summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/rpc_parse/parse_prs.c6
-rw-r--r--source3/rpc_parse/parse_spoolss.c19
-rwxr-xr-xsource3/rpc_server/srv_spoolss.c2
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c29
5 files changed, 37 insertions, 20 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d4c5f442d4..7f94fef7d7 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2589,6 +2589,7 @@ BOOL make_spoolss_q_enumprinterdata(SPOOL_Q_ENUMPRINTERDATA *q_u,
const POLICY_HND *hnd,
uint32 idx, uint32 valuelen, uint32 datalen);
BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_struct *ps, int depth);
+void free_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u);
BOOL spoolss_io_r_setprinterdata(char *desc, SPOOL_R_SETPRINTERDATA *r_u, prs_struct *ps, int depth);
BOOL convert_specific_param(NT_PRINTER_PARAM **param, const UNISTR2 *value,
uint32 type, const uint8 *data, uint32 len);
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 0e057e9403..d277182043 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -232,9 +232,6 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
(unsigned int)new_size));
- /* JRATEST */
- smb_panic("prs_grow: ralloc fail\n");
- /* JRATEST */
return False;
}
@@ -343,6 +340,9 @@ BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
{
+ if (len == 0)
+ return True;
+
if(!prs_grow(dst, len))
return False;
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 2e6f8ba590..4530f638bc 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1529,7 +1529,7 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
********************************************************************/
static BOOL new_smb_io_reldevmode(char *desc, NEW_BUFFER *buffer, int depth, DEVICEMODE **devmode)
{
- prs_struct *ps=&(buffer->prs);
+ prs_struct *ps=&buffer->prs;
prs_debug(ps, depth, desc, "new_smb_io_reldevmode");
depth++;
@@ -2022,7 +2022,7 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
prs_debug(ps, depth, desc, "new_spoolss_io_buffer");
depth++;
- if (!prs_uint32("ptr", ps, depth, &(buffer->ptr)))
+ if (!prs_uint32("ptr", ps, depth, &buffer->ptr))
return False;
/* reading */
@@ -2031,7 +2031,7 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
buffer->string_at_end=0;
if (buffer->ptr==0) {
- if (!prs_init(&(buffer->prs), 0, 4, UNMARSHALL))
+ if (!prs_init(&buffer->prs, 0, 4, UNMARSHALL))
return False;
return True;
}
@@ -2039,10 +2039,10 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
if (!prs_uint32("size", ps, depth, &buffer->size))
return False;
- if (!prs_init(&(buffer->prs), buffer->size, 4, UNMARSHALL))
+ if (!prs_init(&buffer->prs, buffer->size, 4, UNMARSHALL))
return False;
- if (!prs_append_some_prs_data(&(buffer->prs), ps, prs_offset(ps), buffer->size))
+ if (!prs_append_some_prs_data(&buffer->prs, ps, prs_offset(ps), buffer->size))
return False;
if (!prs_set_offset(&buffer->prs, 0))
@@ -2060,9 +2060,9 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
if (buffer->ptr==0)
return True;
- if (!prs_uint32("size", ps, depth, &(buffer->size)))
+ if (!prs_uint32("size", ps, depth, &buffer->size))
return False;
- if (!prs_append_some_prs_data(ps, &(buffer->prs), 0, buffer->size))
+ if (!prs_append_some_prs_data(ps, &buffer->prs, 0, buffer->size))
return False;
return True;
@@ -4543,6 +4543,11 @@ BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_st
return True;
}
+void free_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u)
+{
+ safe_free(q_u->data);
+}
+
/*******************************************************************
********************************************************************/
BOOL spoolss_io_r_setprinterdata(char *desc, SPOOL_R_SETPRINTERDATA *r_u, prs_struct *ps, int depth)
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index 2513fe91e6..c2839bfbf7 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -930,6 +930,8 @@ static BOOL api_spoolss_setprinterdata(prs_struct *data, prs_struct *rdata)
&q_u.value, q_u.type, q_u.max_len,
q_u.data, q_u.real_len, q_u.numeric_data);
+ free_spoolss_q_setprinterdata(&q_u);
+
if(!spoolss_io_r_setprinterdata("", &r_u, rdata, 0)) {
DEBUG(0,("spoolss_io_r_setprinterdata: unable to marshall SPOOL_R_SETPRINTERDATA.\n"));
return False;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 8015b9e4f8..8dca09dc95 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -773,13 +773,17 @@ static BOOL getprinterdata_printer(const POLICY_HND *handle,
DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size));
- if((*data = (uint8 *)malloc( in_size *sizeof(uint8) )) == NULL) {
- return False;
- }
+ if (in_size) {
+ if((*data = (uint8 *)malloc( in_size *sizeof(uint8) )) == NULL) {
+ return False;
+ }
- memset(*data, 0, in_size *sizeof(uint8));
- /* copy the min(in_size, len) */
- memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
+ memset(*data, 0, in_size *sizeof(uint8));
+ /* copy the min(in_size, len) */
+ memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
+ } else {
+ *data = NULL;
+ }
*needed = len;
@@ -835,9 +839,14 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename,
if (found==False) {
DEBUG(5, ("value not found, allocating %d\n", *out_size));
/* reply this param doesn't exist */
- if((*data=(uint8 *)malloc(*out_size*sizeof(uint8))) == NULL)
- return ERROR_NOT_ENOUGH_MEMORY;
- memset(*data, 0x0, *out_size*sizeof(uint8));
+ if (*out_size) {
+ if((*data=(uint8 *)malloc(*out_size*sizeof(uint8))) == NULL)
+ return ERROR_NOT_ENOUGH_MEMORY;
+ memset(*data, '\0', *out_size*sizeof(uint8));
+ } else {
+ *data = NULL;
+ }
+
return ERROR_INVALID_PARAMETER;
}
@@ -3102,8 +3111,8 @@ uint32 _spoolss_fcpn(const POLICY_HND *handle)
Printer->notify.options=0;
Printer->notify.localmachine[0]='\0';
Printer->notify.printerlocal=0;
- safe_free(Printer->notify.option);
safe_free(Printer->notify.option->ctr.type);
+ safe_free(Printer->notify.option);
Printer->notify.option=NULL;
return NT_STATUS_NO_PROBLEMO;
generated by cgit (git 2.34.1) at 2024-07-05 14:44:47 +0000