sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-09 01:44:21 +03:00
Code Activity

Arrgggh. Returning the SPOOL_INFO stuff requires that the realloced

Browse Source 
data be realloced between different functions. This took a *long*
time to track down (even with insure :-).
Jeremy.
This commit is contained in:
Jeremy Allison
-
parent 3e190e6933
commit e61899f490
1 changed files with 36 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
source/rpc_server/srv_spoolss_nt.c
View File

@@ -2157,12 +2157,12 @@ static void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type,
info_data->enc_type = type_of_notify_info_data(type, field); info_data->enc_type = type_of_notify_info_data(type, field);
} }
/******************************************************************* /*******************************************************************
* *
* fill a notify_info struct with info asked * fill a notify_info struct with info asked
* *
********************************************************************/ ********************************************************************/
static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
snum, SPOOL_NOTIFY_OPTION_TYPE snum, SPOOL_NOTIFY_OPTION_TYPE
*option_type, uint32 id, *option_type, uint32 id,
@@ -2175,8 +2175,6 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
SPOOL_NOTIFY_INFO_DATA *current_data; SPOOL_NOTIFY_INFO_DATA *current_data;
NT_PRINTER_INFO_LEVEL *printer = NULL; NT_PRINTER_INFO_LEVEL *printer = NULL;
print_queue_struct *queue=NULL; print_queue_struct *queue=NULL;
size_t realloc_size = 0;
SPOOL_NOTIFY_INFO_DATA *info_data_ptr = NULL;
type=option_type->type; type=option_type->type;
@@ -2194,11 +2192,10 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
if (!search_notify(type, field, &j) ) if (!search_notify(type, field, &j) )
continue; continue;
realloc_size = (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA); if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
if((info_data_ptr=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info_data_ptr, realloc_size)) == NULL) {
return False; return False;
} }
current_data=&info_data_ptr[info->count]; current_data=&info->data[info->count];
construct_info_data(current_data, type, field, id); construct_info_data(current_data, type, field, id);
@@ -2211,12 +2208,6 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
info->count++; info->count++;
} }
if (realloc_size)
info->data = talloc_memdup(mem_ctx, info_data_ptr, realloc_size);
else
info->data = NULL;
safe_free(info_data_ptr);
free_a_printer(&printer, 2); free_a_printer(&printer, 2);
return True; return True;
} }
@@ -2226,6 +2217,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
* fill a notify_info struct with info asked * fill a notify_info struct with info asked
* *
********************************************************************/ ********************************************************************/
static BOOL construct_notify_jobs_info(print_queue_struct *queue, static BOOL construct_notify_jobs_info(print_queue_struct *queue,
SPOOL_NOTIFY_INFO *info, SPOOL_NOTIFY_INFO *info,
NT_PRINTER_INFO_LEVEL *printer, NT_PRINTER_INFO_LEVEL *printer,
@@ -2236,7 +2228,6 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
int field_num,j; int field_num,j;
uint16 type; uint16 type;
uint16 field; uint16 field;
SPOOL_NOTIFY_INFO_DATA *current_data; SPOOL_NOTIFY_INFO_DATA *current_data;
DEBUG(4,("construct_notify_jobs_info\n")); DEBUG(4,("construct_notify_jobs_info\n"));
@@ -2257,9 +2248,13 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
return False; return False;
} }
current_data=&(info->data[info->count]); current_data=&info->data[info->count];
construct_info_data(current_data, type, field, id); construct_info_data(current_data, type, field, id);
DEBUG(10,("construct_notify_jobs_info: calling [%s] snum=%d printername=[%s])\n",
notify_info_data_table[j].name, snum, printer->info_2->printername ));
notify_info_data_table[j].fn(snum, current_data, queue, notify_info_data_table[j].fn(snum, current_data, queue,
printer, mem_ctx); printer, mem_ctx);
info->count++; info->count++;
@@ -2335,7 +2330,7 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd,
* Debugging information, don't delete. * Debugging information, don't delete.
*/ */
/* /*
DEBUG(1,("dumping the NOTIFY_INFO\n")); DEBUG(1,("printserver_notify_info: dumping the NOTIFY_INFO\n"));
DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
@@ -2415,17 +2410,17 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
/* /*
* Debugging information, don't delete. * Debugging information, don't delete.
*/ */
/*
DEBUG(1,("dumping the NOTIFY_INFO\n")); DEBUG(10,("printer_notify_info: dumping the NOTIFY_INFO\n"));
DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(10,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); DEBUGADD(10,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
for (i=0; i<info->count; i++) { for (i=0; i<info->count; i++) {
DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", DEBUGADD(10,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n",
i, info->data[i].type, info->data[i].field, info->data[i].reserved, i, info->data[i].type, info->data[i].field, info->data[i].reserved,
info->data[i].id, info->data[i].size, info->data[i].enc_type)); info->data[i].id, info->data[i].size, info->data[i].enc_type));
} }
*/
return NT_STATUS_NO_PROBLEMO; return NT_STATUS_NO_PROBLEMO;
} }
@@ -2478,6 +2473,24 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN
break; break;
} }
/*
* The data returned in info->data is realloced. We need to
* convert to talloc for return. The data really should come
* back as a linked list, not a realloced array, as realloc can
* fail... JRA.
*/
if (info->data) {
SPOOL_NOTIFY_INFO_DATA *new_data = (SPOOL_NOTIFY_INFO_DATA *)talloc_memdup(p->mem_ctx,
info->data,
info->count * sizeof(SPOOL_NOTIFY_INFO_DATA));
if (!new_data)
return NT_STATUS_NO_MEMORY;
safe_free(info->data);
info->data = new_data;
}
done: done:
return result; return result;
} }
@@ -5024,7 +5037,7 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture
return ERROR_INSUFFICIENT_BUFFER; return ERROR_INSUFFICIENT_BUFFER;
} }
/* fill the buffer with the form structures */ /* fill the buffer with the driver structures */
for (i=0; i<*returned; i++) { for (i=0; i<*returned; i++) {
DEBUGADD(6,("adding driver [%d] to buffer\n",i)); DEBUGADD(6,("adding driver [%d] to buffer\n",i));
new_smb_io_printer_driver_info_1("", buffer, &driver_info_1[i], 0); new_smb_io_printer_driver_info_1("", buffer, &driver_info_1[i], 0);