summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c69
1 files changed, 50 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index f002ceabd2..023c9a1203 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -915,20 +915,24 @@ static BOOL convert_printer_info(const SPOOL_PRINTER_INFO_LEVEL *uni,
static BOOL convert_printer_driver_info(const SPOOL_PRINTER_DRIVER_INFO_LEVEL *uni,
NT_PRINTER_DRIVER_INFO_LEVEL *printer, uint32 level)
{
+ BOOL result = True;
+
switch (level) {
case 3:
printer->info_3=NULL;
- uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3);
+ if (!uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3))
+ result = False;
break;
case 6:
printer->info_6=NULL;
- uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6);
+ if (!uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6))
+ result = False;
break;
default:
break;
}
- return True;
+ return result;
}
BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode,
@@ -2200,7 +2204,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
uint16 type;
uint16 field;
- SPOOL_NOTIFY_INFO_DATA *current_data;
+ SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
NT_PRINTER_INFO_LEVEL *printer = NULL;
print_queue_struct *queue=NULL;
@@ -2220,9 +2224,12 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
if (!search_notify(type, field, &j) )
continue;
- if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ DEBUG(0,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
return False;
}
+ else info->data = tid;
+
current_data=&info->data[info->count];
construct_info_data(current_data, type, field, id);
@@ -2256,7 +2263,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
uint16 type;
uint16 field;
- SPOOL_NOTIFY_INFO_DATA *current_data;
+ SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
DEBUG(4,("construct_notify_jobs_info\n"));
@@ -2272,9 +2279,11 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
if (!search_notify(type, field, &j) )
continue;
- if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ DEBUG(0,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
return False;
}
+ else info->data = tid;
current_data=&(info->data[info->count]);
@@ -2877,7 +2886,7 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of
int snum;
int i;
int n_services=lp_numservices();
- PRINTER_INFO_1 *printers=NULL;
+ PRINTER_INFO_1 *tp, *printers=NULL;
PRINTER_INFO_1 current_prt;
DEBUG(4,("enum_all_printers_info_1\n"));
@@ -2887,10 +2896,13 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of
DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
if (construct_printer_info_1(flags, &current_prt, snum)) {
- if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
+ if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
+ DEBUG(0,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
+ safe_free(printers);
*returned=0;
return ERRnomem;
}
+ else printers = tp;
DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned));
memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_1));
(*returned)++;
@@ -3024,7 +3036,7 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32
int snum;
int i;
int n_services=lp_numservices();
- PRINTER_INFO_2 *printers=NULL;
+ PRINTER_INFO_2 *tp, *printers=NULL;
PRINTER_INFO_2 current_prt;
for (snum=0; snum<n_services; snum++) {
@@ -3032,8 +3044,13 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32
DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
if (construct_printer_info_2(&current_prt, snum)) {
- if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL)
+ if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) {
+ DEBUG(0,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
+ safe_free(printers);
+ *returned = 0;
return ERRnomem;
+ }
+ else printers = tp;
DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned));
memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_2));
(*returned)++;
@@ -3460,6 +3477,7 @@ static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *ser
int j=0;
char *v;
pstring line;
+ uint16 *tuary;
DEBUG(6,("init_unistr_array\n"));
*uni_array=NULL;
@@ -3474,10 +3492,11 @@ static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *ser
if (strlen(v) == 0) break;
slprintf(line, sizeof(line)-1, "\\\\%s%s", servername, v);
DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line)));
- if((*uni_array=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) {
+ if((tuary=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) {
DEBUG(0,("init_unistr_array: Realloc error\n" ));
return;
}
+ else *uni_array = tuary;
j += (rpcstr_push((*uni_array+j), line, sizeof(uint16)*strlen(line)+2, 0)/ sizeof(uint16));
i++;
}
@@ -4984,7 +5003,7 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_1 *driver_info_1=NULL;
+ DRIVER_INFO_1 *tdi1, *driver_info_1=NULL;
*returned=0;
@@ -4999,10 +5018,13 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture
return ERRnomem;
if(ndrivers != 0) {
- if((driver_info_1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) {
+ if((tdi1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) {
+ DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
+ safe_free(driver_info_1);
safe_free(list);
return ERRnomem;
}
+ else driver_info_1 = tdi1;
}
for (i=0; i<ndrivers; i++) {
@@ -5059,7 +5081,7 @@ static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_2 *driver_info_2=NULL;
+ DRIVER_INFO_2 *tdi2, *driver_info_2=NULL;
*returned=0;
@@ -5074,10 +5096,13 @@ static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture
return ERRnomem;
if(ndrivers != 0) {
- if((driver_info_2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) {
+ if((tdi2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) {
+ DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
+ safe_free(driver_info_2);
safe_free(list);
return ERRnomem;
}
+ else driver_info_2 = tdi2;
}
for (i=0; i<ndrivers; i++) {
@@ -5135,7 +5160,7 @@ static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_3 *driver_info_3=NULL;
+ DRIVER_INFO_3 *tdi3, *driver_info_3=NULL;
*returned=0;
@@ -5150,10 +5175,13 @@ static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture
return ERRnomem;
if(ndrivers != 0) {
- if((driver_info_3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) {
+ if((tdi3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) {
+ DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
+ safe_free(driver_info_3);
safe_free(list);
return ERRnomem;
}
+ else driver_info_3 = tdi3;
}
for (i=0; i<ndrivers; i++) {
@@ -5811,7 +5839,10 @@ uint32 _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u,
get_current_user(&user, p);
- convert_printer_driver_info(info, &driver, level);
+ if (!convert_printer_driver_info(info, &driver, level)) {
+ err = ERRnomem;
+ goto done;
+ }
DEBUG(5,("Cleaning driver's information\n"));
if ((err = clean_up_driver_struct(driver, level, &user)) != ERRsuccess )