diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/util_unistr.c | 4 | ||||
-rw-r--r-- | source3/rpc_parse/parse_spoolss.c | 28 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 45 |
3 files changed, 44 insertions, 33 deletions
diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c index 2c721aeb47..c0701f0427 100644 --- a/source3/lib/util_unistr.c +++ b/source3/lib/util_unistr.c @@ -258,13 +258,13 @@ void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen) uint16 ucs2_val; uint16 cp_val; - c = *(src++); + c = *src; if (c == 0) { break; } - ucs2_val = SVAL(src,0); + ucs2_val = SVAL(src++,0); cp_val = ucs2_to_doscp[ucs2_val]; if (cp_val < 256) diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index a6f72a3181..de998267b3 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -772,22 +772,30 @@ BOOL spoolss_io_q_getprinterdata(char *desc, SPOOL_Q_GETPRINTERDATA *q_u, prs_st ********************************************************************/ BOOL spoolss_io_r_getprinterdata(char *desc, SPOOL_R_GETPRINTERDATA *r_u, prs_struct *ps, int depth) { - if (r_u == NULL) return False; + if (r_u == NULL) + return False; prs_debug(ps, depth, desc, "spoolss_io_r_getprinterdata"); depth++; - prs_align(ps); - prs_uint32("type", ps, depth, &(r_u->type)); - prs_uint32("size", ps, depth, &(r_u->size)); + if (!prs_align(ps)) + return False; + if (!prs_uint32("type", ps, depth, &(r_u->type))) + return False; + if (!prs_uint32("size", ps, depth, &(r_u->size))) + return False; - prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size); - prs_align(ps); + if (!prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size)) + return False; + + if (!prs_align(ps)) + return False; - prs_uint32("needed", ps, depth, &(r_u->needed)); - prs_uint32("status", ps, depth, &(r_u->status)); - prs_align(ps); - + if (!prs_uint32("needed", ps, depth, &(r_u->needed))) + return False; + if (!prs_uint32("status", ps, depth, &(r_u->status))) + return False; + return True; } diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index db48fa42ff..d25281cea5 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -537,15 +537,17 @@ uint32 _spoolss_closeprinter(POLICY_HND *handle) /******************************************************************** ********************************************************************/ -static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **data, uint32 *needed) +static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size) { int i; + + DEBUG(8,("getprinterdata_printer_server:%s\n", value)); if (!strcmp(value, "BeepEnabled")) { *type = 0x4; *data = (uint8 *)malloc( 4*sizeof(uint8) ); - SIVAL(data, 0, 0x01); + SIVAL(*data, 0, 0x01); *needed = 0x4; return True; } @@ -554,7 +556,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d { *type = 0x4; *data = (uint8 *)malloc( 4*sizeof(uint8) ); - SIVAL(data, 0, 0x1B); + SIVAL(*data, 0, 0x1B); *needed = 0x4; return True; } @@ -563,7 +565,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d { *type = 0x4; *data = (uint8 *)malloc( 4*sizeof(uint8) ); - SIVAL(data, 0, 0x01); + SIVAL(*data, 0, 0x01); *needed = 0x4; return True; } @@ -572,23 +574,23 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d { *type = 0x4; *data = (uint8 *)malloc( 4*sizeof(uint8) ); - SIVAL(data, 0, 0x02); + SIVAL(*data, 0, 0x02); *needed = 0x4; return True; } if (!strcmp(value, "DefaultSpoolDirectory")) { - pstring directory="You are using a Samba server"; + pstring string="You are using a Samba server"; *type = 0x1; - *needed = 2*(strlen(directory)+1); - *data = (uint8 *)malloc(*needed *sizeof(uint8)); + *needed = 2*(strlen(string)+1); + *data = (uint8 *)malloc( ((*needed > in_size) ? *needed:in_size) *sizeof(uint8)); ZERO_STRUCTP(*data); /* it's done by hand ready to go on the wire */ - for (i=0; i<strlen(directory); i++) + for (i=0; i<strlen(string); i++) { - (*data)[2*i]=directory[i]; + (*data)[2*i]=string[i]; (*data)[2*i+1]='\0'; } return True; @@ -596,14 +598,14 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d if (!strcmp(value, "Architecture")) { - pstring directory="Windows NT x86"; + pstring string="Windows NT x86"; *type = 0x1; - *needed = 2*(strlen(directory)+1); - *data = (uint8 *)malloc(*needed *sizeof(uint8)); + *needed = 2*(strlen(string)+1); + *data = (uint8 *)malloc( ((*needed > in_size) ? *needed:in_size) *sizeof(uint8)); ZERO_STRUCTP(*data); - for (i=0; i<strlen(directory); i++) + for (i=0; i<strlen(string); i++) { - (*data)[2*i]=directory[i]; + (*data)[2*i]=string[i]; (*data)[2*i+1]='\0'; } return True; @@ -616,7 +618,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 *type, uint8 **d ********************************************************************/ static BOOL getprinterdata_printer(const POLICY_HND *handle, fstring value, uint32 *type, - uint8 **data, uint32 *needed ) + uint8 **data, uint32 *needed, uint32 in_size ) { NT_PRINTER_INFO_LEVEL printer; int pnum=0; @@ -634,9 +636,9 @@ static BOOL getprinterdata_printer(const POLICY_HND *handle, if (get_specific_param(printer, 2, value, &idata, type, &len)) { - *data = (uint8 *)malloc( len*sizeof(uint8) ); + *data = (uint8 *)malloc( (len>in_size)?len:in_size *sizeof(uint8) ); bzero(*data, sizeof(uint8)*len); - memcpy(*data, idata, len); + memcpy(*data, idata, (len>in_size)?len:in_size); *needed = len; if (idata) free(idata); @@ -659,7 +661,7 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename, uint32 *needed) { fstring value; - BOOL found; + BOOL found=False; int pnum = find_printer_index_by_hnd(handle); /* @@ -675,6 +677,7 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename, *needed=in_size; *type=4; + DEBUG(4,("_spoolss_getprinterdata\n")); if (!OPEN_HANDLE(pnum)) { *data=(uint8 *)malloc(4*sizeof(uint8)); @@ -684,9 +687,9 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename, unistr2_to_ascii(value, valuename, sizeof(value)-1); if (handle_is_printserver(handle)) - found=getprinterdata_printer_server(value, type, data, needed); + found=getprinterdata_printer_server(value, type, data, needed, *out_size); else - found=getprinterdata_printer(handle, value, type, data, needed); + found=getprinterdata_printer(handle, value, type, data, needed, *out_size); if (found==False) { /* reply this param doesn't exist */ |