BUG in enumprinterdataex
Martin Zielinski
mz at seh.de
Fri Feb 2 09:34:34 GMT 2007
Hello,
i can observe the following situation on XP SP2 vs. Samba 3.0.23d:
1) XP does an EnumPrinterDataEx call with 0 bytes provided to Samba
2) Samba counts the space needed and returns a *not 4-byte aligned*
amount of space (I can see it on the wire - e.g. 1642)
3) XP returns a 4-byte aligned value in the EnumPrinterDataEx - call.
In the above case: 1644
4) The routine allocates 1644 bytes, does the call again and receives a
RPC_X_BAD_STUB_DATA (0x6f7 = 1783) error.
Weird thing while debugging: I see the provided key name corrupted.
The reason for this seems to be the returned buffer size in the RPC
response.
The attached diff fixes this for the enumprinterdataex call.
Bye,
Martin
P.S. I'm really not shure - but haven't we had this one before?
--
Martin Zielinski mz at seh.de
Software Development
SEH Computertechnik GmbH www.seh.de
-------------- next part --------------
--- orig/srv_spoolss_nt.c 2007-02-02 10:27:15.000000000 +0100
+++ work/srv_spoolss_nt.c 2007-02-02 10:28:03.000000000 +0100
@@ -9389,6 +9389,8 @@
/* copy data into the reply */
r_u->ctr.size = r_u->needed;
+ if (needed % 4)
+ r_u->ctr.size += 4-(needed % 4);
r_u->ctr.size_of_array = r_u->returned;
r_u->ctr.values = enum_values;
More information about the samba-technical
mailing list