core dump in rpcclient getdriver

Ronan Waide waider at
Tue Jan 28 17:06:32 GMT 2003

hi folks,

ran this command:
rpcclient -U Administrator%password PDC -c "getdriver PRINTER"

and got this output:

[Windows 4.0]
Segmentation fault (core dumped)

Here's the stacktrace:

#0  0x080a8abd in strlen_w (src=0x0) at lib/util_unistr.c:312
#1  0x0809bf6f in pull_ucs2 (base_ptr=0x0, dest=0xbfffd8c0 "\027", src=0x0, 
    dest_len=256, src_len=4294967295, flags=25) at lib/charcnv.c:570
#2  0x080a88b6 in rpcstr_pull (dest=0xbfffd8c0 "\027", src=0x0, dest_len=256, 
    src_len=-1, flags=1) at lib/util_unistr.c:173
#3  0x0806f118 in display_print_driver_3 (i1=0x81d61f8)
    at rpcclient/cmd_spoolss.c:875
#4  0x0806f4bb in cmd_spoolss_getdriver (cli=0x81b3ed0, mem_ctx=0x81d5238, 
    argc=2, argv=0x81d5208) at rpcclient/cmd_spoolss.c:984
#5  0x08069762 in do_cmd (cli=0x81b3ed0, cmd_entry=0x814b5d4, 
    cmd=0x8152680 "getdriver PR00001") at rpcclient/rpcclient.c:497
#6  0x080698a1 in process_cmd (cli=0x81b3ed0, 
    cmd=0x8152680 "getdriver PR00001") at rpcclient/rpcclient.c:556
#7  0x08069e54 in main (argc=6, argv=0xbffffaf4) at rpcclient/rpcclient.c:753
#8  0x4026e1c4 in __libc_start_main () from /lib/

Poking around in it, the default data type for the printer is NULL,
which is returned to the rpcclient as a null string. So when we get to

875             rpcstr_pull(defaultdatatype, i1->defaultdatatype.buffer, sizeof(defaultdatatype), -1, STR_TERMINATE);

the coredump above is generated because i1->defaultdatatype.buffer is

This only happens for a level 3 info dump - levels 1 and 2 are quite
okay. I presume the correct fix is to check at
rpcclient/cmd_spoolss.c:875 if the defaultdatatype is NULL or not, but
I'm not 100% sure, so I'll leave that to smarter folks :)

waider at / Yes, it /is/ very personal of me.
"The folks from Sendmail gave me a pocket knife.  It has dozens of blades with
 a seemingly infinite number of functions, just like Sendmail.  The first time
 I used it, it broke, just like Sendmail." - Kludge Dorsey

More information about the samba-technical mailing list