svn commit: samba r9021 - branches/SAMBA_3_0/source/rpc_server
trunk/source/rpc_server
gd at samba.org
gd at samba.org
Wed Aug 3 22:07:59 GMT 2005
Author: gd
Date: 2005-08-03 22:07:57 +0000 (Wed, 03 Aug 2005)
New Revision: 9021
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9021
Log:
Fix smbd-crash bug in openprinter (found by samba4 smbtorture
RPC-SPOOLSS).
Guenther
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
trunk/source/rpc_server/srv_spoolss_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-08-03 21:59:05 UTC (rev 9020)
+++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-08-03 22:07:57 UTC (rev 9021)
@@ -1488,19 +1488,23 @@
* SPOOL_Q_OPEN_PRINTER_EX structure
********************************************************************/
-static void convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u)
+static WERROR convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u)
{
if (!q_u_ex || !q_u)
- return;
+ return WERR_OK;
DEBUG(8,("convert_to_openprinterex\n"));
if ( q_u->printername ) {
- q_u_ex->printername = TALLOC_P( ctx, UNISTR2 );
+ q_u_ex->printername = TALLOC_ZERO_P( ctx, UNISTR2 );
+ if (q_u_ex->printername == NULL)
+ return WERR_NOMEM;
copy_unistr2(q_u_ex->printername, q_u->printername);
}
copy_printer_default(ctx, &q_u_ex->printer_default, &q_u->printer_default);
+
+ return WERR_OK;
}
/********************************************************************
@@ -1522,7 +1526,9 @@
/* convert the OpenPrinter() call to OpenPrinterEx() */
- convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u);
+ r_u_ex.status = convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u);
+ if (!W_ERROR_IS_OK(r_u_ex.status))
+ return r_u_ex.status;
r_u_ex.status = _spoolss_open_printer_ex(p, &q_u_ex, &r_u_ex);
Modified: trunk/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- trunk/source/rpc_server/srv_spoolss_nt.c 2005-08-03 21:59:05 UTC (rev 9020)
+++ trunk/source/rpc_server/srv_spoolss_nt.c 2005-08-03 22:07:57 UTC (rev 9021)
@@ -1488,19 +1488,23 @@
* SPOOL_Q_OPEN_PRINTER_EX structure
********************************************************************/
-static void convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u)
+static WERROR convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u)
{
if (!q_u_ex || !q_u)
- return;
+ return WERR_OK;
DEBUG(8,("convert_to_openprinterex\n"));
if ( q_u->printername ) {
- q_u_ex->printername = TALLOC_P( ctx, UNISTR2 );
+ q_u_ex->printername = TALLOC_ZERO_P( ctx, UNISTR2 );
+ if (q_u_ex->printername == NULL)
+ return WERR_NOMEM;
copy_unistr2(q_u_ex->printername, q_u->printername);
}
copy_printer_default(ctx, &q_u_ex->printer_default, &q_u->printer_default);
+
+ return WERR_OK;
}
/********************************************************************
@@ -1522,7 +1526,9 @@
/* convert the OpenPrinter() call to OpenPrinterEx() */
- convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u);
+ r_u_ex.status = convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u);
+ if (!W_ERROR_IS_OK(r_u_ex.status))
+ return r_u_ex.status;
r_u_ex.status = _spoolss_open_printer_ex(p, &q_u_ex, &r_u_ex);
More information about the samba-cvs
mailing list