The branch, master has been updated
via e9eb263... s3-spoolss: Make sure we convert a 4 byte value to
uint32_t.
via 043c6f4... s3-spoolss: Fixed setting driver version correctly.
via 33d1879... pidl: Samba3/ClientNDR - Correctly copy arrays, if
r.out.size < r.in.size.
from 8f0c863... s3: fail db_open_ctdb if ctdb is not around
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e9eb263391b2be16924b7e6ea935fdf44b1a0ead
Author: Andreas Schneider <[email protected]>
Date: Fri Aug 6 13:49:37 2010 +0200
s3-spoolss: Make sure we convert a 4 byte value to uint32_t.
commit 043c6f46583fac13588baf207582a08cfa802a28
Author: Andreas Schneider <[email protected]>
Date: Fri Aug 6 13:49:01 2010 +0200
s3-spoolss: Fixed setting driver version correctly.
We are in a loop here, so setting tmp to 0 at the beginning of each
iteration sets info8->version to 0 if we enumerate over another value.
commit 33d1879d5b50e2d98c1bb13b835e7cfb178e3336
Author: Stefan Metzmacher <[email protected]>
Date: Thu Aug 5 10:04:57 2010 +0200
pidl: Samba3/ClientNDR - Correctly copy arrays, if r.out.size < r.in.size.
metze
Signed-off-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm | 56 ++++++++++++++++++++++++++-----
source3/rpc_server/srv_spoolss_util.c | 6 ++-
2 files changed, 51 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
index 68579d2..1738424 100644
--- a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
+++ b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
@@ -15,7 +15,7 @@ use strict;
use Parse::Pidl qw(fatal warning error);
use Parse::Pidl::Util qw(has_property ParseExpr);
use Parse::Pidl::Samba4 qw(DeclLong);
-use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv);
+use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv
GenerateFunctionOutEnv);
use vars qw($VERSION);
$VERSION = '0.01';
@@ -71,12 +71,27 @@ sub HeaderProperties($$)
}
}
-sub ParseOutputArgument($$$;$$)
+sub ParseInvalidResponse($$)
{
- my ($self, $fn, $e, $r, $o) = @_;
+ my ($self, $type) = @_;
+
+ if ($type eq "sync") {
+ $self->pidl("return NT_STATUS_INVALID_NETWORK_RESPONSE;");
+ } elsif ($type eq "async") {
+ $self->pidl("tevent_req_nterror(req,
NT_STATUS_INVALID_NETWORK_RESPONSE);");
+ $self->pidl("return;");
+ } else {
+ die("ParseInvalidResponse($type)");
+ }
+}
+
+sub ParseOutputArgument($$$;$$$)
+{
+ my ($self, $fn, $e, $r, $o, $invalid_response_type) = @_;
my $level = 0;
$r = "r." unless defined($r);
$o = "" unless defined($o);
+ $invalid_response_type = "sync" unless defined($invalid_response_type);
if ($e->{LEVELS}[0]->{TYPE} ne "POINTER" and $e->{LEVELS}[0]->{TYPE} ne
"ARRAY") {
$self->pidl("return NT_STATUS_NOT_SUPPORTED;");
@@ -97,17 +112,37 @@ sub ParseOutputArgument($$$;$$)
# Since the data is being copied into a user-provided data
# structure, the user should be able to know the size
beforehand
# to allocate a structure of the right size.
- my $env = GenerateFunctionInEnv($fn, $r);
+ my $in_env = GenerateFunctionInEnv($fn, $r);
+ my $out_env = GenerateFunctionOutEnv($fn, $r);
my $l = $e->{LEVELS}[$level];
unless (defined($l->{SIZE_IS})) {
- error($e->{ORIGINAL}, "no size known for [out] array
`$e->{NAME}'");
$self->pidl('#error No size known for [out] array
`$e->{NAME}');
+ error($e->{ORIGINAL}, "no size known for [out] array
`$e->{NAME}'");
} else {
- my $size_is = ParseExpr($l->{SIZE_IS}, $env,
$e->{ORIGINAL});
+ my $in_size_is = ParseExpr($l->{SIZE_IS}, $in_env,
$e->{ORIGINAL});
+ my $out_size_is = ParseExpr($l->{SIZE_IS}, $out_env,
$e->{ORIGINAL});
+ my $out_length_is = $out_size_is;
+ if (defined($l->{LENGTH_IS})) {
+ $out_length_is = ParseExpr($l->{LENGTH_IS},
$out_env, $e->{ORIGINAL});
+ }
+ if ($out_size_is ne $in_size_is) {
+ $self->pidl("if (($out_size_is) >
($in_size_is)) {");
+ $self->indent;
+
$self->ParseInvalidResponse($invalid_response_type);
+ $self->deindent;
+ $self->pidl("}");
+ }
+ if ($out_length_is ne $out_size_is) {
+ $self->pidl("if (($out_length_is) >
($out_size_is)) {");
+ $self->indent;
+
$self->ParseInvalidResponse($invalid_response_type);
+ $self->deindent;
+ $self->pidl("}");
+ }
if (has_property($e, "charset")) {
- $self->pidl("memcpy(discard_const_p(uint8_t *,
$o$e->{NAME}), ${r}out.$e->{NAME}, ($size_is) * sizeof(*$o$e->{NAME}));");
+ $self->pidl("memcpy(discard_const_p(uint8_t *,
$o$e->{NAME}), ${r}out.$e->{NAME}, ($out_length_is) * sizeof(*$o$e->{NAME}));");
} else {
- $self->pidl("memcpy($o$e->{NAME},
${r}out.$e->{NAME}, ($size_is) * sizeof(*$o$e->{NAME}));");
+ $self->pidl("memcpy($o$e->{NAME},
${r}out.$e->{NAME}, ($out_length_is) * sizeof(*$o$e->{NAME}));");
}
}
} else {
@@ -281,7 +316,10 @@ sub ParseFunctionAsyncDone($$$)
foreach my $e (@{$fn->{ELEMENTS}}) {
next unless (grep(/out/, @{$e->{DIRECTION}}));
- $self->ParseOutputArgument($fn, $e, "state->tmp.",
"state->orig.out.");
+ $self->ParseOutputArgument($fn, $e,
+ "state->tmp.",
+ "state->orig.out.",
+ "async");
}
$self->pidl("");
diff --git a/source3/rpc_server/srv_spoolss_util.c
b/source3/rpc_server/srv_spoolss_util.c
index 076e2da..f8b29fc 100644
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -1110,7 +1110,7 @@ static WERROR winreg_enumval_to_dword(TALLOC_CTX *mem_ctx,
return WERR_INVALID_DATATYPE;
}
- if (v->data_length == 0) {
+ if (v->data_length != 4) {
*dw = 0;
return WERR_OK;
}
@@ -4053,8 +4053,10 @@ WERROR winreg_get_driver(TALLOC_CTX *mem_ctx,
result = winreg_enumval_to_dword(info8, v,
"Version",
&tmp);
+ if (NT_STATUS_IS_OK(result)) {
+ info8->version = (enum spoolss_DriverOSVersion) tmp;
+ }
CHECK_ERROR(result);
- info8->version = tmp;
result = winreg_enumval_to_sz(info8, v,
"Driver",
--
Samba Shared Repository
