From 9b43bd3b62733992d06b6d8e602364efa816685c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Jun 2005 16:32:12 +0000 Subject: r7613: small changes to _svcctl_open_service() and create_open_service_handle() to prevent invalid service names from being accepted; printmig.exe now migrates drivers successfully (This used to be commit dafb32c01f06c42f44aeb0d16681c5def4903244) --- source3/rpc_server/srv_svcctl_nt.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 230a222b8d..2685377772 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -171,6 +171,7 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, const char *service, uint32 access_granted ) { SERVICE_INFO *info = NULL; + WERROR result = WERR_OK; if ( !(info = SMB_MALLOC_P( SERVICE_INFO )) ) return WERR_NOMEM; @@ -186,16 +187,23 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, info->type = SVC_HANDLE_IS_SERVICE; - if ( !(info->name = SMB_STRDUP( service )) ) { - free_service_handle_info( info ); - WERR_NOMEM; - } - /* lookup the SERVICE_CONTROL_OPS */ for ( i=0; svcctl_ops[i].name; i++ ) { - if ( strequal( svcctl_ops[i].name, service ) ) + if ( strequal( svcctl_ops[i].name, service ) ) { info->ops = svcctl_ops[i].ops; + break; + } + } + + if ( !svcctl_ops[i].name ) { + result = WERR_NO_SUCH_SERVICE; + goto done; + } + + if ( !(info->name = SMB_STRDUP( service )) ) { + result = WERR_NOMEM; + goto done; } } @@ -204,11 +212,15 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, /* store the SERVICE_INFO and create an open handle */ if ( !create_policy_hnd( p, handle, free_service_handle_info, info ) ) { - free_service_handle_info( info ); - return WERR_ACCESS_DENIED; + result = WERR_ACCESS_DENIED; + goto done; } - return WERR_OK; +done: + if ( !W_ERROR_IS_OK(result) ) + free_service_handle_info( info ); + + return result; } /******************************************************************** -- cgit