summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h7
-rw-r--r--source3/rpc_parse/parse_prs.c3
-rw-r--r--source3/rpc_parse/parse_spoolss.c97
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c11
4 files changed, 86 insertions, 32 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 050de09c65..a221cca22c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2598,8 +2598,13 @@ BOOL spoolss_io_r_setform(char *desc, SPOOL_R_SETFORM *r_u, prs_struct *ps, int
BOOL spoolss_io_r_getjob(char *desc, SPOOL_R_GETJOB *r_u, prs_struct *ps, int depth);
BOOL spoolss_io_q_getjob(char *desc, SPOOL_Q_GETJOB *q_u, prs_struct *ps, int depth);
void free_devmode(DEVICEMODE *devmode);
-void free_printer_info_3(PRINTER_INFO_3 *printer);
+void free_printer_info_1(PRINTER_INFO_1 *printer);
void free_printer_info_2(PRINTER_INFO_2 *printer);
+void free_printer_info_3(PRINTER_INFO_3 *printer);
+void free_spool_printer_info_1(SPOOL_PRINTER_INFO_LEVEL_1 *printer);
+void free_spool_printer_info_2(SPOOL_PRINTER_INFO_LEVEL_2 *printer);
+void free_spool_printer_info_3(SPOOL_PRINTER_INFO_LEVEL_3 *printer);
+void free_spool_printer_info_level(SPOOL_PRINTER_INFO_LEVEL *pil);
void free_print2_array(uint32 num_entries, PRINTER_INFO_2 **entries);
void free_print1_array(uint32 num_entries, PRINTER_INFO_1 **entries);
void free_job1_array(uint32 num_entries, JOB_INFO_1 **entries);
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 422b420a3c..0e057e9403 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -232,6 +232,9 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
(unsigned int)new_size));
+ /* JRATEST */
+ smb_panic("prs_grow: ralloc fail\n");
+ /* JRATEST */
return False;
}
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index e81f0c286f..55bfd4fe57 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -270,12 +270,12 @@ static BOOL smb_io_notify_option_type_ctr(char *desc, SPOOL_NOTIFY_OPTION_TYPE_C
/* the option type struct */
for(i=0;i<ctr->count;i++)
- if(!smb_io_notify_option_type("", &(ctr->type[i]) , ps, depth))
+ if(!smb_io_notify_option_type("", &ctr->type[i] , ps, depth))
return False;
/* the type associated with the option type struct */
for(i=0;i<ctr->count;i++)
- if(!smb_io_notify_option_type_data("", &(ctr->type[i]) , ps, depth))
+ if(!smb_io_notify_option_type_data("", &ctr->type[i] , ps, depth))
return False;
return True;
@@ -1473,20 +1473,20 @@ static BOOL new_smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, ui
static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
SEC_DESC **secdesc)
{
- prs_struct *ps=&(buffer->prs);
+ prs_struct *ps= &buffer->prs;
prs_debug(ps, depth, desc, "new_smb_io_relsecdesc");
depth++;
- if (MARSHALLING(ps))
- {
+ if (MARSHALLING(ps)) {
uint32 struct_offset = prs_offset(ps);
uint32 relative_offset;
- if (*secdesc != NULL)
- {
- buffer->string_at_end -= 256; /* HACK! */
-
+ if (*secdesc != NULL) {
+#if 0 /* JRA */
+ buffer->string_at_end -= 256; /* HACK! */
+#endif
+
prs_set_offset(ps, buffer->string_at_end);
/* write the secdesc */
@@ -1500,9 +1500,7 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
/* write its offset */
if (!prs_uint32("offset", ps, depth, &relative_offset))
return False;
- }
- else
- {
+ } else {
uint32 old_offset;
/* read the offset */
@@ -2874,12 +2872,14 @@ BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps
}
/*******************************************************************
- Delete the dynamic parts of a SPOOL_Q_SETPRINTE struct.
+ Delete the dynamic parts of a SPOOL_Q_SETPRINTER struct.
********************************************************************/
void free_spoolss_q_setprinter(SPOOL_Q_SETPRINTER *q_u)
{
+ free_spool_printer_info_level(&q_u->info);
free_sec_desc_buf( &q_u->secdesc_ctr );
+ free_devmode( q_u->devmode_ctr.devmode );
}
/*******************************************************************
@@ -3519,6 +3519,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
if (UNMARSHALLING(ps)) {
if ((il->info_1=(SPOOL_PRINTER_INFO_LEVEL_1 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_1))) == NULL)
return False;
+ ZERO_STRUCTP(il->info_1);
}
if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))
return False;
@@ -3528,6 +3529,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
if (UNMARSHALLING(ps)) {
if ((il->info_2=(SPOOL_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_2))) == NULL)
return False;
+ ZERO_STRUCTP(il->info_2);
}
if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))
return False;
@@ -3537,6 +3539,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
if (UNMARSHALLING(ps)) {
if ((il->info_3=(SPOOL_PRINTER_INFO_LEVEL_3 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_3))) == NULL)
return False;
+ ZERO_STRUCTP(il->info_3);
}
if (!spool_io_printer_info_level_3("", il->info_3, ps, depth))
return False;
@@ -4769,29 +4772,72 @@ BOOL spoolss_io_q_getjob(char *desc, SPOOL_Q_GETJOB *q_u, prs_struct *ps, int de
void free_devmode(DEVICEMODE *devmode)
{
if (devmode!=NULL) {
- if (devmode->private!=NULL)
- free(devmode->private);
- free(devmode);
+ safe_free(devmode->private);
+ safe_free(devmode);
}
}
-void free_printer_info_3(PRINTER_INFO_3 *printer)
+void free_printer_info_1(PRINTER_INFO_1 *printer)
+{
+ safe_free(printer);
+}
+
+void free_printer_info_2(PRINTER_INFO_2 *printer)
{
if (printer!=NULL) {
+ free_devmode(printer->devmode);
+ printer->devmode = NULL;
if (printer->secdesc != NULL)
free_sec_desc(&printer->secdesc);
- free(printer);
+ safe_free(printer);
}
}
-void free_printer_info_2(PRINTER_INFO_2 *printer)
+void free_printer_info_3(PRINTER_INFO_3 *printer)
{
if (printer!=NULL) {
- free_devmode(printer->devmode);
- printer->devmode = NULL;
if (printer->secdesc != NULL)
free_sec_desc(&printer->secdesc);
- free(printer);
+ safe_free(printer);
+ }
+}
+
+void free_spool_printer_info_1(SPOOL_PRINTER_INFO_LEVEL_1 *printer)
+{
+ safe_free(printer);
+}
+
+void free_spool_printer_info_2(SPOOL_PRINTER_INFO_LEVEL_2 *printer)
+{
+ if (printer!=NULL) {
+ if (printer->secdesc != NULL)
+ free_sec_desc_buf(&printer->secdesc);
+ safe_free(printer);
+ }
+}
+
+void free_spool_printer_info_3(SPOOL_PRINTER_INFO_LEVEL_3 *printer)
+{
+ safe_free(printer);
+}
+
+void free_spool_printer_info_level(SPOOL_PRINTER_INFO_LEVEL *pil)
+{
+ if (pil == NULL)
+ return;
+
+ switch (pil->level) {
+ case 1:
+ free_spool_printer_info_1(pil->info_1);
+ break;
+ case 2:
+ free_spool_printer_info_2(pil->info_2);
+ break;
+ case 3:
+ free_spool_printer_info_3(pil->info_3);
+ break;
+ default:
+ break;
}
}
@@ -4824,16 +4870,11 @@ PRINTER_INFO_2 *add_print2_to_array(uint32 *len, PRINTER_INFO_2 ***array,
static PRINTER_INFO_1 *prt1_dup(const PRINTER_INFO_1* from)
{
PRINTER_INFO_1 *copy = (PRINTER_INFO_1 *)malloc(sizeof(PRINTER_INFO_1));
- if (copy != NULL)
- {
+ if (copy != NULL) {
if (from != NULL)
- {
memcpy(copy, from, sizeof(*copy));
- }
else
- {
ZERO_STRUCTP(copy);
- }
}
return copy;
}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 327a4a15fe..393ba64130 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -473,7 +473,7 @@ static BOOL alloc_buffer_size(NEW_BUFFER *buffer, uint32 buffer_size)
uint32 extra_space;
uint32 old_offset;
- ps=&(buffer->prs);
+ ps= &buffer->prs;
/* damn, I'm doing the reverse operation of prs_grow() :) */
if (buffer_size < prs_data_size(ps))
@@ -2398,7 +2398,10 @@ static uint32 getprinter_level_2(fstring servername, int snum, NEW_BUFFER *buffe
}
/* fill the buffer with the structures */
- new_smb_io_printer_info_2("", buffer, printer, 0);
+ if (!new_smb_io_printer_info_2("", buffer, printer, 0)) {
+ free_printer_info_2(printer);
+ return ERROR_NOT_ENOUGH_MEMORY;
+ }
/* clear memory */
free_printer_info_2(printer);
@@ -3002,7 +3005,6 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level,
{
int snum;
NT_PRINTER_INFO_LEVEL *printer = NULL;
- NT_DEVICEMODE *ntdevmode = NULL;
Printer_entry *Printer = find_printer_index_by_hnd(handle);
DEBUG(8,("update_printer\n"));
@@ -3025,6 +3027,7 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level,
convert_printer_info(info, printer, level);
if (info->info_2->devmode_ptr != 0) {
+ NT_DEVICEMODE *ntdevmode = NULL;
/* we have a valid devmode
convert it and link it*/
@@ -3036,6 +3039,7 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level,
}
convert_devicemode(devmode, ntdevmode);
+ free_nt_devicemode(&ntdevmode);
} else {
if (printer->info_2->devmode != NULL)
free_nt_devicemode(&printer->info_2->devmode);
@@ -3097,6 +3101,7 @@ uint32 _spoolss_fcpn(const POLICY_HND *handle)
Printer->notify.localmachine[0]='\0';
Printer->notify.printerlocal=0;
safe_free(Printer->notify.option);
+ safe_free(Printer->notify.option->ctr.type);
Printer->notify.option=NULL;
return NT_STATUS_NO_PROBLEMO;