From 33c6a4eb8a0017db9d7b3cc337142fd1d08b5da5 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 11 Oct 2010 11:33:23 +0200
Subject: s3-spoolss: add more userlevel info validation to
 _spoolss_OpenPrinterEx.

Guenther
---
 source3/rpc_server/srv_spoolss_nt.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 2880013571..3783d0fba7 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1693,6 +1693,15 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 		return WERR_INVALID_PARAM;
 	}
 
+	if (r->in.level < 0 || r->in.level > 3) {
+		return WERR_INVALID_PARAM;
+	}
+	if ((r->in.level == 1 && !r->in.userlevel.level1) ||
+	    (r->in.level == 2 && !r->in.userlevel.level2) ||
+	    (r->in.level == 3 && !r->in.userlevel.level3)) {
+		return WERR_INVALID_PARAM;
+	}
+
 	/* some sanity check because you can open a printer or a print server */
 	/* aka: \\server\printer or \\server */
 
-- 
cgit