BUG in enumprinterdataex

Jeremy Allison jra at samba.org
Sat Feb 3 17:24:26 GMT 2007


On Sat, Feb 03, 2007 at 09:28:43AM +0100, Martin wrote:
> >
> Hi!
> I certainly trapped vista again.
> The proposed fix works with XP but not with Vista.
> Easy to compare: Samba returns a buffer size of 1642 bytes.
> -> XP offers a buffer of 1644 bytes.
> -> Vista 1642 bytes.
> 
> If we only align the buffer size (as in the proposed patch), we earn a 
> 1783 error. It seems that the buffer size in the RPC *must* match the 
> "needed" size in the message itself.
> 
> So the better fix would be to align the "needed" var before the test
> against the input size.

So you're saying round up needed to a 4 byte boundary before
setting it in r_u->needed ?

I've attached a proposed fix - can you test it for me
before Monday (I don't have my Vista test env set up
at home yet).

Jeremy.
-------------- next part --------------
Index: rpc_server/srv_spoolss_nt.c
===================================================================
--- rpc_server/srv_spoolss_nt.c	(revision 21132)
+++ rpc_server/srv_spoolss_nt.c	(working copy)
@@ -9385,6 +9385,15 @@
 	
 	/* housekeeping information in the reply */
 	
+	/* Fix from Martin Zielinski <mz at seh.de> - ensure
+	 * the hand marshalled container size is a multiple
+	 * of 4 bytes for RPC alignment.
+	 */
+
+	if (needed % 4) {
+		needed += 4-(needed % 4);
+	}
+
 	r_u->needed 	= needed;
 	r_u->returned 	= num_entries;
 
@@ -9397,15 +9406,6 @@
 	
 	r_u->ctr.size        	= r_u->needed;
 
-	/* Fix from Martin Zielinski <mz at seh.de> - ensure
-	 * the hand marshalled container size is a multiple
-	 * of 4 bytes for RPC alignment.
-	 */
-
-	if (needed % 4) {
-		r_u->ctr.size += 4-(needed % 4);
-	}
-
 	r_u->ctr.size_of_array 	= r_u->returned;
 	r_u->ctr.values 	= enum_values;
 	


More information about the samba-technical mailing list