1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-11 17:58:16 +03:00

Roll back to using malloc/realloc on some of spoolss in head.

I'm having problems with talloc_realloc in the 2.2 branch and I
want a stable reference.

The only problem is this breaks the clean auto-generated code
in *one* call in srv_spoolss.c (the rfnpcnex call).

Jeremy.
This commit is contained in:
Jeremy Allison -
parent c3a1904564
commit 57a9340cba
5 changed files with 80 additions and 101 deletions

View File

@ -1962,9 +1962,9 @@ BOOL parse_lpq_entry(int snum,char *line,
#if OLD_NTDOMAIN #if OLD_NTDOMAIN
BOOL nt_printing_init(void); BOOL nt_printing_init(void);
int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list); int get_ntforms(nt_forms_struct **list);
int write_ntforms(nt_forms_struct **list, int number); int write_ntforms(nt_forms_struct **list, int number);
BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count); BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count);
BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret); BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret);
void update_a_form(nt_forms_struct **list, const FORM *form, int count); void update_a_form(nt_forms_struct **list, const FORM *form, int count);
int get_ntdrivers(fstring **list, char *architecture, uint32 version); int get_ntdrivers(fstring **list, char *architecture, uint32 version);

View File

@ -52,10 +52,10 @@ static nt_forms_struct default_forms[] = {
{"Letter", 0x2, 0x34b5b, 0x44367, 0x0, 0x0, 0x34b5b, 0x44367}, {"Letter", 0x2, 0x34b5b, 0x44367, 0x0, 0x0, 0x34b5b, 0x44367},
}; };
/**************************************************************************** /****************************************************************************
open the NT printing tdb open the NT printing tdb
****************************************************************************/ ****************************************************************************/
BOOL nt_printing_init(void) BOOL nt_printing_init(void)
{ {
static pid_t local_pid; static pid_t local_pid;
@ -81,15 +81,14 @@ BOOL nt_printing_init(void)
return True; return True;
} }
/****************************************************************************
get a form struct list. Returns talloc'ed memory.
****************************************************************************/
int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) /****************************************************************************
get a form struct list
****************************************************************************/
int get_ntforms(nt_forms_struct **list)
{ {
TDB_DATA kbuf, newkey, dbuf; TDB_DATA kbuf, newkey, dbuf;
nt_forms_struct form; nt_forms_struct form;
nt_forms_struct *list_p = NULL;
int ret; int ret;
int i; int i;
int n = 0; int n = 0;
@ -111,37 +110,25 @@ int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list)
/* allocate space and populate the list in correct order */ /* allocate space and populate the list in correct order */
if (i+1 > n) { if (i+1 > n) {
list_p = Realloc(list_p, sizeof(nt_forms_struct)*(i+1)); *list = Realloc(*list, sizeof(nt_forms_struct)*(i+1));
if (!list_p)
return 0;
n = i+1; n = i+1;
} }
list_p[i] = form; (*list)[i] = form;
} }
/* we should never return a null forms list or NT gets unhappy */ /* we should never return a null forms list or NT gets unhappy */
if (n == 0) { if (n == 0) {
list_p = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
if (!list_p)
return 0;
n = sizeof(default_forms) / sizeof(default_forms[0]); n = sizeof(default_forms) / sizeof(default_forms[0]);
} }
*list = NULL;
if (list_p) {
*list = (nt_forms_struct *)talloc_memdup(ctx, list_p, n * sizeof(nt_forms_struct) );
free(list_p);
}
if (!*list)
return 0;
return n; return n;
} }
/**************************************************************************** /****************************************************************************
write a form struct list write a form struct list
****************************************************************************/ ****************************************************************************/
int write_ntforms(nt_forms_struct **list, int number) int write_ntforms(nt_forms_struct **list, int number)
{ {
pstring buf, key; pstring buf, key;
@ -155,26 +142,23 @@ int write_ntforms(nt_forms_struct **list, int number)
i, (*list)[i].flag, (*list)[i].width, (*list)[i].length, i, (*list)[i].flag, (*list)[i].width, (*list)[i].length,
(*list)[i].left, (*list)[i].top, (*list)[i].right, (*list)[i].left, (*list)[i].top, (*list)[i].right,
(*list)[i].bottom); (*list)[i].bottom);
if (len > sizeof(buf)) if (len > sizeof(buf)) break;
break;
slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[i].name); slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[i].name);
dos_to_unix(key, True); /* Convert key to unix-codepage */ dos_to_unix(key, True); /* Convert key to unix-codepage */
kbuf.dsize = strlen(key)+1; kbuf.dsize = strlen(key)+1;
kbuf.dptr = key; kbuf.dptr = key;
dbuf.dsize = len; dbuf.dsize = len;
dbuf.dptr = buf; dbuf.dptr = buf;
if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) break;
break; }
}
return i; return i;
} }
/**************************************************************************** /****************************************************************************
add a form struct at the end of the list add a form struct at the end of the list
****************************************************************************/ ****************************************************************************/
BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count)
{ {
int n=0; int n=0;
BOOL update; BOOL update;
@ -198,14 +182,8 @@ BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *
} }
if (update==False) { if (update==False) {
/* We can't realloc a talloc memory area. */ if((*list=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL)
nt_forms_struct *new_list = (nt_forms_struct *)talloc(ctx, (n+1)*sizeof(nt_forms_struct) );
if (!new_list)
return False; return False;
memcpy(new_list, *list, n*sizeof(nt_forms_struct) );
*list = new_list;
unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1); unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1);
(*count)++; (*count)++;
} }
@ -224,7 +202,6 @@ BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *
/**************************************************************************** /****************************************************************************
delete a named form struct delete a named form struct
****************************************************************************/ ****************************************************************************/
BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret) BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret)
{ {
pstring key; pstring key;
@ -273,7 +250,6 @@ BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32
/**************************************************************************** /****************************************************************************
update a form struct update a form struct
****************************************************************************/ ****************************************************************************/
void update_a_form(nt_forms_struct **list, const FORM *form, int count) void update_a_form(nt_forms_struct **list, const FORM *form, int count)
{ {
int n=0; int n=0;
@ -281,7 +257,8 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count)
unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1); unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1);
DEBUG(106, ("[%s]\n", form_name)); DEBUG(106, ("[%s]\n", form_name));
for (n=0; n<count; n++) { for (n=0; n<count; n++)
{
DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name)); DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name));
if (!strncmp((*list)[n].name, form_name, strlen(form_name))) if (!strncmp((*list)[n].name, form_name, strlen(form_name)))
break; break;
@ -303,7 +280,6 @@ get the nt drivers list
traverse the database and look-up the matching names traverse the database and look-up the matching names
****************************************************************************/ ****************************************************************************/
int get_ntdrivers(fstring **list, char *architecture, uint32 version) int get_ntdrivers(fstring **list, char *architecture, uint32 version)
{ {
int total=0; int total=0;

View File

@ -397,10 +397,10 @@ authentication failed. Denying the request.\n", p->name));
} }
/* /*
* Check the data length doesn't go over the 1Mb limit. * Check the data length doesn't go over the 10Mb limit.
*/ */
if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) { if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
(unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
set_incoming_fault(p); set_incoming_fault(p);

View File

@ -270,10 +270,13 @@ static BOOL api_spoolss_rfnpcnex(pipes_struct *p)
r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u); r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u);
if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) { if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) {
safe_free(r_u.info.data);
DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n")); DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n"));
return False; return False;
} }
safe_free(r_u.info.data);
return True; return True;
} }

View File

@ -149,7 +149,6 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp)
safe_free(sp->ctr.type); safe_free(sp->ctr.type);
free(sp); free(sp);
} }
/**************************************************************************** /****************************************************************************
@ -290,7 +289,6 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle)
/**************************************************************************** /****************************************************************************
close printer index by handle close printer index by handle
****************************************************************************/ ****************************************************************************/
static BOOL close_printer_handle(POLICY_HND *hnd) static BOOL close_printer_handle(POLICY_HND *hnd)
{ {
Printer_entry *Printer = find_printer_index_by_hnd(hnd); Printer_entry *Printer = find_printer_index_by_hnd(hnd);
@ -310,6 +308,7 @@ static BOOL close_printer_handle(POLICY_HND *hnd)
Printer->notify.localmachine[0]='\0'; Printer->notify.localmachine[0]='\0';
Printer->notify.printerlocal=0; Printer->notify.printerlocal=0;
free_spool_notify_option(&Printer->notify.option); free_spool_notify_option(&Printer->notify.option);
Printer->notify.option=NULL;
Printer->notify.client_connected=False; Printer->notify.client_connected=False;
clear_handle(hnd); clear_handle(hnd);
@ -846,13 +845,13 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u,
/* NT doesn't let us connect to a printer if the connecting user /* NT doesn't let us connect to a printer if the connecting user
doesn't have print permission. */ doesn't have print permission. */
if (!get_printer_snum(handle, &snum))
return ERROR_INVALID_HANDLE;
/* map an empty access mask to the minimum access mask */ /* map an empty access mask to the minimum access mask */
if (printer_default->access_required == 0x0) if (printer_default->access_required == 0x0)
printer_default->access_required = PRINTER_ACCESS_USE; printer_default->access_required = PRINTER_ACCESS_USE;
if (!get_printer_snum(handle, &snum))
return ERROR_INVALID_HANDLE;
if (!print_access_check(&user, snum, printer_default->access_required)) { if (!print_access_check(&user, snum, printer_default->access_required)) {
DEBUG(3, ("access DENIED for printer open\n")); DEBUG(3, ("access DENIED for printer open\n"));
close_printer_handle(handle); close_printer_handle(handle);
@ -1113,7 +1112,6 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL
/******************************************************************** /********************************************************************
GetPrinterData on a printer server Handle. GetPrinterData on a printer server Handle.
********************************************************************/ ********************************************************************/
static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size) static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size)
{ {
int i; int i;
@ -1160,8 +1158,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32
pstring string="You are using a Samba server"; pstring string="You are using a Samba server";
*type = 0x1; *type = 0x1;
*needed = 2*(strlen(string)+1); *needed = 2*(strlen(string)+1);
if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
return False; return False;
memset(*data, 0, (*needed > in_size) ? *needed:in_size);
/* it's done by hand ready to go on the wire */ /* it's done by hand ready to go on the wire */
for (i=0; i<strlen(string); i++) { for (i=0; i<strlen(string); i++) {
@ -1175,8 +1174,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32
pstring string="Windows NT x86"; pstring string="Windows NT x86";
*type = 0x1; *type = 0x1;
*needed = 2*(strlen(string)+1); *needed = 2*(strlen(string)+1);
if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
return False; return False;
memset(*data, 0, (*needed > in_size) ? *needed:in_size);
for (i=0; i<strlen(string); i++) { for (i=0; i<strlen(string); i++) {
(*data)[2*i]=string[i]; (*data)[2*i]=string[i];
(*data)[2*i+1]='\0'; (*data)[2*i+1]='\0';
@ -1223,10 +1223,11 @@ static BOOL getprinterdata_printer(TALLOC_CTX *ctx, POLICY_HND *handle,
DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size)); DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size));
if (in_size) { if (in_size) {
if((*data = (uint8 *)talloc_zero(ctx, in_size *sizeof(uint8) )) == NULL) { if((*data = (uint8 *)talloc(ctx, in_size *sizeof(uint8) )) == NULL) {
return False; return False;
} }
memset(*data, 0, in_size *sizeof(uint8));
/* copy the min(in_size, len) */ /* copy the min(in_size, len) */
memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8)); memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
} else { } else {
@ -1276,7 +1277,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO
DEBUG(4,("_spoolss_getprinterdata\n")); DEBUG(4,("_spoolss_getprinterdata\n"));
if (!OPEN_HANDLE(Printer)) { if (!OPEN_HANDLE(Printer)) {
if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL) if((*data=(uint8 *)malloc(4*sizeof(uint8))) == NULL)
return ERROR_NOT_ENOUGH_MEMORY; return ERROR_NOT_ENOUGH_MEMORY;
DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle)));
return ERROR_INVALID_HANDLE; return ERROR_INVALID_HANDLE;
@ -1366,12 +1367,12 @@ uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE
} }
Printer->notify.flags=flags; Printer->notify.flags=flags;
Printer->notify.options=options;
Printer->notify.printerlocal=printerlocal; Printer->notify.printerlocal=printerlocal;
if (Printer->notify.option) if (Printer->notify.option)
free_spool_notify_option(&Printer->notify.option); free_spool_notify_option(&Printer->notify.option);
Printer->notify.options=options;
Printer->notify.option=dup_spool_notify_option(option); Printer->notify.option=dup_spool_notify_option(option);
unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1); unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1);
@ -2157,12 +2158,12 @@ static void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type,
info_data->enc_type = type_of_notify_info_data(type, field); info_data->enc_type = type_of_notify_info_data(type, field);
} }
/******************************************************************* /*******************************************************************
* *
* fill a notify_info struct with info asked * fill a notify_info struct with info asked
* *
********************************************************************/ ********************************************************************/
static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
snum, SPOOL_NOTIFY_OPTION_TYPE snum, SPOOL_NOTIFY_OPTION_TYPE
*option_type, uint32 id, *option_type, uint32 id,
@ -2192,7 +2193,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
if (!search_notify(type, field, &j) ) if (!search_notify(type, field, &j) )
continue; continue;
if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
return False; return False;
} }
current_data=&info->data[info->count]; current_data=&info->data[info->count];
@ -2217,7 +2218,6 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
* fill a notify_info struct with info asked * fill a notify_info struct with info asked
* *
********************************************************************/ ********************************************************************/
static BOOL construct_notify_jobs_info(print_queue_struct *queue, static BOOL construct_notify_jobs_info(print_queue_struct *queue,
SPOOL_NOTIFY_INFO *info, SPOOL_NOTIFY_INFO *info,
NT_PRINTER_INFO_LEVEL *printer, NT_PRINTER_INFO_LEVEL *printer,
@ -2228,6 +2228,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
int field_num,j; int field_num,j;
uint16 type; uint16 type;
uint16 field; uint16 field;
SPOOL_NOTIFY_INFO_DATA *current_data; SPOOL_NOTIFY_INFO_DATA *current_data;
DEBUG(4,("construct_notify_jobs_info\n")); DEBUG(4,("construct_notify_jobs_info\n"));
@ -2248,13 +2249,9 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
return False; return False;
} }
current_data=&info->data[info->count]; current_data=&(info->data[info->count]);
construct_info_data(current_data, type, field, id); construct_info_data(current_data, type, field, id);
DEBUG(10,("construct_notify_jobs_info: calling [%s] snum=%d printername=[%s])\n",
notify_info_data_table[j].name, snum, printer->info_2->printername ));
notify_info_data_table[j].fn(snum, current_data, queue, notify_info_data_table[j].fn(snum, current_data, queue,
printer, mem_ctx); printer, mem_ctx);
info->count++; info->count++;
@ -2322,7 +2319,8 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd,
for (snum=0; snum<n_services; snum++) for (snum=0; snum<n_services; snum++)
if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) )
if (construct_notify_printer_info(info, snum, option_type, id, mem_ctx)) if (construct_notify_printer_info
(info, snum, option_type, id, mem_ctx))
id++; id++;
} }
@ -2330,7 +2328,7 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd,
* Debugging information, don't delete. * Debugging information, don't delete.
*/ */
/* /*
DEBUG(1,("printserver_notify_info: dumping the NOTIFY_INFO\n")); DEBUG(1,("dumping the NOTIFY_INFO\n"));
DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
@ -2377,7 +2375,9 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
switch ( option_type->type ) { switch ( option_type->type ) {
case PRINTER_NOTIFY_TYPE: case PRINTER_NOTIFY_TYPE:
if(construct_notify_printer_info(info, snum, option_type, id, mem_ctx)) if(construct_notify_printer_info(info, snum,
option_type, id,
mem_ctx))
id--; id--;
break; break;
@ -2387,7 +2387,8 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
memset(&status, 0, sizeof(status)); memset(&status, 0, sizeof(status));
count = print_queue_status(snum, &queue, &status); count = print_queue_status(snum, &queue, &status);
if (get_a_printer(&printer, 2, lp_servicename(snum)) != 0) if (get_a_printer(&printer, 2,
lp_servicename(snum)) != 0)
goto done; goto done;
for (j=0; j<count; j++) { for (j=0; j<count; j++) {
@ -2410,17 +2411,17 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
/* /*
* Debugging information, don't delete. * Debugging information, don't delete.
*/ */
/*
DEBUG(10,("printer_notify_info: dumping the NOTIFY_INFO\n")); DEBUG(1,("dumping the NOTIFY_INFO\n"));
DEBUGADD(10,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
DEBUGADD(10,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
for (i=0; i<info->count; i++) { for (i=0; i<info->count; i++) {
DEBUGADD(10,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n",
i, info->data[i].type, info->data[i].field, info->data[i].reserved, i, info->data[i].type, info->data[i].field, info->data[i].reserved,
info->data[i].id, info->data[i].size, info->data[i].enc_type)); info->data[i].id, info->data[i].size, info->data[i].enc_type));
} }
*/
return NT_STATUS_NO_PROBLEMO; return NT_STATUS_NO_PROBLEMO;
} }
@ -2472,25 +2473,7 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN
result = printer_notify_info(handle, info, p->mem_ctx); result = printer_notify_info(handle, info, p->mem_ctx);
break; break;
} }
/*
* The data returned in info->data is realloced. We need to
* convert to talloc for return. The data really should come
* back as a linked list, not a realloced array, as realloc can
* fail... JRA.
*/
if (info->data) {
SPOOL_NOTIFY_INFO_DATA *new_data = (SPOOL_NOTIFY_INFO_DATA *)talloc_memdup(p->mem_ctx,
info->data,
info->count * sizeof(SPOOL_NOTIFY_INFO_DATA));
if (!new_data)
return NT_STATUS_NO_MEMORY;
safe_free(info->data);
info->data = new_data;
}
done: done:
return result; return result;
} }
@ -5291,14 +5274,14 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Offered buffer size [%d]\n", offered));
DEBUGADD(5,("Info level [%d]\n", level)); DEBUGADD(5,("Info level [%d]\n", level));
*numofforms = get_ntforms(p->mem_ctx, &list); *numofforms = get_ntforms(&list);
DEBUGADD(5,("Number of forms [%d]\n", *numofforms)); DEBUGADD(5,("Number of forms [%d]\n", *numofforms));
if (*numofforms == 0) return ERROR_NO_MORE_ITEMS; if (*numofforms == 0) return ERROR_NO_MORE_ITEMS;
switch (level) { switch (level) {
case 1: case 1:
if ((forms_1=(FORM_1 *)talloc(p->mem_ctx, *numofforms * sizeof(FORM_1))) == NULL) { if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) {
*numofforms=0; *numofforms=0;
return ERROR_NOT_ENOUGH_MEMORY; return ERROR_NOT_ENOUGH_MEMORY;
} }
@ -5309,6 +5292,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
fill_form_1(&forms_1[i], &list[i]); fill_form_1(&forms_1[i], &list[i]);
} }
safe_free(list);
/* check the required size. */ /* check the required size. */
for (i=0; i<*numofforms; i++) { for (i=0; i<*numofforms; i++) {
DEBUGADD(6,("adding form [%d]'s size\n",i)); DEBUGADD(6,("adding form [%d]'s size\n",i));
@ -5317,8 +5302,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
*needed=buffer_size; *needed=buffer_size;
if (!alloc_buffer_size(buffer, buffer_size)) if (!alloc_buffer_size(buffer, buffer_size)){
safe_free(forms_1);
return ERROR_INSUFFICIENT_BUFFER; return ERROR_INSUFFICIENT_BUFFER;
}
/* fill the buffer with the form structures */ /* fill the buffer with the form structures */
for (i=0; i<*numofforms; i++) { for (i=0; i<*numofforms; i++) {
@ -5326,6 +5313,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
new_smb_io_form_1("", buffer, &forms_1[i], 0); new_smb_io_form_1("", buffer, &forms_1[i], 0);
} }
safe_free(forms_1);
if (*needed > offered) { if (*needed > offered) {
*numofforms=0; *numofforms=0;
return ERROR_INSUFFICIENT_BUFFER; return ERROR_INSUFFICIENT_BUFFER;
@ -5334,8 +5323,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
return NT_STATUS_NO_PROBLEMO; return NT_STATUS_NO_PROBLEMO;
default: default:
safe_free(list);
return ERROR_INVALID_LEVEL; return ERROR_INVALID_LEVEL;
} }
} }
/**************************************************************************** /****************************************************************************
@ -5366,7 +5357,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Offered buffer size [%d]\n", offered));
DEBUGADD(5,("Info level [%d]\n", level)); DEBUGADD(5,("Info level [%d]\n", level));
numofforms = get_ntforms(p->mem_ctx, &list); numofforms = get_ntforms(&list);
DEBUGADD(5,("Number of forms [%d]\n", numofforms)); DEBUGADD(5,("Number of forms [%d]\n", numofforms));
if (numofforms == 0) if (numofforms == 0)
@ -5387,6 +5378,8 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
} }
} }
safe_free(list);
/* check the required size. */ /* check the required size. */
*needed=spoolss_size_form_1(&form_1); *needed=spoolss_size_form_1(&form_1);
@ -5406,6 +5399,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
return NT_STATUS_NO_PROBLEMO; return NT_STATUS_NO_PROBLEMO;
default: default:
safe_free(list);
return ERROR_INVALID_LEVEL; return ERROR_INVALID_LEVEL;
} }
} }
@ -6183,12 +6177,14 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM
return ERROR_INVALID_HANDLE; return ERROR_INVALID_HANDLE;
} }
count=get_ntforms(p->mem_ctx, &list); count=get_ntforms(&list);
if(!add_a_form(p->mem_ctx, &list, form, &count)) if(!add_a_form(&list, form, &count))
return ERROR_NOT_ENOUGH_MEMORY; return ERROR_NOT_ENOUGH_MEMORY;
write_ntforms(&list, count); write_ntforms(&list, count);
return NT_STATUS_NOPROBLEMO; safe_free(list);
return 0x0;
} }
/**************************************************************************** /****************************************************************************
@ -6211,10 +6207,12 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE
return ERROR_INVALID_HANDLE; return ERROR_INVALID_HANDLE;
} }
count = get_ntforms(p->mem_ctx, &list); count = get_ntforms(&list);
if(!delete_a_form(&list, form_name, &count, &ret)) if(!delete_a_form(&list, form_name, &count, &ret))
return ERROR_INVALID_PARAMETER; return ERROR_INVALID_PARAMETER;
safe_free(list);
return ret; return ret;
} }
@ -6238,10 +6236,12 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM *
DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle))); DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle)));
return ERROR_INVALID_HANDLE; return ERROR_INVALID_HANDLE;
} }
count=get_ntforms(p->mem_ctx, &list); count=get_ntforms(&list);
update_a_form(&list, form, count); update_a_form(&list, form, count);
write_ntforms(&list, count); write_ntforms(&list, count);
safe_free(list);
return 0x0; return 0x0;
} }