From fdc2ab72f7a524b43c7fe03e17cf4817fc3730a2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 3 Aug 2005 22:07:57 +0000 Subject: r9021: Fix smbd-crash bug in openprinter (found by samba4 smbtorture RPC-SPOOLSS). Guenther (This used to be commit 06bfe789d54a12dfa3c46e9777f96ff7e162a9db) --- source3/rpc_server/srv_spoolss_nt.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_spoolss_nt.c') diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index bec67daa3e..692dacf159 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1488,19 +1488,23 @@ static void copy_printer_default(TALLOC_CTX *ctx, PRINTER_DEFAULT *new_def, PRIN * SPOOL_Q_OPEN_PRINTER_EX structure ********************************************************************/ -static void convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u) +static WERROR convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u) { if (!q_u_ex || !q_u) - return; + return WERR_OK; DEBUG(8,("convert_to_openprinterex\n")); if ( q_u->printername ) { - q_u_ex->printername = TALLOC_P( ctx, UNISTR2 ); + q_u_ex->printername = TALLOC_ZERO_P( ctx, UNISTR2 ); + if (q_u_ex->printername == NULL) + return WERR_NOMEM; copy_unistr2(q_u_ex->printername, q_u->printername); } copy_printer_default(ctx, &q_u_ex->printer_default, &q_u->printer_default); + + return WERR_OK; } /******************************************************************** @@ -1522,7 +1526,9 @@ WERROR _spoolss_open_printer(pipes_struct *p, SPOOL_Q_OPEN_PRINTER *q_u, SPOOL_R /* convert the OpenPrinter() call to OpenPrinterEx() */ - convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u); + r_u_ex.status = convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u); + if (!W_ERROR_IS_OK(r_u_ex.status)) + return r_u_ex.status; r_u_ex.status = _spoolss_open_printer_ex(p, &q_u_ex, &r_u_ex); -- cgit