Buffer Overflow
rberghmans at arafox.com
rberghmans at arafox.com
Fri Jun 6 11:36:26 GMT 2003
Hi,
When I try to add printer driver via "server properties" of Windows, everything
on the box is inactive. And in the log file I find this :
[2003/06/06 12:37:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1457)
api_rpcTNP: spoolss op 0xa - api_rpcTNP: rpc command:
SPOOLSS_ENUMPRINTERDRIVERS
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_debug(81)
000000 spoolss_io_q_enumprinterdrivers
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0000 name_ptr: 00089330
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0004 uni_max_len: 00000009
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0008 undoc : 00000000
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
000c uni_str_len: 00000009
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
0010 buffer : \.\.A.r.a.f.o.x...
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0024 environment_ptr: 00089354
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0028 uni_max_len: 0000000f
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
002c undoc : 00000000
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0030 uni_str_len: 0000000f
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
0034 buffer : W.i.n.d.o.w.s. .N.T. .x.8.6...
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0054 level: 00000003
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0058 ptr: 00089380
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
005c size: 00000400
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0460 offered: 00000400
[2003/06/06 12:37:40, 4] rpc_server/srv_spoolss_nt.c:_spoolss_enumprinterdrivers
(6833)
_spoolss_enumprinterdrivers
we have:[0] drivers in environment [Windows NT x86] and version [0]
we have:[0] drivers in environment [Windows NT x86] and version [1]
we have:[0] drivers in environment [Windows NT x86] and version [2]
we have:[0] drivers in environment [Windows NT x86] and version [3]
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_debug(81)
000000 spoolss_io_r_enumprinterdrivers
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0000 ptr: 00089380
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0004 size: 00000400
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0408 needed: 00000000
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
040c returned: 00000000
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_werror(694)
0410 status: WERR_OK
[2003/06/06 12:37:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1504)
api_rpcTNP: called spoolss successfully
[2003/06/06 12:37:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 100
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_debug(81)
000000 smb_io_rpc_hdr hdr
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0000 major : 05
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0001 minor : 00
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0002 pkt_type : 02
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0003 flags : 03
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0004 pack_type0: 10
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0005 pack_type1: 00
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0006 pack_type2: 00
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0007 pack_type3: 00
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint16(605)
0008 frag_len : 042c
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint16(605)
000a auth_len : 0000
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
000c call_id : 00000001
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_debug(81)
000010 smb_io_rpc_hdr_resp resp
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint32(634)
0010 alloc_hint: 00000414
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint16(605)
0014 context_id: 0000
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0016 cancel_ct : 00
[2003/06/06 12:37:40, 5] rpc_parse/parse_prs.c:prs_uint8(576)
0017 reserved : 00
[2003/06/06 12:37:40, 5] smbd/ipc.c:send_trans_reply(91)
send_trans_reply: buffer 1024 too large
[2003/06/06 12:37:40, 3] smbd/error.c:error_packet(113)
error packet at smbd/ipc.c(99) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW
[2003/06/06 12:37:40, 5] smbd/ipc.c:copy_trans_params_and_data(62)
Ragards,
Thank you for your help,
Raphaël
More information about the samba-technical
mailing list