diff options
Diffstat (limited to 'source3/rpc_parse/parse_spoolss.c')
-rw-r--r-- | source3/rpc_parse/parse_spoolss.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index a6f46285eb..868d90ae74 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -22,7 +22,6 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - #include "includes.h" extern int DEBUGLEVEL; @@ -384,9 +383,31 @@ BOOL smb_io_notify_info_data_strings(char *desc,SPOOL_NOTIFY_INFO_DATA *data, return False; if (MARSHALLING(ps)) { /* These are already in little endian format. Don't byte swap. */ - if(!prs_uint8s(True,"string",ps,depth,(uint8 *)data->notify_data.data.string,x*2)) - return False; + if (x == 1) { + + /* No memory allocated for this string + therefore following the data.string + pointer is a bad idea. Use a pointer to + the uint32 length union member to + provide a source for a unicode NULL */ + + if(!prs_uint8s(True,"string",ps,depth, (uint8 *)&data->notify_data.data.length,x*2)) + return False; + } else { + if(!prs_uint8s(True,"string",ps,depth,(uint8 *)data->notify_data.data.string,x*2)) + return False; + } } else { + + /* Tallocate memory for string */ + + DEBUG(0, ("** tallocating memory\n")); + + data->notify_data.data.string = (uint16 *) + talloc(ps->mem_ctx, x * 2); + if (!data->notify_data.data.string) + return False; + if(!prs_uint16s(True,"string",ps,depth,data->notify_data.data.string,x)) return False; } @@ -5753,10 +5774,7 @@ static JOB_INFO_2 *job2_dup(const JOB_INFO_2* from) void free_job_info_2(JOB_INFO_2 *job) { if (job!=NULL) - { free_devmode(job->devmode); - free(job); - } } void free_job2_array(uint32 num_entries, JOB_INFO_2 **entries) |