = &q_u->environment; uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(4,("_spoolss_getprinterdriverdirectory\n")); @@ -8367,9 +8426,10 @@ done: enumprintprocessors level 1. ****************************************************************************/ -static WERROR enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprintprocessors_level_1(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PRINTPROCESSOR_1 *info_1=NULL; + WERROR result = WERR_OK; if((info_1 = SMB_MALLOC_P(PRINTPROCESSOR_1)) == NULL) return WERR_NOMEM; @@ -8380,19 +8440,25 @@ static WERROR enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, ui *needed += spoolss_size_printprocessor_info_1(info_1); - if (!alloc_buffer_size(buffer, *needed)) - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } smb_io_printprocessor_info_1("", buffer, info_1, 0); +out: SAFE_FREE(info_1); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** @@ -8401,14 +8467,17 @@ static WERROR enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, ui WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS *q_u, SPOOL_R_ENUMPRINTPROCESSORS *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(5,("spoolss_enumprintprocessors\n")); @@ -8434,9 +8503,10 @@ WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS enumprintprocdatatypes level 1. ****************************************************************************/ -static WERROR enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprintprocdatatypes_level_1(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PRINTPROCDATATYPE_1 *info_1=NULL; + WERROR result = WERR_NOMEM; if((info_1 = SMB_MALLOC_P(PRINTPROCDATATYPE_1)) == NULL) return WERR_NOMEM; @@ -8447,19 +8517,25 @@ static WERROR enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, *needed += spoolss_size_printprocdatatype_info_1(info_1); - if (!alloc_buffer_size(buffer, *needed)) - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } smb_io_printprocdatatype_info_1("", buffer, info_1, 0); +out: SAFE_FREE(info_1); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** @@ -8468,14 +8544,17 @@ static WERROR enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDATATYPES *q_u, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(5,("_spoolss_enumprintprocdatatypes\n")); @@ -8494,9 +8573,10 @@ WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDAT enumprintmonitors level 1. ****************************************************************************/ -static WERROR enumprintmonitors_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprintmonitors_level_1(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PRINTMONITOR_1 *info_1=NULL; + WERROR result = WERR_OK; if((info_1 = SMB_MALLOC_P(PRINTMONITOR_1)) == NULL) return WERR_NOMEM; @@ -8507,28 +8587,35 @@ static WERROR enumprintmonitors_level_1(NEW_BUFFER *buffer, uint32 offered, uint *needed += spoolss_size_printmonitor_info_1(info_1); - if (!alloc_buffer_size(buffer, *needed)) - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } smb_io_printmonitor_info_1("", buffer, info_1, 0); +out: SAFE_FREE(info_1); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; - return WERR_OK; + return result; } /**************************************************************************** enumprintmonitors level 2. ****************************************************************************/ -static WERROR enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static WERROR enumprintmonitors_level_2(RPC_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { PRINTMONITOR_2 *info_2=NULL; + WERROR result = WERR_OK; if((info_2 = SMB_MALLOC_P(PRINTMONITOR_2)) == NULL) return WERR_NOMEM; @@ -8541,19 +8628,25 @@ static WERROR enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint *needed += spoolss_size_printmonitor_info_2(info_2); - if (!alloc_buffer_size(buffer, *needed)) - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; + } smb_io_printmonitor_info_2("", buffer, info_2, 0); +out: SAFE_FREE(info_2); - if (*needed > offered) { - *returned=0; - return WERR_INSUFFICIENT_BUFFER; - } - - return WERR_OK; + if ( !W_ERROR_IS_OK(result) ) + *returned = 0; + + return result; } /**************************************************************************** @@ -8562,14 +8655,17 @@ static WERROR enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_u, SPOOL_R_ENUMPRINTMONITORS *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; uint32 *returned = &r_u->returned; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(5,("spoolss_enumprintmonitors\n")); @@ -8598,12 +8694,13 @@ WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_ static WERROR getjob_level_1(print_queue_struct **queue, int count, int snum, NT_PRINTER_INFO_LEVEL *ntprinter, - uint32 jobid, NEW_BUFFER *buffer, uint32 offered, + uint32 jobid, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { int i=0; BOOL found=False; JOB_INFO_1 *info_1=NULL; + WERROR result = WERR_OK; info_1=SMB_MALLOC_P(JOB_INFO_1); @@ -8626,19 +8723,22 @@ static WERROR getjob_level_1(print_queue_struct **queue, int count, int snum, *needed += spoolss_size_job_info_1(info_1); - if (!alloc_buffer_size(buffer, *needed)) { - SAFE_FREE(info_1); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_NOMEM; + goto out; } smb_io_job_info_1("", buffer, info_1, 0); +out: SAFE_FREE(info_1); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - - return WERR_OK; + return result; } /**************************************************************************** @@ -8646,7 +8746,7 @@ static WERROR getjob_level_1(print_queue_struct **queue, int count, int snum, static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, NT_PRINTER_INFO_LEVEL *ntprinter, - uint32 jobid, NEW_BUFFER *buffer, uint32 offered, + uint32 jobid, RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { int i = 0; @@ -8698,18 +8798,18 @@ static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, *needed += spoolss_size_job_info_2(info_2); - if (!alloc_buffer_size(buffer, *needed)) { + if (*needed > offered) { ret = WERR_INSUFFICIENT_BUFFER; goto done; } - smb_io_job_info_2("", buffer, info_2, 0); - - if (*needed > offered) { + if (!rpcbuf_alloc_size(buffer, *needed)) { ret = WERR_INSUFFICIENT_BUFFER; goto done; } + smb_io_job_info_2("", buffer, info_2, 0); + ret = WERR_OK; done: @@ -8729,7 +8829,7 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_ POLICY_HND *handle = &q_u->handle; uint32 jobid = q_u->jobid; uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; WERROR wstatus = WERR_OK; @@ -8740,8 +8840,11 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_ print_status_struct prt_status; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(5,("spoolss_getjob\n")); @@ -9307,13 +9410,14 @@ static void fill_printprocessordirectory_1(PRINTPROCESSOR_DIRECTORY_1 *info, cha static WERROR getprintprocessordirectory_level_1(UNISTR2 *name, UNISTR2 *environment, - NEW_BUFFER *buffer, + RPC_BUFFER *buffer, uint32 offered, uint32 *needed) { pstring path; pstring long_archi; PRINTPROCESSOR_DIRECTORY_1 *info=NULL; + WERROR result = WERR_OK; unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1); @@ -9329,32 +9433,38 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name, *needed += spoolss_size_printprocessordirectory_info_1(info); - if (!alloc_buffer_size(buffer, *needed)) { - safe_free(info); - return WERR_INSUFFICIENT_BUFFER; + if (*needed > offered) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; + } + + if (!rpcbuf_alloc_size(buffer, *needed)) { + result = WERR_INSUFFICIENT_BUFFER; + goto out; } smb_io_printprocessordirectory_1("", buffer, info, 0); - safe_free(info); +out: + SAFE_FREE(info); - if (*needed > offered) - return WERR_INSUFFICIENT_BUFFER; - else - return WERR_OK; + return result; } WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROCESSORDIRECTORY *q_u, SPOOL_R_GETPRINTPROCESSORDIRECTORY *r_u) { uint32 level = q_u->level; - NEW_BUFFER *buffer = NULL; + RPC_BUFFER *buffer = NULL; uint32 offered = q_u->offered; uint32 *needed = &r_u->needed; WERROR result; /* that's an [in out] buffer */ - spoolss_move_buffer(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + + if ( q_u->buffer ) { + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + } DEBUG(5,("_spoolss_getprintprocessordirectory\n")); |