The branch, v3-6-test has been updated
via d7fdb05 spoolss: fix segfault when "default devmode" is disabled
from 1106ca5 BUG 9436: Fix leaking sockets of SMB connections to a DC.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit d7fdb05464a67ced7afb8dfdf0aa6be77cb84fd6
Author: David Disseldorp <dd...@samba.org>
Date: Tue Nov 27 16:10:28 2012 +0100
spoolss: fix segfault when "default devmode" is disabled
Currently when "default devmode" is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().
Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.
This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.
https://bugzilla.samba.org/show_bug.cgi?id=9433
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/spoolss/srv_spoolss_nt.c | 52 +++++++++++++++++---------
1 files changed, 34 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 8868a98..b5949e4 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1942,24 +1942,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
* save it here in case we get a job submission on this handle
*/
- if ((Printer->printer_type != SPLHND_SERVER) &&
- r->in.devmode_ctr.devmode) {
+ if ((Printer->printer_type != SPLHND_SERVER)
+ && (r->in.devmode_ctr.devmode != NULL)) {
copy_devicemode(NULL, r->in.devmode_ctr.devmode,
&Printer->devmode);
}
-#if 0 /* JERRY -- I'm doubtful this is really effective */
- /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN
- optimization in Windows 2000 clients --jerry */
-
- if ( (r->in.access_mask == PRINTER_ACCESS_ADMINISTER)
- && (RA_WIN2K == get_remote_arch()) )
- {
- DEBUG(10,("_spoolss_OpenPrinterEx: Enabling LAN/WAN hack for
Win2k clients.\n"));
- sys_usleep( 500000 );
- }
-#endif
-
return WERR_OK;
}
@@ -4037,8 +4025,22 @@ static WERROR construct_printer_info2(TALLOC_CTX
*mem_ctx,
r->cjobs = count;
r->averageppm = info2->averageppm;
- copy_devicemode(mem_ctx, info2->devmode, &r->devmode);
- if (!r->devmode) {
+ if (info2->devmode != NULL) {
+ result = copy_devicemode(mem_ctx,
+ info2->devmode,
+ &r->devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else if (lp_default_devmode(snum)) {
+ result = spoolss_create_default_devmode(mem_ctx,
+ info2->printername,
+ &r->devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else {
+ r->devmode = NULL;
DEBUG(8,("Returning NULL Devicemode!\n"));
}
@@ -4218,8 +4220,22 @@ static WERROR construct_printer_info8(TALLOC_CTX
*mem_ctx,
return result;
}
- copy_devicemode(mem_ctx, info2->devmode, &r->devmode);
- if (!r->devmode) {
+ if (info2->devmode != NULL) {
+ result = copy_devicemode(mem_ctx,
+ info2->devmode,
+ &r->devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else if (lp_default_devmode(snum)) {
+ result = spoolss_create_default_devmode(mem_ctx,
+ info2->printername,
+ &r->devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else {
+ r->devmode = NULL;
DEBUG(8,("Returning NULL Devicemode!\n"));
}
--
Samba Shared Repository
