[PATCH] Fix GetPrinterDataEx with empty keyname

Guenther Deschner gd at samba.org
Tue Sep 6 06:07:38 UTC 2016


Hi,

Windows 10 fails a lot of GetPrinterDataEx queries in my testing due to
this.

please review and push.

Thanks,
Guenther
-- 
Guenther Deschner
Pestalozzistr. 39
D-13187 Berlin
-------------- next part --------------
From a3b86a7b3e70403034f6b96b989d9ecf135e7999 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Thu, 1 Sep 2016 19:54:46 +0200
Subject: [PATCH 1/2] s4-torture: test GetPrinterData with server handle and 0
 keylength.

This is what e.g. Windows 10 does a lot.

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
---
 source4/torture/rpc/spoolss.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index c085208..6262c7f 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -4119,19 +4119,27 @@ static bool test_GetPrinterData_list(struct torture_context *tctx,
 
 	for (i=0; i < ARRAY_SIZE(list); i++) {
 		enum winreg_Type type = REG_NONE;
-		enum winreg_Type type_ex= REG_NONE;
+		enum winreg_Type type_ex1 = REG_NONE;
+		enum winreg_Type type_ex2 = REG_NONE;
 		uint8_t *data;
-		uint8_t *data_ex = NULL;
+		uint8_t *data_ex1 = NULL;
+		uint8_t *data_ex2 = NULL;
 		uint32_t needed;
-		uint32_t needed_ex = 0;
+		uint32_t needed_ex1 = 0;
+		uint32_t needed_ex2 = 0;
 
 		torture_assert(tctx, test_GetPrinterData(tctx, b, &ctx->server_handle, list[i], &type, &data, &needed),
 			talloc_asprintf(tctx, "GetPrinterData failed on %s\n", list[i]));
-		torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "random_string", list[i], &type_ex, &data_ex, &needed_ex),
+		torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "random_string", list[i], &type_ex1, &data_ex1, &needed_ex1),
 			talloc_asprintf(tctx, "GetPrinterDataEx failed on %s\n", list[i]));
-		torture_assert_int_equal(tctx, type, type_ex, "type mismatch");
-		torture_assert_int_equal(tctx, needed, needed_ex, "needed mismatch");
-		torture_assert_mem_equal(tctx, data, data_ex, needed, "data mismatch");
+		torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "", list[i], &type_ex2, &data_ex2, &needed_ex2),
+			talloc_asprintf(tctx, "GetPrinterDataEx failed on %s\n", list[i]));
+		torture_assert_int_equal(tctx, type, type_ex1, "type mismatch");
+		torture_assert_int_equal(tctx, type, type_ex2, "type mismatch");
+		torture_assert_int_equal(tctx, needed, needed_ex1, "needed mismatch");
+		torture_assert_int_equal(tctx, needed, needed_ex2, "needed mismatch");
+		torture_assert_mem_equal(tctx, data, data_ex1, needed, "data mismatch");
+		torture_assert_mem_equal(tctx, data, data_ex2, needed, "data mismatch");
 	}
 
 	return true;
-- 
2.7.4


From 0b321cf88569d770a2a7c277a5e797647499a11c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Thu, 1 Sep 2016 19:55:40 +0200
Subject: [PATCH 2/2] s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the
 keyname lengthcheck.

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
---
 source3/rpc_server/spoolss/srv_spoolss_nt.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 6986ab3..c0e3c1b 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -9686,12 +9686,6 @@ WERROR _spoolss_GetPrinterDataEx(struct pipes_struct *p,
 		goto done;
 	}
 
-	/* check to see if the keyname is valid */
-	if (!strlen(r->in.key_name)) {
-		result = WERR_INVALID_PARAM;
-		goto done;
-	}
-
 	/* Is the handle to a printer or to the server? */
 
 	if (Printer->printer_type == SPLHND_SERVER) {
@@ -9722,6 +9716,12 @@ WERROR _spoolss_GetPrinterDataEx(struct pipes_struct *p,
 		goto done;
 	}
 
+	/* check to see if the keyname is valid */
+	if (!strlen(r->in.key_name)) {
+		result = WERR_INVALID_PARAM;
+		goto done;
+	}
+
 	if (!get_printer_snum(p, r->in.handle, &snum, NULL)) {
 		result = WERR_BADFID;
 		goto done;
-- 
2.7.4



More information about the samba-technical mailing list