Author: jerry Date: 2006-07-25 22:20:56 +0000 (Tue, 25 Jul 2006) New Revision: 1019
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1019 Log: add jeremy's memory leak fix in the EnumJobs() server code Added: trunk/patches/patch-3.0.23a-bug3962.patch Modified: trunk/patches/index.html trunk/patches/series-3.0.23a Changeset: Modified: trunk/patches/index.html =================================================================== --- trunk/patches/index.html 2006-07-25 21:18:49 UTC (rev 1018) +++ trunk/patches/index.html 2006-07-25 22:20:56 UTC (rev 1019) @@ -56,6 +56,11 @@ <td>Fix bad IP assignment in DC lookups and extended delays in CLDAP queries when configured for "security = ads"</td> </tr> + <tr> + <tr> + <td><a href="/samba/patches/patch-3.0.23a-bug3962.patch">BUG 3962</a></td> + <td>Fix memory leaks in EnumJobs() server implementation</td> + </tr> </tbody> </table> Added: trunk/patches/patch-3.0.23a-bug3962.patch =================================================================== --- trunk/patches/patch-3.0.23a-bug3962.patch 2006-07-25 21:18:49 UTC (rev 1018) +++ trunk/patches/patch-3.0.23a-bug3962.patch 2006-07-25 22:20:56 UTC (rev 1019) @@ -0,0 +1,170 @@ +diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23a/source/rpc_server/srv_spoolss_nt.c samba-3.0.23a-patched/source/rpc_server/srv_spoolss_nt.c +--- samba-3.0.23a/source/rpc_server/srv_spoolss_nt.c 2006-06-09 14:30:31.000000000 -0500 ++++ samba-3.0.23a-patched/source/rpc_server/srv_spoolss_nt.c 2006-07-25 17:08:06.000000000 -0500 +@@ -441,7 +441,7 @@ + const char *servername; + fstring sname; + BOOL found=False; +- NT_PRINTER_INFO_LEVEL *printer; ++ NT_PRINTER_INFO_LEVEL *printer = NULL; + WERROR result; + + DEBUG(4,("Setting printer name=%s (len=%lu)\n", handlename, (unsigned long)strlen(handlename))); +@@ -532,6 +532,7 @@ + printername++; + + if ( strequal(printername, aprinter) ) { ++ free_a_printer( &printer, 2); + found = True; + break; + } +@@ -541,6 +542,8 @@ + free_a_printer( &printer, 2); + } + ++ free_a_printer( &printer, 2); ++ + if ( !found ) { + DEBUGADD(4,("Printer not found\n")); + return False; +@@ -3560,6 +3563,7 @@ + + if((info->data=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) { + DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n")); ++ free_a_printer(&printer, 2); + return False; + } + +@@ -4190,6 +4194,7 @@ + *pp_printer = NULL; + if ((printer = SMB_MALLOC_P(PRINTER_INFO_3)) == NULL) { + DEBUG(2,("construct_printer_info_3: malloc fail.\n")); ++ free_a_printer(&ntprinter, 2); + return False; + } + +@@ -4992,8 +4997,10 @@ + if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) + return WERR_INVALID_PRINTER_NAME; + +- if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) ++ if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) { ++ free_a_printer(&printer, 2); + return WERR_UNKNOWN_PRINTER_DRIVER; ++ } + + fill_printer_driver_info_1(info, driver, servername, architecture); + +@@ -5052,8 +5059,10 @@ + if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) + return WERR_INVALID_PRINTER_NAME; + +- if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) ++ if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) { ++ free_a_printer(&printer, 2); + return WERR_UNKNOWN_PRINTER_DRIVER; ++ } + + fill_printer_driver_info_2(info, driver, servername); + +@@ -6402,9 +6411,9 @@ + /**************************************************************************** + ****************************************************************************/ + +-static void fill_job_info_1(JOB_INFO_1 *job_info, print_queue_struct *queue, ++static void fill_job_info_1(JOB_INFO_1 *job_info, const print_queue_struct *queue, + int position, int snum, +- NT_PRINTER_INFO_LEVEL *ntprinter) ++ const NT_PRINTER_INFO_LEVEL *ntprinter) + { + struct tm *t; + +@@ -6429,9 +6438,9 @@ + /**************************************************************************** + ****************************************************************************/ + +-static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, ++static BOOL fill_job_info_2(JOB_INFO_2 *job_info, const print_queue_struct *queue, + int position, int snum, +- NT_PRINTER_INFO_LEVEL *ntprinter, ++ const NT_PRINTER_INFO_LEVEL *ntprinter, + DEVICEMODE *devmode) + { + struct tm *t; +@@ -6474,8 +6483,8 @@ + Enumjobs at level 1. + ****************************************************************************/ + +-static WERROR enumjobs_level1(print_queue_struct *queue, int snum, +- NT_PRINTER_INFO_LEVEL *ntprinter, ++static WERROR enumjobs_level1(const print_queue_struct *queue, int snum, ++ const NT_PRINTER_INFO_LEVEL *ntprinter, + RPC_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) + { +@@ -6485,7 +6494,6 @@ + + info=SMB_MALLOC_ARRAY(JOB_INFO_1,*returned); + if (info==NULL) { +- SAFE_FREE(queue); + *returned=0; + return WERR_NOMEM; + } +@@ -6493,8 +6501,6 @@ + for (i=0; i<*returned; i++) + fill_job_info_1( &info[i], &queue[i], i, snum, ntprinter ); + +- SAFE_FREE(queue); +- + /* check the required size. */ + for (i=0; i<*returned; i++) + (*needed) += spoolss_size_job_info_1(&info[i]); +@@ -6527,8 +6533,8 @@ + Enumjobs at level 2. + ****************************************************************************/ + +-static WERROR enumjobs_level2(print_queue_struct *queue, int snum, +- NT_PRINTER_INFO_LEVEL *ntprinter, ++static WERROR enumjobs_level2(const print_queue_struct *queue, int snum, ++ const NT_PRINTER_INFO_LEVEL *ntprinter, + RPC_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) + { +@@ -6549,9 +6555,6 @@ + for (i=0; i<*returned; i++) + fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter, devmode); + +- free_a_printer(&ntprinter, 2); +- SAFE_FREE(queue); +- + /* check the required size. */ + for (i=0; i<*returned; i++) + (*needed) += spoolss_size_job_info_2(&info[i]); +@@ -6627,22 +6630,24 @@ + + if (*returned == 0) { + SAFE_FREE(queue); ++ free_a_printer(&ntprinter, 2); + return WERR_OK; + } + + switch (level) { + case 1: + wret = enumjobs_level1(queue, snum, ntprinter, buffer, offered, needed, returned); +- return wret; ++ break; + case 2: + wret = enumjobs_level2(queue, snum, ntprinter, buffer, offered, needed, returned); +- return wret; ++ break; + default: +- SAFE_FREE(queue); + *returned=0; + wret = WERR_UNKNOWN_LEVEL; ++ break; + } + ++ SAFE_FREE(queue); + free_a_printer( &ntprinter, 2 ); + return wret; + } Modified: trunk/patches/series-3.0.23a =================================================================== --- trunk/patches/series-3.0.23a 2006-07-25 21:18:49 UTC (rev 1018) +++ trunk/patches/series-3.0.23a 2006-07-25 22:20:56 UTC (rev 1019) @@ -5,3 +5,4 @@ patch-3.0.23a-lookup_dc_ads.patch patch-3.0.23a-samr_alias.patch +patch-3.0.23a-bug3962.patch