From f7bf439030dddec3355441a833566aafbf89f6b9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Mar 2006 21:13:19 +0000 Subject: r13994: Belt and braces - ensure RPC_BUFFER is valid. Jeremy. (This used to be commit d993797191865878ebfd2ff9028d341017605cd6) --- source3/rpc_server/srv_spoolss_nt.c | 119 +++++++++++++++++++++++------------- 1 file changed, 75 insertions(+), 44 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index cc51df98c1..6a1be53738 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -4624,11 +4624,13 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_ /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_enumprinters\n")); *needed=0; @@ -4933,11 +4935,13 @@ WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + *needed=0; if (!get_printer_snum(p, handle, &snum)) @@ -5530,11 +5534,13 @@ WERROR _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_ /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_getprinterdriver2\n")); if ( !(printer = find_printer_index_by_hnd( p, handle )) ) { @@ -6367,8 +6373,11 @@ WERROR _spoolss_addjob(pipes_struct *p, SPOOL_Q_ADDJOB *q_u, SPOOL_R_ADDJOB *r_u { /* that's an [in out] buffer */ - if ( q_u->buffer ) - rpcbuf_move(q_u->buffer, &r_u->buffer); + if (!q_u->buffer) { + return WERR_INVALID_PARAM; + } + + rpcbuf_move(q_u->buffer, &r_u->buffer); r_u->needed = 0; return WERR_INVALID_PARAM; /* this is what a NT server @@ -6579,11 +6588,13 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_enumjobs\n")); *needed=0; @@ -6944,11 +6955,13 @@ WERROR _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_enumprinterdrivers\n")); *needed = 0; @@ -7007,11 +7020,13 @@ WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMF /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_enumforms\n")); DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); @@ -7114,11 +7129,13 @@ WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + unistr2_to_ascii(form_name, uni_formname, sizeof(form_name)-1); DEBUG(4,("_spoolss_getform\n")); @@ -7392,11 +7409,13 @@ WERROR _spoolss_enumports( pipes_struct *p, SPOOL_Q_ENUMPORTS *q_u, SPOOL_R_ENUM /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_enumports\n")); *returned=0; @@ -7800,11 +7819,13 @@ WERROR _spoolss_getprinterdriverdirectory(pipes_struct *p, SPOOL_Q_GETPRINTERDRI /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer ) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(4,("_spoolss_getprinterdriverdirectory\n")); *needed=0; @@ -8410,11 +8431,13 @@ WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(5,("spoolss_enumprintprocessors\n")); /* @@ -8487,11 +8510,13 @@ WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDAT /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(5,("_spoolss_enumprintprocdatatypes\n")); *returned=0; @@ -8613,11 +8638,13 @@ WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_ /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(5,("spoolss_enumprintmonitors\n")); /* @@ -8787,11 +8814,13 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_ /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(5,("spoolss_getjob\n")); *needed = 0; @@ -9407,11 +9436,13 @@ WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROC /* that's an [in out] buffer */ - if ( q_u->buffer ) { - rpcbuf_move(q_u->buffer, &r_u->buffer); - buffer = r_u->buffer; + if (!q_u->buffer) { + return WERR_INVALID_PARAM; } + rpcbuf_move(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + DEBUG(5,("_spoolss_getprintprocessordirectory\n")); *needed=0; -- cgit