CVS update: samba/source/rpc_parse
jreilly at samba.org
jreilly at samba.org
Tue May 29 09:30:27 EST 2001
Date: Mon May 28 16:30:26 2001
Author: jreilly
Update of /data/cvs/samba/source/rpc_parse
In directory va:/tmp/cvs-serv13598/rpc_parse
Modified Files:
Tag: SAMBA_2_2
parse_spoolss.c
Log Message:
Fix nasty malloc/free bug when setting a printer attribute with a zero length (Lexmark
drivers do this). tdb_unpack() on case 'B' was leaving the data pointer uninitialized.
This seemed OK (but bad practice) for a zero lenght buffer, but many cycles later
free_nt_printer_param() did a safe_free on the uninitialized pointer. This affected
both APPLIANCE_HEAD and 2.2 (HEAD too I expect).
2.2 only was hit by a differert aspect of the situation above. When a zero len attribute
is processed by api_spoolss_setprinterdata(), talloc (in non DEBUG_TALLOC), returns NULL
up the chain and "unable to unmarshall SPOOL_Q_SETPRINTERDATA" occurs.
JohnR
Revisions:
parse_spoolss.c 1.95.2.28 => 1.95.2.29
http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_parse/parse_spoolss.c?r1=1.95.2.28&r2=1.95.2.29
More information about the samba-cvs
mailing list