summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/util_unistr.c4
-rw-r--r--source3/rpc_parse/parse_spoolss.c28
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c45
3 files changed, 44 insertions, 33 deletions
diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index 2c721aeb47..c0701f0427 100644
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -258,13 +258,13 @@ void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen)
uint16 ucs2_val;
uint16 cp_val;
- c = *(src++);
+ c = *src;
if (c == 0)
{
break;
}
- ucs2_val = SVAL(src,0);
+ ucs2_val = SVAL(src++,0);
cp_val = ucs2_to_doscp[ucs2_val];
if (cp_val < 256)
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index a6f72a3181..de998267b3 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -772,22 +772,30 @@ BOOL spoolss_io_q_getprinterdata(char *desc, SPOOL_Q_GETPRINTERDATA *q_u, prs_st
********************************************************************/
BOOL spoolss_io_r_getprinterdata(char *desc, SPOOL_R_GETPRINTERDATA *r_u, prs_struct *ps, int depth)
{
- if (r_u == NULL) return False;
+ if (r_u == NULL)
+ return False;
prs_debug(ps, depth, desc, "spoolss_io_r_getprinterdata");
depth++;
- prs_align(ps);
- prs_uint32("type", ps, depth, &(r_u->type));
- prs_uint32("size", ps, depth, &(r_u->size));
+ if (!prs_align(ps))
+ return False;
+ if (!prs_uint32("type", ps, depth, &(r_u->type)))
+ return False;
+ if (!prs_uint32("size", ps, depth, &(r_u->size)))
+ return False;
- prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size);
- prs_align(ps);
+ if (!prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size))
+ return False;
+
+ if (!prs_align(ps))
+ return False;
- prs_uint32("needed", ps, depth, &(r_u->needed));
- prs_uint32("status", ps, depth, &(r_u->status));
- prs_align(ps);
-
+ if (!prs_uint32("needed", ps, depth, &(r_u->needed)))
+ return False;
+ if (!prs_uint32("status", ps, depth, &(r_u->status)))
+ return False;
+
return True;
}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index db48fa42ff..d25281cea5 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -537,15 +537,17 @@ uint32 _spoolss_closeprinter(POLICY_HND *handle)
/********************************************************************
********************************************************************/
-static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **data, uint32 *needed)
+static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size)
{
int i;
+
+ DEBUG(8,("getprinterdata_printer_server:%s\n", value));
if (!strcmp(value, "BeepEnabled"))
{
*type = 0x4;
*data = (uint8 *)malloc( 4*sizeof(uint8) );
- SIVAL(data, 0, 0x01);
+ SIVAL(*data, 0, 0x01);
*needed = 0x4;
return True;
}
@@ -554,7 +556,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d
{
*type = 0x4;
*data = (uint8 *)malloc( 4*sizeof(uint8) );
- SIVAL(data, 0, 0x1B);
+ SIVAL(*data, 0, 0x1B);
*needed = 0x4;
return True;
}
@@ -563,7 +565,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d
{
*type = 0x4;
*data = (uint8 *)malloc( 4*sizeof(uint8) );
- SIVAL(data, 0, 0x01);
+ SIVAL(*data, 0, 0x01);
*needed = 0x4;
return True;
}
@@ -572,23 +574,23 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d
{
*type = 0x4;
*data = (uint8 *)malloc( 4*sizeof(uint8) );
- SIVAL(data, 0, 0x02);
+ SIVAL(*data, 0, 0x02);
*needed = 0x4;
return True;
}
if (!strcmp(value, "DefaultSpoolDirectory"))
{
- pstring directory="You are using a Samba server";
+ pstring string="You are using a Samba server";
*type = 0x1;
- *needed = 2*(strlen(directory)+1);
- *data = (uint8 *)malloc(*needed *sizeof(uint8));
+ *needed = 2*(strlen(string)+1);
+ *data = (uint8 *)malloc( ((*needed > in_size) ? *needed:in_size) *sizeof(uint8));
ZERO_STRUCTP(*data);
/* it's done by hand ready to go on the wire */
- for (i=0; i<strlen(directory); i++)
+ for (i=0; i<strlen(string); i++)
{
- (*data)[2*i]=directory[i];
+ (*data)[2*i]=string[i];
(*data)[2*i+1]='\0';
}
return True;
@@ -596,14 +598,14 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d
if (!strcmp(value, "Architecture"))
{
- pstring directory="Windows NT x86";
+ pstring string="Windows NT x86";
*type = 0x1;
- *needed = 2*(strlen(directory)+1);
- *data = (uint8 *)malloc(*needed *sizeof(uint8));
+ *needed = 2*(strlen(string)+1);
+ *data = (uint8 *)malloc( ((*needed > in_size) ? *needed:in_size) *sizeof(uint8));
ZERO_STRUCTP(*data);
- for (i=0; i<strlen(directory); i++)
+ for (i=0; i<strlen(string); i++)
{
- (*data)[2*i]=directory[i];
+ (*data)[2*i]=string[i];
(*data)[2*i+1]='\0';
}
return True;
@@ -616,7 +618,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d
********************************************************************/
static BOOL getprinterdata_printer(const POLICY_HND *handle,
fstring value, uint32 *type,
- uint8 **data, uint32 *needed )
+ uint8 **data, uint32 *needed, uint32 in_size )
{
NT_PRINTER_INFO_LEVEL printer;
int pnum=0;
@@ -634,9 +636,9 @@ static BOOL getprinterdata_printer(const POLICY_HND *handle,
if (get_specific_param(printer, 2, value, &idata, type, &len))
{
- *data = (uint8 *)malloc( len*sizeof(uint8) );
+ *data = (uint8 *)malloc( (len>in_size)?len:in_size *sizeof(uint8) );
bzero(*data, sizeof(uint8)*len);
- memcpy(*data, idata, len);
+ memcpy(*data, idata, (len>in_size)?len:in_size);
*needed = len;
if (idata) free(idata);
@@ -659,7 +661,7 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename,
uint32 *needed)
{
fstring value;
- BOOL found;
+ BOOL found=False;
int pnum = find_printer_index_by_hnd(handle);
/*
@@ -675,6 +677,7 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename,
*needed=in_size;
*type=4;
+ DEBUG(4,("_spoolss_getprinterdata\n"));
if (!OPEN_HANDLE(pnum)) {
*data=(uint8 *)malloc(4*sizeof(uint8));
@@ -684,9 +687,9 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename,
unistr2_to_ascii(value, valuename, sizeof(value)-1);
if (handle_is_printserver(handle))
- found=getprinterdata_printer_server(value, type, data, needed);
+ found=getprinterdata_printer_server(value, type, data, needed, *out_size);
else
- found=getprinterdata_printer(handle, value, type, data, needed);
+ found=getprinterdata_printer(handle, value, type, data, needed, *out_size);
if (found==False) {
/* reply this param doesn't exist */