diff options
-rw-r--r-- | source3/lib/util_tdb.c | 19 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 7 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 8 | ||||
-rw-r--r-- | source3/printing/printing.c | 10 |
4 files changed, 29 insertions, 15 deletions
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c index 35c1a92ad5..ce2cb427d1 100644 --- a/source3/lib/util_tdb.c +++ b/source3/lib/util_tdb.c @@ -561,14 +561,14 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...) int len; int *i; void **p; - char *s, **b; + char *s, **b, **ps; char c; const uint8 *buf0 = buf; const char *fmt0 = fmt; int bufsize0 = bufsize; va_start(ap, fmt); - + while (*fmt) { switch ((c=*fmt++)) { case 'b': @@ -597,7 +597,7 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...) p = va_arg(ap, void **); if (bufsize < len) goto no_space; - /* + /* * This isn't a real pointer - only a token (1 or 0) * to mark the fact a pointer is present. */ @@ -605,11 +605,10 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...) *p = (void *)(IVAL(buf, 0) ? (void *)1 : NULL); break; case 'P': - s = va_arg(ap,char *); + /* Return malloc'ed string. */ + ps = va_arg(ap,char **); len = strlen((const char *)buf) + 1; - if (bufsize < len || len > sizeof(pstring)) - goto no_space; - memcpy(s, buf, len); + *ps = SMB_STRDUP((const char *)buf); break; case 'f': s = va_arg(ap,char *); @@ -638,7 +637,7 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...) memcpy(*b, buf+4, *i); break; default: - DEBUG(0,("Unknown tdb_unpack format %c in %s\n", + DEBUG(0,("Unknown tdb_unpack format %c in %s\n", c, fmt)); len = 0; @@ -651,7 +650,7 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...) va_end(ap); - DEBUG(18,("tdb_unpack(%s, %d) -> %d\n", + DEBUG(18,("tdb_unpack(%s, %d) -> %d\n", fmt0, bufsize0, (int)PTR_DIFF(buf, buf0))); return PTR_DIFF(buf, buf0); @@ -673,7 +672,7 @@ static void tdb_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, const char *fo va_start(ap, format); vasprintf(&ptr, format, ap); va_end(ap); - + if (!ptr || !*ptr) return; diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index c760198b2d..eee8aaed2d 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -484,6 +484,7 @@ static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize, TRUSTED_DOM_PASS* pass) { int idx, len = 0; + char *passp = NULL; if (!pack_buf || !pass) return -1; @@ -495,7 +496,11 @@ static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize, &pass->uni_name[idx]); len += tdb_unpack(pack_buf + len, bufsize - len, "dPd", - &pass->pass_len, &pass->pass, &pass->mod_time); + &pass->pass_len, &passp, &pass->mod_time); + if (passp) { + fstrcpy(pass->pass, passp); + } + SAFE_FREE(passp); /* unpack domain sid */ len += tdb_sid_unpack(pack_buf + len, bufsize - len, diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index c55f9f1f91..afa4bc2fd5 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -4017,6 +4017,7 @@ static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info, const char *servern TDB_DATA kbuf, dbuf; fstring printername; char adevice[MAXDEVICENAME]; + char *comment = NULL; kbuf = make_printer_tdbkey(talloc_tos(), sharename); @@ -4042,13 +4043,18 @@ static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info, const char *servern info->sharename, info->portname, info->drivername, - info->comment, + &comment, info->location, info->sepfile, info->printprocessor, info->datatype, info->parameters); + if (comment) { + strlcpy(info->comment, comment, sizeof(info->comment)); + SAFE_FREE(comment); + } + /* Samba has to have shared raw drivers. */ info->attributes |= PRINTER_ATTRIBUTE_SAMBA; info->attributes &= ~PRINTER_ATTRIBUTE_NOT_SAMBA; diff --git a/source3/printing/printing.c b/source3/printing/printing.c index d331e897f9..1613828b79 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -1352,17 +1352,19 @@ static void print_queue_receive(struct messaging_context *msg, DATA_BLOB *data) { fstring sharename; - pstring lpqcommand, lprmcommand; + char *lpqcommand = NULL, *lprmcommand = NULL; int printing_type; size_t len; len = tdb_unpack( (uint8 *)data->data, data->length, "fdPP", sharename, &printing_type, - lpqcommand, - lprmcommand ); + &lpqcommand, + &lprmcommand ); if ( len == -1 ) { + SAFE_FREE(lpqcommand); + SAFE_FREE(lprmcommand); DEBUG(0,("print_queue_receive: Got invalid print queue update message\n")); return; } @@ -1371,6 +1373,8 @@ static void print_queue_receive(struct messaging_context *msg, get_printer_fns_from_type((enum printing_types)printing_type), lpqcommand, lprmcommand ); + SAFE_FREE(lpqcommand); + SAFE_FREE(lprmcommand); return; } |