BUG in enumprinterdataex
Jeremy Allison
jra at samba.org
Sat Feb 3 00:48:15 GMT 2007
On Fri, Feb 02, 2007 at 10:34:34AM +0100, Martin Zielinski wrote:
> Hello,
>
> i can observe the following situation on XP SP2 vs. Samba 3.0.23d:
>
> 1) XP does an EnumPrinterDataEx call with 0 bytes provided to Samba
> 2) Samba counts the space needed and returns a *not 4-byte aligned*
> amount of space (I can see it on the wire - e.g. 1642)
> 3) XP returns a 4-byte aligned value in the EnumPrinterDataEx - call.
> In the above case: 1644
> 4) The routine allocates 1644 bytes, does the call again and receives a
> RPC_X_BAD_STUB_DATA (0x6f7 = 1783) error.
> Weird thing while debugging: I see the provided key name corrupted.
>
> The reason for this seems to be the returned buffer size in the RPC
> response.
> The attached diff fixes this for the enumprinterdataex call.
Ok, I'm going to commit this one - makes sense to me. A problem
with hand marshalling I think.
> P.S. I'm really not shure - but haven't we had this one before?
Not sure - this code will eventually greatly benefit from
being PIDL generated. Please keep these fixes coming :-).
> --- orig/srv_spoolss_nt.c 2007-02-02 10:27:15.000000000 +0100
> +++ work/srv_spoolss_nt.c 2007-02-02 10:28:03.000000000 +0100
> @@ -9389,6 +9389,8 @@
> /* copy data into the reply */
>
> r_u->ctr.size = r_u->needed;
> + if (needed % 4)
> + r_u->ctr.size += 4-(needed % 4);
> r_u->ctr.size_of_array = r_u->returned;
> r_u->ctr.values = enum_values;
>
Thanks !
Jeremy.
More information about the samba-technical
mailing list