summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/lib/util.c62
-rw-r--r--source3/nmbd/nmbd_incomingdgrams.c2
-rw-r--r--source3/nmbd/nmbd_processlogon.c2
-rw-r--r--source3/smbd/lanman.c147
4 files changed, 134 insertions, 79 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c
index b74c08991a..b558571a77 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -3126,24 +3126,74 @@ int this_is_smp(void)
}
/****************************************************************
- Return a safe offset into a buffer, or NULL.
+ Check if an offset into a buffer is safe.
****************************************************************/
-char *get_safe_offset(const char *buf_base, size_t buf_len, char *ptr, size_t off)
+BOOL is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off)
{
const char *end_base = buf_base + buf_len;
char *end_ptr = ptr + off;
if (!buf_base || !ptr) {
- return NULL;
+ return False;
}
if (end_base < buf_base || end_ptr < ptr) {
- return NULL; /* wrap. */
+ return False; /* wrap. */
}
if (end_ptr < end_base) {
- return end_ptr;
+ return True;
}
- return NULL;
+ return False;
+}
+
+/****************************************************************
+ Return a safe pointer into a buffer, or NULL.
+****************************************************************/
+
+char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off)
+{
+ return is_offset_safe(buf_base, buf_len, ptr, off) ?
+ ptr + off : NULL;
+}
+
+/****************************************************************
+ Return a safe pointer into a string within a buffer, or NULL.
+****************************************************************/
+
+char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off)
+{
+ if (!is_offset_safe(buf_base, buf_len, ptr, off)) {
+ return NULL;
+ }
+ /* Check if a valid string exists at this offset. */
+ if (skip_string(buf_base,buf_len, ptr + off, 1) == NULL) {
+ return NULL;
+ }
+ return ptr + off;
+}
+
+/****************************************************************
+ Return an SVAL at a pointer, or failval if beyond the end.
+****************************************************************/
+
+int get_safe_SVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval)
+{
+ if (!is_offset_safe(buf_base, buf_len, ptr, off+2)) {
+ return failval;
+ }
+ return SVAL(ptr,0);
+}
+
+/****************************************************************
+ Return an IVAL at a pointer, or failval if beyond the end.
+****************************************************************/
+
+int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval)
+{
+ if (!is_offset_safe(buf_base, buf_len, ptr, off+4)) {
+ return failval;
+ }
+ return IVAL(ptr,0);
}
diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c
index ef23f3a20d..ec8aa370ce 100644
--- a/source3/nmbd/nmbd_incomingdgrams.c
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -429,7 +429,7 @@ void process_lm_host_announce(struct subnet_record *subrec, struct packet_struct
unstring work_name;
unstring source_name;
fstring comment;
- char *s = get_safe_offset(buf,len,buf,9);
+ char *s = get_safe_str_ptr(buf,len,buf,9);
START_PROFILE(lm_host_announce);
if (!s) {
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index 6b10d61267..b23e6b996e 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -91,7 +91,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
pstrcpy(my_name, global_myname());
- code = get_safe_offset(buf,len,buf,2) ? SVAL(buf,0) : -1;
+ code = get_safe_SVAL(buf,len,buf,0,-1);
DEBUG(4,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p->ip), code));
switch (code) {
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index f0e553e231..03411b8dd9 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -777,7 +777,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
char *QueueName = p;
@@ -800,10 +800,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid,
if (!p) {
return False;
}
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- str3 = get_safe_offset(param,tpscnt,p,4) ? p + 4 : 0;
- /* Check if string exists. */
- if (skip_string(param,tpscnt,str3,1) == NULL) {
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
+ str3 = get_safe_str_ptr(param,tpscnt,p,4);
+ if (!str3) {
return False;
}
@@ -905,11 +904,11 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid,
char **rdata, char** rparam,
int *rdata_len, int *rparam_len)
{
- char *param_format = get_safe_offset(param,tpscnt,param,2);
+ char *param_format = get_safe_str_ptr(param,tpscnt,param,2);
char *output_format1 = skip_string(param,tpscnt,param_format,1);
char *p = skip_string(param,tpscnt,output_format1,1);
- unsigned int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- char *output_format2 = get_safe_offset(param,tpscnt,p,4);
+ unsigned int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
+ char *output_format2 = get_safe_str_ptr(param,tpscnt,p,4);
int services = lp_numservices();
int i, n;
struct pack_desc desc;
@@ -1282,12 +1281,12 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid,
int mdrcnt, int mprcnt, char **rdata,
char **rparam, int *rdata_len, int *rparam_len)
{
- char *str1 = get_safe_offset(param, tpscnt, param, 2);
+ char *str1 = get_safe_str_ptr(param, tpscnt, param, 2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
- int uLevel = get_safe_offset(param, tpscnt, p, 2) ? SVAL(p,0) : -1;
- int buf_len = get_safe_offset(param,tpscnt, p, 4) ? SVAL(p,2) : 0;
- uint32 servertype = get_safe_offset(param,tpscnt,p,8) ? IVAL(p,4) : 0;
+ int uLevel = get_safe_SVAL(param, tpscnt, p, 0, -1);
+ int buf_len = get_safe_SVAL(param,tpscnt, p, 2, 0);
+ uint32 servertype = get_safe_IVAL(param,tpscnt,p,4, 0);
char *p2;
int data_len, fixed_len, string_len;
int f_len = 0, s_len = 0;
@@ -1438,11 +1437,11 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid,
int mdrcnt, int mprcnt, char **rdata,
char **rparam, int *rdata_len, int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- int buf_len = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : 0;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
+ int buf_len = get_safe_SVAL(param,tpscnt,p,2,0);
int counted=0;
int missed=0;
@@ -1628,11 +1627,11 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *netname = skip_string(param,tpscnt,str2,1);
char *p = skip_string(param,tpscnt,netname,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
int snum;
if (!str1 || !str2 || !netname || !p) {
@@ -1694,11 +1693,11 @@ static BOOL api_RNetShareEnum( connection_struct *conn, uint16 vuid,
int *rdata_len,
int *rparam_len )
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- int buf_len = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : 0;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
+ int buf_len = get_safe_SVAL(param,tpscnt,p,2,0);
char *p2;
int count = 0;
int total=0,counted=0;
@@ -1799,10 +1798,10 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
fstring sharename;
fstring comment;
pstring pathname;
@@ -1939,7 +1938,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
int i;
int errflags=0;
int resume_context, cli_buf_size;
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
@@ -1978,8 +1977,8 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
return False;
}
- resume_context = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- cli_buf_size= get_safe_offset(param,tpscnt,p,4) ? SVAL(p+2,0) : 0;
+ resume_context = get_safe_SVAL(param,tpscnt,p,0,-1);
+ cli_buf_size= get_safe_SVAL(param,tpscnt,p,2,0);
DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: "
"%d\n", resume_context, cli_buf_size));
@@ -2042,11 +2041,11 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *UserName = skip_string(param,tpscnt,str2,1);
char *p = skip_string(param,tpscnt,UserName,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
const char *level_string;
int count=0;
struct samu *sampw = NULL;
@@ -2188,7 +2187,7 @@ static BOOL api_RNetUserEnum(connection_struct *conn, uint16 vuid,
struct pdb_search *search;
struct samr_displayentry *users;
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
@@ -2206,8 +2205,8 @@ static BOOL api_RNetUserEnum(connection_struct *conn, uint16 vuid,
* h -> return parameter total number of users
*/
- resume_context = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- cli_buf_size= get_safe_offset(param,tpscnt,p,4) ? SVAL(p+2,0) : 0;
+ resume_context = get_safe_SVAL(param,tpscnt,p,0,-1);
+ cli_buf_size= get_safe_SVAL(param,tpscnt,p,2,0);
DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n",
resume_context, cli_buf_size));
@@ -2343,7 +2342,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *np = get_safe_offset(param,tpscnt,param,2);
+ char *np = get_safe_str_ptr(param,tpscnt,param,2);
char *p = skip_string(param,tpscnt,np,2);
fstring user;
fstring pass1,pass2;
@@ -2365,7 +2364,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid,
memset(pass1,'\0',sizeof(pass1));
memset(pass2,'\0',sizeof(pass2));
- if (get_safe_offset(param,tpscnt,p,32) == NULL) {
+ if (!is_offset_safe(param,tpscnt,p,32)) {
return False;
}
memcpy(pass1,p,16);
@@ -2447,7 +2446,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid,
int *rdata_len,int *rparam_len)
{
fstring user;
- char *p = get_safe_offset(param,tpscnt,param,2);
+ char *p = get_safe_str_ptr(param,tpscnt,param,2);
*rparam_len = 2;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
if (!*rparam) {
@@ -2524,8 +2523,8 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- int function = get_safe_offset(param,tpscnt,param,2) ? SVAL(param,0) : 0;
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ int function = get_safe_SVAL(param,tpscnt,param,0,0);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
uint32 jobid;
@@ -2537,7 +2536,7 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid,
if (!str1 || !str2 || !p) {
return False;
}
- if (get_safe_offset(param,tpscnt,p,2) == NULL) {
+ if (!is_offset_safe(param,tpscnt,p,2)) {
return False;
}
if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
@@ -2603,8 +2602,8 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- int function = get_safe_offset(param,tpscnt,param,2) ? SVAL(param,0) : 0;
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ int function = get_safe_SVAL(param,tpscnt,param,0,0);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *QueueName = skip_string(param,tpscnt,str2,1);
int errcode = NERR_notsupported;
@@ -2626,6 +2625,9 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid,
}
*rdata_len = 0;
+ if (skip_string(param,tpscnt,QueueName,1) == NULL) {
+ return False;
+ }
snum = print_queue_snum(QueueName);
if (snum == -1) {
@@ -2686,19 +2688,19 @@ static BOOL api_PrintJobInfo(connection_struct *conn, uint16 vuid,
int *rdata_len,int *rparam_len)
{
struct pack_desc desc;
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
uint32 jobid;
fstring sharename;
- int uLevel = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : -1;
- int function = get_safe_offset(param,tpscnt,p,6) ? SVAL(p,4) : -1;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,2,-1);
+ int function = get_safe_SVAL(param,tpscnt,p,4,-1);
int place, errcode;
if (!str1 || !str2 || !p) {
return False;
}
- if (get_safe_offset(param,tpscnt,p,2) == NULL) {
+ if (!is_offset_safe(param,tpscnt,p,2)) {
return False;
}
if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
@@ -2769,10 +2771,10 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
char *p2;
int struct_len;
@@ -2910,11 +2912,11 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
char *p2;
- int level = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int level = get_safe_SVAL(param,tpscnt,p,0,-1);
if (!str1 || !str2 || !p) {
return False;
@@ -2943,7 +2945,7 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
- p2 = get_safe_offset(*rdata,*rdata_len,p,22);
+ p2 = get_safe_ptr(*rdata,*rdata_len,p,22);
if (!p2) {
return False;
}
@@ -3178,11 +3180,11 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *UserName = skip_string(param,tpscnt,str2,1);
char *p = skip_string(param,tpscnt,UserName,1);
- int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
char *p2;
const char *level_string;
@@ -3234,7 +3236,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
- p2 = get_safe_offset(*rdata,*rdata_len,p,usri11_end);
+ p2 = get_safe_ptr(*rdata,*rdata_len,p,usri11_end);
if (!p2) {
return False;
}
@@ -3398,7 +3400,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -3417,11 +3419,11 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
vuser->user.unix_name));
}
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
- if (skip_string(param,tpscnt,p+2,1) == NULL) {
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
+ name = get_safe_str_ptr(param,tpscnt,p,2);
+ if (!name) {
return False;
}
- name = p + 2;
memset((char *)&desc,'\0',sizeof(desc));
@@ -3501,7 +3503,7 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *user = skip_string(param,tpscnt,str2,1);
char *resource = skip_string(param,tpscnt,user,1);
@@ -3510,6 +3512,9 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid,
return False;
}
+ if (skip_string(param,tpscnt,resource,1) == NULL) {
+ return False;
+ }
DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource));
/* check it's a supported varient */
@@ -3543,7 +3548,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -3561,7 +3566,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn, uint16 vuid,
return False;
}
- uLevel = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,2,-1);
memset((char *)&desc,'\0',sizeof(desc));
memset((char *)&status,'\0',sizeof(status));
@@ -3642,7 +3647,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
char *name = p;
@@ -3665,7 +3670,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid,
if (!p) {
return False;
}
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name));
@@ -3795,7 +3800,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
char* PrinterName = p;
@@ -3814,7 +3819,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn, uint16 vuid,
if (!p) {
return False;
}
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName));
@@ -3875,7 +3880,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -3890,7 +3895,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn, uint16 vuid,
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel));
@@ -3956,7 +3961,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -3969,7 +3974,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn, uint16 vuid,
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : 0;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel));
@@ -4019,7 +4024,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -4031,7 +4036,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn, uint16 vuid,
}
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel));
@@ -4082,7 +4087,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn, uint16 vuid,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -4095,7 +4100,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn, uint16 vuid,
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel));
@@ -4152,7 +4157,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid,
int *rdata_len,int *rparam_len)
{
- char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1,1);
char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
@@ -4166,7 +4171,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid,
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
DEBUG(3,("RNetSessionEnum uLevel=%d\n",uLevel));
DEBUG(7,("RNetSessionEnum req string=%s\n",str1));
generated by cgit (git 2.34.1) at 2024-07-06 09:23:06 +0000