From 7d853615338e4c81a2204f57a7fc22da725f55fe Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Mar 2001 03:04:13 +0000 Subject: rpc_parse/parse_spoolss.c: Fixed memory leak introduced by restructuring. rpc_server/srv_spoolss_nt.c: Fixed problem with printer snum being read uninitialised. Jeremy. (This used to be commit 1552db715da576b41060f0d31d2c4cdec790c1d4) --- source3/rpc_parse/parse_spoolss.c | 22 +++++++++++++++++----- source3/rpc_server/srv_spoolss_nt.c | 11 +++++++---- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index 0a4375c1d4..3774a91100 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -2540,16 +2540,28 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF return True; } else { + BOOL ret = False; + /* writing */ - if (buffer->ptr==0) + if (buffer->ptr==0) { + /* We have finished with the data in buffer->prs - free it. */ + prs_mem_free(&buffer->prs); return True; - + } + if (!prs_uint32("size", ps, depth, &buffer->size)) - return False; + goto out; + if (!prs_append_some_prs_data(ps, &buffer->prs, 0, buffer->size)) - return False; + goto out; - return True; + ret = True; + out: + + /* We have finished with the data in buffer->prs - free it. */ + prs_mem_free(&buffer->prs); + + return ret; } } diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 5e666a9a7a..95bb64fef3 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -158,7 +158,7 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp) SPOOL_NOTIFY_OPTION *dup_spool_notify_option(SPOOL_NOTIFY_OPTION *sp) { - SPOOL_NOTIFY_OPTION *new_sp = malloc(sizeof(SPOOL_NOTIFY_OPTION)); + SPOOL_NOTIFY_OPTION *new_sp = NULL; if (!sp) return NULL; @@ -825,6 +825,9 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, } else if ((printer_default->access_required & SERVER_ACCESS_ADMINISTER ) == SERVER_ACCESS_ADMINISTER) { + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; + if (!lp_ms_add_printer_wizard()) { close_printer_handle(handle); return ERROR_ACCESS_DENIED; @@ -843,13 +846,13 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* NT doesn't let us connect to a printer if the connecting user doesn't have print permission. */ - if (!get_printer_snum(handle, &snum)) - return ERROR_INVALID_HANDLE; - /* map an empty access mask to the minimum access mask */ if (printer_default->access_required == 0x0) printer_default->access_required = PRINTER_ACCESS_USE; + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; + if (!print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(handle); -- cgit