diff options
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 69 |
1 files changed, 50 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index f002ceabd2..023c9a1203 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -915,20 +915,24 @@ static BOOL convert_printer_info(const SPOOL_PRINTER_INFO_LEVEL *uni, static BOOL convert_printer_driver_info(const SPOOL_PRINTER_DRIVER_INFO_LEVEL *uni, NT_PRINTER_DRIVER_INFO_LEVEL *printer, uint32 level) { + BOOL result = True; + switch (level) { case 3: printer->info_3=NULL; - uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3); + if (!uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3)) + result = False; break; case 6: printer->info_6=NULL; - uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6); + if (!uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6)) + result = False; break; default: break; } - return True; + return result; } BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode, @@ -2200,7 +2204,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int uint16 type; uint16 field; - SPOOL_NOTIFY_INFO_DATA *current_data; + SPOOL_NOTIFY_INFO_DATA *current_data, *tid; NT_PRINTER_INFO_LEVEL *printer = NULL; print_queue_struct *queue=NULL; @@ -2220,9 +2224,12 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int if (!search_notify(type, field, &j) ) continue; - if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + DEBUG(0,("construct_notify_printer_info: failed to enlarge buffer info->data!\n")); return False; } + else info->data = tid; + current_data=&info->data[info->count]; construct_info_data(current_data, type, field, id); @@ -2256,7 +2263,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, uint16 type; uint16 field; - SPOOL_NOTIFY_INFO_DATA *current_data; + SPOOL_NOTIFY_INFO_DATA *current_data, *tid; DEBUG(4,("construct_notify_jobs_info\n")); @@ -2272,9 +2279,11 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, if (!search_notify(type, field, &j) ) continue; - if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + DEBUG(0,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n")); return False; } + else info->data = tid; current_data=&(info->data[info->count]); @@ -2877,7 +2886,7 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of int snum; int i; int n_services=lp_numservices(); - PRINTER_INFO_1 *printers=NULL; + PRINTER_INFO_1 *tp, *printers=NULL; PRINTER_INFO_1 current_prt; DEBUG(4,("enum_all_printers_info_1\n")); @@ -2887,10 +2896,13 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); if (construct_printer_info_1(flags, ¤t_prt, snum)) { - if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) { + if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) { + DEBUG(0,("enum_all_printers_info_1: failed to enlarge printers buffer!\n")); + safe_free(printers); *returned=0; return ERRnomem; } + else printers = tp; DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned)); memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_1)); (*returned)++; @@ -3024,7 +3036,7 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32 int snum; int i; int n_services=lp_numservices(); - PRINTER_INFO_2 *printers=NULL; + PRINTER_INFO_2 *tp, *printers=NULL; PRINTER_INFO_2 current_prt; for (snum=0; snum<n_services; snum++) { @@ -3032,8 +3044,13 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32 DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); if (construct_printer_info_2(¤t_prt, snum)) { - if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) + if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) { + DEBUG(0,("enum_all_printers_info_2: failed to enlarge printers buffer!\n")); + safe_free(printers); + *returned = 0; return ERRnomem; + } + else printers = tp; DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned)); memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_2)); (*returned)++; @@ -3460,6 +3477,7 @@ static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *ser int j=0; char *v; pstring line; + uint16 *tuary; DEBUG(6,("init_unistr_array\n")); *uni_array=NULL; @@ -3474,10 +3492,11 @@ static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *ser if (strlen(v) == 0) break; slprintf(line, sizeof(line)-1, "\\\\%s%s", servername, v); DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line))); - if((*uni_array=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) { + if((tuary=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) { DEBUG(0,("init_unistr_array: Realloc error\n" )); return; } + else *uni_array = tuary; j += (rpcstr_push((*uni_array+j), line, sizeof(uint16)*strlen(line)+2, 0)/ sizeof(uint16)); i++; } @@ -4984,7 +5003,7 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture fstring *list = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; - DRIVER_INFO_1 *driver_info_1=NULL; + DRIVER_INFO_1 *tdi1, *driver_info_1=NULL; *returned=0; @@ -4999,10 +5018,13 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture return ERRnomem; if(ndrivers != 0) { - if((driver_info_1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) { + if((tdi1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) { + DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n")); + safe_free(driver_info_1); safe_free(list); return ERRnomem; } + else driver_info_1 = tdi1; } for (i=0; i<ndrivers; i++) { @@ -5059,7 +5081,7 @@ static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture fstring *list = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; - DRIVER_INFO_2 *driver_info_2=NULL; + DRIVER_INFO_2 *tdi2, *driver_info_2=NULL; *returned=0; @@ -5074,10 +5096,13 @@ static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture return ERRnomem; if(ndrivers != 0) { - if((driver_info_2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) { + if((tdi2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) { + DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n")); + safe_free(driver_info_2); safe_free(list); return ERRnomem; } + else driver_info_2 = tdi2; } for (i=0; i<ndrivers; i++) { @@ -5135,7 +5160,7 @@ static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture fstring *list = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; - DRIVER_INFO_3 *driver_info_3=NULL; + DRIVER_INFO_3 *tdi3, *driver_info_3=NULL; *returned=0; @@ -5150,10 +5175,13 @@ static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture return ERRnomem; if(ndrivers != 0) { - if((driver_info_3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) { + if((tdi3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) { + DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n")); + safe_free(driver_info_3); safe_free(list); return ERRnomem; } + else driver_info_3 = tdi3; } for (i=0; i<ndrivers; i++) { @@ -5811,7 +5839,10 @@ uint32 _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, get_current_user(&user, p); - convert_printer_driver_info(info, &driver, level); + if (!convert_printer_driver_info(info, &driver, level)) { + err = ERRnomem; + goto done; + } DEBUG(5,("Cleaning driver's information\n")); if ((err = clean_up_driver_struct(driver, level, &user)) != ERRsuccess ) |