The branch, v3-6-test has been updated
via b136cfd... idl: Fixed a possible crash bug. (cherry picked from
commit b6e9d8d406974ec2f4593fd0147113fe86b883f9)
via bf41bc2... s3-spoolss: Fixed a segfault if a value has no data.
(cherry picked from commit d3fff4590420a3b2d1858e6c8dbaf4df93447a46)
via 1be4066... s3-spoolss: Move some debug message to a higher level.
(cherry picked from commit 307bd439d7f5df828923189c02fcbe30124d1e01)
via a1c3a82... s3-spoolss: Fixed some C++ build warnings. (cherry
picked from commit 4412bafa4460bbafe2170f980e8ce88937422529)
via d4e29ee... s3-spoolss: Use a stackframe to allocat memory.
from 3064482... s4-smbtorture: remove another old and now invalid s3
special case during spoolss testing.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit b136cfd93512af6a69eaa80ffd8000d18d3a6254
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 2 18:32:40 2010 +0200
idl: Fixed a possible crash bug.
(cherry picked from commit b6e9d8d406974ec2f4593fd0147113fe86b883f9)
commit bf41bc2b4250e1c455ea05383c0f40026d31389a
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 2 13:49:59 2010 +0200
s3-spoolss: Fixed a segfault if a value has no data.
(cherry picked from commit d3fff4590420a3b2d1858e6c8dbaf4df93447a46)
commit 1be40662b854b9cc9bb6f125961727b474da2a8e
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 2 13:21:47 2010 +0200
s3-spoolss: Move some debug message to a higher level.
(cherry picked from commit 307bd439d7f5df828923189c02fcbe30124d1e01)
commit a1c3a82a576f9e8539532328c8ca380fcc880704
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 2 12:38:57 2010 +0200
s3-spoolss: Fixed some C++ build warnings.
(cherry picked from commit 4412bafa4460bbafe2170f980e8ce88937422529)
commit d4e29ee9235ec59457dcfbd5878946bf40ab4ff3
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 2 12:09:03 2010 +0200
s3-spoolss: Use a stackframe to allocat memory.
This is faster and should be more secure to use if something goes wrong.
(cherry picked from commit 772fbce9ffd7ec9de7d33e29d96852dce7f35c43)
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/winreg.idl | 2 +-
source3/rpc_server/srv_spoolss_nt.c | 2 +-
source3/rpc_server/srv_spoolss_util.c | 75 +++++++++++++++++----------------
3 files changed, 41 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index c3e5279..48fddb7 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -188,7 +188,7 @@ import "lsa.idl", "security.idl", "misc.idl";
[in] uint32 enum_index,
[in,out,ref] winreg_ValNameBuf *name,
[in,out,unique] winreg_Type *type,
- [in,out,unique,size_is(*size),length_is(*length)] uint8 *value,
+ [in,out,unique,size_is(size ? *size : 0),length_is(length ?
*length : 0),range(0,0x4000000)] uint8 *value,
[in,out,unique] uint32 *size,
[in,out,unique] uint32 *length
);
diff --git a/source3/rpc_server/srv_spoolss_nt.c
b/source3/rpc_server/srv_spoolss_nt.c
index 1d9632f..b62a7c0 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -528,7 +528,7 @@ static bool set_printer_hnd_name(TALLOC_CTX *mem_ctx,
sname,
&info2);
if ( !W_ERROR_IS_OK(result) ) {
- DEBUG(0,("set_printer_hnd_name: failed to lookup
printer [%s] -- result [%s]\n",
+ DEBUG(2,("set_printer_hnd_name: failed to lookup
printer [%s] -- result [%s]\n",
sname, win_errstr(result)));
continue;
}
diff --git a/source3/rpc_server/srv_spoolss_util.c
b/source3/rpc_server/srv_spoolss_util.c
index 768171a..819a1dd 100644
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -397,7 +397,7 @@ static WERROR winreg_printer_enumvalues(TALLOC_CTX *mem_ctx,
WERROR result = WERR_OK;
NTSTATUS status;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -443,7 +443,7 @@ static WERROR winreg_printer_enumvalues(TALLOC_CTX *mem_ctx,
struct spoolss_PrinterEnumValues val;
struct winreg_ValNameBuf name_buf;
enum winreg_Type type = REG_NONE;
- uint8_t *data = NULL;
+ uint8_t *data;
uint32_t data_size;
uint32_t length;
char n = '\0';;
@@ -453,7 +453,10 @@ static WERROR winreg_printer_enumvalues(TALLOC_CTX
*mem_ctx,
name_buf.length = 0;
data_size = max_valbufsize;
- data = (uint8_t *) TALLOC(tmp_ctx, data_size);
+ data = NULL;
+ if (data_size) {
+ data = (uint8_t *) TALLOC(tmp_ctx, data_size);
+ }
length = 0;
status = rpccli_winreg_EnumValue(pipe_handle,
@@ -463,7 +466,7 @@ static WERROR winreg_printer_enumvalues(TALLOC_CTX *mem_ctx,
&name_buf,
&type,
data,
- &data_size,
+ data_size ? &data_size : NULL,
&length,
&result);
if (W_ERROR_EQUAL(result, WERR_NO_MORE_ITEMS) ) {
@@ -557,7 +560,7 @@ static WERROR winreg_printer_enumkeys(TALLOC_CTX *mem_ctx,
WERROR result = WERR_OK;
NTSTATUS status;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -1323,7 +1326,7 @@ WERROR winreg_create_printer(TALLOC_CTX *mem_ctx,
WERROR result = WERR_OK;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -1630,7 +1633,7 @@ WERROR winreg_update_printer(TALLOC_CTX *mem_ctx,
WERROR result = WERR_OK;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -1962,7 +1965,7 @@ WERROR winreg_get_printer(TALLOC_CTX *mem_ctx,
WERROR result = WERR_OK;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -1983,7 +1986,7 @@ WERROR winreg_get_printer(TALLOC_CTX *mem_ctx,
&hive_hnd,
&key_hnd);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0, ("winreg_get_printer: Could not open key %s: %s\n",
+ DEBUG(2, ("winreg_get_printer: Could not open key %s: %s\n",
path, win_errstr(result)));
goto done;
}
@@ -2251,7 +2254,7 @@ WERROR winreg_get_printer_secdesc(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx;
WERROR result;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2407,7 +2410,7 @@ WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx;
WERROR result;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2533,7 +2536,7 @@ WERROR winreg_set_printer_dataex(TALLOC_CTX *mem_ctx,
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2621,7 +2624,7 @@ WERROR winreg_get_printer_dataex(TALLOC_CTX *mem_ctx,
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2645,7 +2648,7 @@ WERROR winreg_get_printer_dataex(TALLOC_CTX *mem_ctx,
&hive_hnd,
&key_hnd);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0, ("winreg_get_printer_dataex: Could not open key %s:
%s\n",
+ DEBUG(2, ("winreg_get_printer_dataex: Could not open key %s:
%s\n",
key, win_errstr(result)));
goto done;
}
@@ -2741,7 +2744,7 @@ WERROR winreg_enum_printer_dataex(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2762,7 +2765,7 @@ WERROR winreg_enum_printer_dataex(TALLOC_CTX *mem_ctx,
&hive_hnd,
&key_hnd);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0, ("winreg_enum_printer_dataex: Could not open key %s:
%s\n",
+ DEBUG(2, ("winreg_enum_printer_dataex: Could not open key %s:
%s\n",
key, win_errstr(result)));
goto done;
}
@@ -2815,7 +2818,7 @@ WERROR winreg_delete_printer_dataex(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2894,7 +2897,7 @@ WERROR winreg_enum_printer_key(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -2918,7 +2921,7 @@ WERROR winreg_enum_printer_key(TALLOC_CTX *mem_ctx,
&hive_hnd,
&key_hnd);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0, ("winreg_enum_printer_key: Could not open key %s:
%s\n",
+ DEBUG(2, ("winreg_enum_printer_key: Could not open key %s:
%s\n",
key, win_errstr(result)));
goto done;
}
@@ -2968,7 +2971,7 @@ WERROR winreg_delete_printer_key(TALLOC_CTX *mem_ctx,
WERROR result;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3053,7 +3056,7 @@ WERROR winreg_printer_update_changeid(TALLOC_CTX *mem_ctx,
WERROR result;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3119,7 +3122,7 @@ WERROR winreg_printer_get_changeid(TALLOC_CTX *mem_ctx,
WERROR result;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3143,7 +3146,7 @@ WERROR winreg_printer_get_changeid(TALLOC_CTX *mem_ctx,
&hive_hnd,
&key_hnd);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0, ("winreg_printer_get_changeid: Could not open key %s:
%s\n",
+ DEBUG(2, ("winreg_printer_get_changeid: Could not open key %s:
%s\n",
path, win_errstr(result)));
goto done;
}
@@ -3200,7 +3203,7 @@ WERROR winreg_printer_addform1(TALLOC_CTX *mem_ctx,
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3300,7 +3303,7 @@ WERROR winreg_printer_enumforms1(TALLOC_CTX *mem_ctx,
WERROR result;
TALLOC_CTX *tmp_ctx;
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3373,7 +3376,7 @@ WERROR winreg_printer_enumforms1(TALLOC_CTX *mem_ctx,
val.info1.area.right = IVAL(enum_values[i].data->data, 16);
val.info1.area.bottom = IVAL(enum_values[i].data->data, 20);
/* skip form index IVAL(enum_values[i].data->data, 24)));*/
- val.info1.flags = IVAL(enum_values[i].data->data, 28);
+ val.info1.flags = (enum spoolss_FormFlags)
IVAL(enum_values[i].data->data, 28);
info[i + num_builtin] = val;
}
@@ -3418,7 +3421,7 @@ WERROR winreg_printer_deleteform1(TALLOC_CTX *mem_ctx,
}
}
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3503,7 +3506,7 @@ WERROR winreg_printer_setform1(TALLOC_CTX *mem_ctx,
}
}
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3608,7 +3611,7 @@ WERROR winreg_printer_getform1(TALLOC_CTX *mem_ctx,
}
}
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3626,7 +3629,7 @@ WERROR winreg_printer_getform1(TALLOC_CTX *mem_ctx,
&hive_hnd,
&key_hnd);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0, ("winreg_printer_getform1: Could not open key %s:
%s\n",
+ DEBUG(2, ("winreg_printer_getform1: Could not open key %s:
%s\n",
TOP_LEVEL_CONTROL_FORMS_KEY, win_errstr(result)));
goto done;
}
@@ -3696,7 +3699,7 @@ WERROR winreg_printer_getform1(TALLOC_CTX *mem_ctx,
r->area.right = IVAL(data_in, 16);
r->area.bottom = IVAL(data_in, 20);
/* skip index IVAL(data_in, 24)));*/
- r->flags = IVAL(data_in, 28);
+ r->flags = (enum spoolss_FormFlags) IVAL(data_in, 28);
result = WERR_OK;
done:
@@ -3735,7 +3738,7 @@ WERROR winreg_add_driver(TALLOC_CTX *mem_ctx,
goto done;
}
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -3959,7 +3962,7 @@ WERROR winreg_get_driver(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(key_hnd);
ZERO_STRUCT(i8);
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -4046,7 +4049,7 @@ WERROR winreg_get_driver(TALLOC_CTX *mem_ctx,
result = winreg_enumval_to_dword(info8, v,
"Version",
- &info8->version);
+ (uint32_t *) &info8->version);
CHECK_ERROR(result);
result = winreg_enumval_to_sz(info8, v,
@@ -4214,7 +4217,7 @@ WERROR winreg_del_driver(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(hive_hnd);
ZERO_STRUCT(key_hnd);
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
@@ -4305,7 +4308,7 @@ WERROR winreg_get_driver_list(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(hive_hnd);
ZERO_STRUCT(key_hnd);
- tmp_ctx = talloc_new(mem_ctx);
+ tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
--
Samba Shared Repository
