diff options
-rw-r--r-- | source3/include/proto.h | 4 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 54 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 35 |
3 files changed, 50 insertions, 43 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index d9154cca6f..ff004bbabd 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1962,9 +1962,9 @@ BOOL parse_lpq_entry(int snum,char *line, #if OLD_NTDOMAIN BOOL nt_printing_init(void); -int get_ntforms(nt_forms_struct **list); +int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list); int write_ntforms(nt_forms_struct **list, int number); -BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count); +BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count); BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret); void update_a_form(nt_forms_struct **list, const FORM *form, int count); int get_ntdrivers(fstring **list, char *architecture, uint32 version); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a2337c25f3..8614c55e82 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -52,10 +52,10 @@ static nt_forms_struct default_forms[] = { {"Letter", 0x2, 0x34b5b, 0x44367, 0x0, 0x0, 0x34b5b, 0x44367}, }; - /**************************************************************************** open the NT printing tdb ****************************************************************************/ + BOOL nt_printing_init(void) { static pid_t local_pid; @@ -81,14 +81,15 @@ BOOL nt_printing_init(void) return True; } - /**************************************************************************** -get a form struct list +get a form struct list. Returns talloc'ed memory. ****************************************************************************/ -int get_ntforms(nt_forms_struct **list) + +int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) { TDB_DATA kbuf, newkey, dbuf; nt_forms_struct form; + nt_forms_struct *list_p = NULL; int ret; int i; int n = 0; @@ -110,25 +111,37 @@ int get_ntforms(nt_forms_struct **list) /* allocate space and populate the list in correct order */ if (i+1 > n) { - *list = Realloc(*list, sizeof(nt_forms_struct)*(i+1)); + list_p = Realloc(list_p, sizeof(nt_forms_struct)*(i+1)); + if (!list_p) + return 0; n = i+1; } - (*list)[i] = form; + list_p[i] = form; } /* we should never return a null forms list or NT gets unhappy */ if (n == 0) { - *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); + list_p = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); + if (!list_p) + return 0; n = sizeof(default_forms) / sizeof(default_forms[0]); } + *list = NULL; + if (list_p) { + *list = (nt_forms_struct *)talloc_memdup(ctx, list_p, n * sizeof(nt_forms_struct) ); + free(list_p); + } + if (!*list) + return 0; return n; } /**************************************************************************** write a form struct list ****************************************************************************/ + int write_ntforms(nt_forms_struct **list, int number) { pstring buf, key; @@ -142,23 +155,26 @@ int write_ntforms(nt_forms_struct **list, int number) i, (*list)[i].flag, (*list)[i].width, (*list)[i].length, (*list)[i].left, (*list)[i].top, (*list)[i].right, (*list)[i].bottom); - if (len > sizeof(buf)) break; + if (len > sizeof(buf)) + break; slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[i].name); dos_to_unix(key, True); /* Convert key to unix-codepage */ kbuf.dsize = strlen(key)+1; kbuf.dptr = key; dbuf.dsize = len; dbuf.dptr = buf; - if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) break; - } + if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) + break; + } - return i; + return i; } /**************************************************************************** add a form struct at the end of the list ****************************************************************************/ -BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) + +BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count) { int n=0; BOOL update; @@ -182,8 +198,14 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) } if (update==False) { - if((*list=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) + /* We can't realloc a talloc memory area. */ + nt_forms_struct *new_list = (nt_forms_struct *)talloc(ctx, (n+1)*sizeof(nt_forms_struct) ); + if (!new_list) return False; + + memcpy(new_list, *list, n*sizeof(nt_forms_struct) ); + *list = new_list; + unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1); (*count)++; } @@ -202,6 +224,7 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) /**************************************************************************** delete a named form struct ****************************************************************************/ + BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret) { pstring key; @@ -250,6 +273,7 @@ BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 /**************************************************************************** update a form struct ****************************************************************************/ + void update_a_form(nt_forms_struct **list, const FORM *form, int count) { int n=0; @@ -257,8 +281,7 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count) unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1); DEBUG(106, ("[%s]\n", form_name)); - for (n=0; n<count; n++) - { + for (n=0; n<count; n++) { DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name)); if (!strncmp((*list)[n].name, form_name, strlen(form_name))) break; @@ -280,6 +303,7 @@ get the nt drivers list traverse the database and look-up the matching names ****************************************************************************/ + int get_ntdrivers(fstring **list, char *architecture, uint32 version) { int total=0; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 341117f346..01055f4e71 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -5278,14 +5278,14 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - *numofforms = get_ntforms(&list); + *numofforms = get_ntforms(p->mem_ctx, &list); DEBUGADD(5,("Number of forms [%d]\n", *numofforms)); if (*numofforms == 0) return ERROR_NO_MORE_ITEMS; switch (level) { case 1: - if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) { + if ((forms_1=(FORM_1 *)talloc(p->mem_ctx, *numofforms * sizeof(FORM_1))) == NULL) { *numofforms=0; return ERROR_NOT_ENOUGH_MEMORY; } @@ -5296,8 +5296,6 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E fill_form_1(&forms_1[i], &list[i]); } - safe_free(list); - /* check the required size. */ for (i=0; i<*numofforms; i++) { DEBUGADD(6,("adding form [%d]'s size\n",i)); @@ -5306,10 +5304,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E *needed=buffer_size; - if (!alloc_buffer_size(buffer, buffer_size)){ - safe_free(forms_1); + if (!alloc_buffer_size(buffer, buffer_size)) return ERROR_INSUFFICIENT_BUFFER; - } /* fill the buffer with the form structures */ for (i=0; i<*numofforms; i++) { @@ -5317,8 +5313,6 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E new_smb_io_form_1("", buffer, &forms_1[i], 0); } - safe_free(forms_1); - if (*needed > offered) { *numofforms=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5327,10 +5321,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E return NT_STATUS_NO_PROBLEMO; default: - safe_free(list); return ERROR_INVALID_LEVEL; } - } /**************************************************************************** @@ -5361,7 +5353,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - numofforms = get_ntforms(&list); + numofforms = get_ntforms(p->mem_ctx, &list); DEBUGADD(5,("Number of forms [%d]\n", numofforms)); if (numofforms == 0) @@ -5382,8 +5374,6 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * } } - safe_free(list); - /* check the required size. */ *needed=spoolss_size_form_1(&form_1); @@ -5403,7 +5393,6 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * return NT_STATUS_NO_PROBLEMO; default: - safe_free(list); return ERROR_INVALID_LEVEL; } } @@ -6181,14 +6170,12 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM return ERROR_INVALID_HANDLE; } - count=get_ntforms(&list); - if(!add_a_form(&list, form, &count)) + count=get_ntforms(p->mem_ctx, &list); + if(!add_a_form(p->mem_ctx, &list, form, &count)) return ERROR_NOT_ENOUGH_MEMORY; write_ntforms(&list, count); - safe_free(list); - - return 0x0; + return NT_STATUS_NOPROBLEMO; } /**************************************************************************** @@ -6211,12 +6198,10 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE return ERROR_INVALID_HANDLE; } - count = get_ntforms(&list); + count = get_ntforms(p->mem_ctx, &list); if(!delete_a_form(&list, form_name, &count, &ret)) return ERROR_INVALID_PARAMETER; - safe_free(list); - return ret; } @@ -6240,12 +6225,10 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM * DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - count=get_ntforms(&list); + count=get_ntforms(p->mem_ctx, &list); update_a_form(&list, form, count); write_ntforms(&list, count); - safe_free(list); - return 0x0; } |