bug in get_current_user in rpc_server/srv_spoolss_nt.c

Jim McDonough/Boulder/IBM jmcd at us.ibm.com
Wed Sep 27 21:44:02 GMT 2000


It looks like when get_current_user() was pulled into a function, both of
the memcpy() calls got changed from
memcpy(&user, ..., sizeof(user))
to
memcpy(user, ..., sizeof(user))

Since "user" was changed from "struct current_user" to "struct current_user
*", I think the length of the memcpy should be changed to sizeof(struct
current_user).

The symptom I got was that installing a new driver from an NT system would
fail.  The files would go across, but trying to set the driver would fail
on lookup of a uid of whatever happened to be in that space in memory.

Changing "sizeof(user) to sizeof(struct current_user) fixed the problem for
me.

Jim

----------------------------
Jim McDonough
Infoprint Manager Development
Linux Technology Center
IBM Boulder

Notes: Jim McDonough/Boulder/IBM @ IBMUS
VNET: JMCD at IBMUSM54
Internet: jmcd at us.ibm.com

Phone: (303) 924-5822
T/L: 263-5822





More information about the samba-technical mailing list