diff options
| author | Jeremy Allison <jra@samba.org> | 2001-03-06 06:41:34 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-03-06 06:41:34 +0000 |
| commit | fc3b5bb1e747a93939b4dc09d80e4feff4502faf (patch) | |
| tree | e4ef472434a8b5fbacf20c0a6bbdd1c9f5b7a660 | |
| parent | f9078141f9ed2ea08f52935f21fd246163bcf6e1 (diff) | |
| download | samba-fc3b5bb1e747a93939b4dc09d80e4feff4502faf.tar.gz samba-fc3b5bb1e747a93939b4dc09d80e4feff4502faf.tar.xz samba-fc3b5bb1e747a93939b4dc09d80e4feff4502faf.zip | |
Roll back the 2.2 code using talloc_realloc to the HEAD code (which
is more efficient although less elegant).
Jeremy.
| -rw-r--r-- | source/include/proto.h | 8 | ||||
| -rw-r--r-- | source/lib/talloc.c | 132 | ||||
| -rw-r--r-- | source/printing/nt_printing.c | 60 | ||||
| -rwxr-xr-x | source/rpc_server/srv_spoolss.c | 9 | ||||
| -rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 266 |
5 files changed, 203 insertions, 272 deletions
diff --git a/source/include/proto.h b/source/include/proto.h index 46d858df1a6..db86dd824e8 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -377,7 +377,6 @@ void talloc_destroy(TALLOC_CTX *t); size_t talloc_pool_size(TALLOC_CTX *t); void *talloc_zero(TALLOC_CTX *t, size_t size); void *talloc_memdup(TALLOC_CTX *t, void *p, size_t size); -void *talloc_realloc(TALLOC_CTX *t, void *p, size_t size); /*The following definitions come from lib/time.c */ @@ -1862,12 +1861,12 @@ BOOL parse_lpq_entry(int snum,char *line, /*The following definitions come from printing/nt_printing.c */ BOOL nt_printing_init(void); -int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list); +int get_ntforms(nt_forms_struct **list); int write_ntforms(nt_forms_struct **list, int number); -BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count); +BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count); BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret); void update_a_form(nt_forms_struct **list, const FORM *form, int count); -int get_ntdrivers(TALLOC_CTX *ctx, fstring **list, char *architecture, uint32 version); +int get_ntdrivers(fstring **list, char *architecture, uint32 version); BOOL get_short_archi(char *short_archi, char *long_archi); uint32 clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user); @@ -3566,6 +3565,7 @@ void reset_chain_p(void); void init_rpc_pipe_hnd(void); pipes_struct *open_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid); +void free_pipe_context(pipes_struct *p); ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n); ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n); BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority); diff --git a/source/lib/talloc.c b/source/lib/talloc.c index d8f6458983c..54a3d8ed769 100644 --- a/source/lib/talloc.c +++ b/source/lib/talloc.c @@ -3,7 +3,6 @@ Version 3.0 Samba temporary memory allocation functions Copyright (C) Andrew Tridgell 2000 - Copyright (C) Jeremy Allison 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -53,31 +52,10 @@ TALLOC_CTX *talloc_init(void) return t; } -static int make_new_chunk(TALLOC_CTX *t, size_t size) -{ - struct talloc_chunk *c; - size_t asize = (size + (TALLOC_CHUNK_SIZE-1)) & ~(TALLOC_CHUNK_SIZE-1); - - c = (struct talloc_chunk *)malloc(sizeof(*c)); - if (!c) return 0; - c->next = t->list; - c->ptr = (void *)malloc(asize); - if (!c->ptr) { - free(c); - return 0; - } - c->alloc_size = 0; - c->total_size = asize; - t->list = c; - t->total_alloc_size += asize; - return 1; -} - /* allocate a bit of memory from the specified pool */ void *talloc(TALLOC_CTX *t, size_t size) { void *p; - char *prefix_p; if (size == 0) { /* debugging value used to track down @@ -87,31 +65,31 @@ void *talloc(TALLOC_CTX *t, size_t size) return p; } - /* Add in prefix of TALLOC_ALIGN, and ensure it's a multiple of TALLOC_ALIGN's */ - - size = (size + TALLOC_ALIGN + (TALLOC_ALIGN-1)) & ~(TALLOC_ALIGN-1); + /* normal code path */ + size = (size + (TALLOC_ALIGN-1)) & ~(TALLOC_ALIGN-1); if (!t->list || (t->list->total_size - t->list->alloc_size) < size) { - if (!make_new_chunk(t, size)) + struct talloc_chunk *c; + size_t asize = (size + (TALLOC_CHUNK_SIZE-1)) & ~(TALLOC_CHUNK_SIZE-1); + + c = (struct talloc_chunk *)malloc(sizeof(*c)); + if (!c) return NULL; + c->next = t->list; + c->ptr = (void *)malloc(asize); + if (!c->ptr) { + free(c); return NULL; + } + c->alloc_size = 0; + c->total_size = asize; + t->list = c; + t->total_alloc_size += asize; } p = ((char *)t->list->ptr) + t->list->alloc_size; - - /* Ensure the prefix is recognisable. */ - - prefix_p = (char *)p; - - memset(prefix_p + sizeof(size_t) + sizeof(t->list), 0xff, TALLOC_ALIGN - (sizeof(size_t) + sizeof(t->list))); - - /* Setup the legth and back pointer prefix. */ - - memcpy(prefix_p, &size, sizeof(size_t)); - memcpy(prefix_p + sizeof(size_t), &t->list, sizeof(t->list)); - - p = ((char *)t->list->ptr) + t->list->alloc_size + TALLOC_ALIGN; t->list->alloc_size += size; + return p; } @@ -174,79 +152,3 @@ void *talloc_memdup(TALLOC_CTX *t, void *p, size_t size) return newp; } - -/* simple talloc with realloc. */ -void *talloc_realloc(TALLOC_CTX *t, void *p, size_t size) -{ - char *base_p; - struct talloc_chunk *c; - size_t internal_current_size; - size_t internal_new_size; - - /* Freeing is easy. */ - - if (size == 0) - return NULL; - - /* An ordinary allocation. */ - - if (!p) - return talloc(t, size); - - /* Work with the real size including the TALLOC_ALIGN prefix. */ - - internal_new_size = (size + TALLOC_ALIGN + (TALLOC_ALIGN-1)) & ~(TALLOC_ALIGN-1); - - /* Get the legth and back pointer prefix. */ - - base_p = ((char *)p) - TALLOC_ALIGN; - memcpy(&internal_current_size, base_p, sizeof(size_t)); - memcpy(&c, base_p + sizeof(size_t), sizeof(c)); - - /* Don't do anything on shrink. */ - - if (internal_new_size <= internal_current_size) - return p; - - if (c->ptr == base_p && c->alloc_size == internal_current_size) { - /* We are alone in this chunk. Use standard realloc. */ - c->ptr = realloc(c->ptr, internal_new_size); - if (!c->ptr) - return NULL; - - /* ensure this new chunk is not used for anything else. */ - c->alloc_size = internal_new_size; - c->total_size = internal_new_size; - memcpy(c->ptr, &internal_new_size, sizeof(size_t)); - - t->total_alloc_size += (internal_new_size - internal_current_size); - - return ((char *)c->ptr) + TALLOC_ALIGN; - } - - /* We are part of another chunk. Create a new chunk and move out. */ - if (!make_new_chunk(t, internal_new_size)) - return NULL; - - c = t->list; - - base_p = (char *)c->ptr; - - /* Ensure the prefix is recognisable. */ - - memset(base_p + sizeof(size_t) + sizeof(t->list), 0xff, TALLOC_ALIGN - (sizeof(size_t) + sizeof(t->list))); - - /* Setup the legth and back pointer prefix. */ - - memcpy(base_p, &internal_new_size, sizeof(size_t)); - memcpy(base_p + sizeof(size_t), &t->list, sizeof(t->list)); - - /* Copy the old data. */ - memcpy(base_p + TALLOC_ALIGN, p, internal_current_size - TALLOC_ALIGN); - - p = base_p + TALLOC_ALIGN; - c->alloc_size = internal_new_size; - c->total_size = internal_new_size; - - return p; -} diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 67455b39745..278e1d50b2b 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -51,10 +51,10 @@ static nt_forms_struct default_forms[] = { {"Letter", 0x2, 0x34b5b, 0x44367, 0x0, 0x0, 0x34b5b, 0x44367}, }; + /**************************************************************************** open the NT printing tdb ****************************************************************************/ - BOOL nt_printing_init(void) { static pid_t local_pid; @@ -80,15 +80,14 @@ BOOL nt_printing_init(void) return True; } + /**************************************************************************** -get a form struct list. Returns talloc'ed memory. +get a form struct list ****************************************************************************/ - -int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) +int get_ntforms(nt_forms_struct **list) { TDB_DATA kbuf, newkey, dbuf; nt_forms_struct form; - nt_forms_struct *list_p = NULL; int ret; int i; int n = 0; @@ -110,25 +109,18 @@ int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) /* allocate space and populate the list in correct order */ if (i+1 > n) { - list_p = talloc_realloc(ctx, list_p, sizeof(nt_forms_struct)*(i+1)); - if (!list_p) - return 0; + *list = Realloc(*list, sizeof(nt_forms_struct)*(i+1)); n = i+1; } - list_p[i] = form; + (*list)[i] = form; } /* we should never return a null forms list or NT gets unhappy */ if (n == 0) { - list_p = (nt_forms_struct *)talloc_memdup(ctx, &default_forms[0], sizeof(default_forms)); - if (!list_p) - return 0; + *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); n = sizeof(default_forms) / sizeof(default_forms[0]); } - *list = list_p; - if (!*list) - return 0; return n; } @@ -136,7 +128,6 @@ int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) /**************************************************************************** write a form struct list ****************************************************************************/ - int write_ntforms(nt_forms_struct **list, int number) { pstring buf, key; @@ -150,26 +141,23 @@ int write_ntforms(nt_forms_struct **list, int number) i, (*list)[i].flag, (*list)[i].width, (*list)[i].length, (*list)[i].left, (*list)[i].top, (*list)[i].right, (*list)[i].bottom); - if (len > sizeof(buf)) - break; + if (len > sizeof(buf)) break; slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[i].name); dos_to_unix(key, True); /* Convert key to unix-codepage */ kbuf.dsize = strlen(key)+1; kbuf.dptr = key; dbuf.dsize = len; dbuf.dptr = buf; - if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) - break; - } + if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) break; + } - return i; + return i; } /**************************************************************************** add a form struct at the end of the list ****************************************************************************/ - -BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count) +BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) { int n=0; BOOL update; @@ -193,14 +181,8 @@ BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int * } if (update==False) { - /* We can't realloc a talloc memory area. */ - nt_forms_struct *new_list = (nt_forms_struct *)talloc(ctx, (n+1)*sizeof(nt_forms_struct) ); - if (!new_list) + if((*list=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) return False; - - memcpy(new_list, *list, n*sizeof(nt_forms_struct) ); - *list = new_list; - unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1); (*count)++; } @@ -219,7 +201,6 @@ BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int * /**************************************************************************** delete a named form struct ****************************************************************************/ - BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret) { pstring key; @@ -268,7 +249,6 @@ BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 /**************************************************************************** update a form struct ****************************************************************************/ - void update_a_form(nt_forms_struct **list, const FORM *form, int count) { int n=0; @@ -276,7 +256,8 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count) unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1); DEBUG(106, ("[%s]\n", form_name)); - for (n=0; n<count; n++) { + for (n=0; n<count; n++) + { DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name)); if (!strncmp((*list)[n].name, form_name, strlen(form_name))) break; @@ -298,8 +279,7 @@ get the nt drivers list traverse the database and look-up the matching names ****************************************************************************/ - -int get_ntdrivers(TALLOC_CTX *ctx, fstring **list, char *architecture, uint32 version) +int get_ntdrivers(fstring **list, char *architecture, uint32 version) { int total=0; fstring short_archi; @@ -314,7 +294,7 @@ int get_ntdrivers(TALLOC_CTX *ctx, fstring **list, char *architecture, uint32 ve newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue; - if((*list = talloc_realloc(ctx, *list, sizeof(fstring)*(total+1))) == NULL) + if((*list = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) return -1; fstrcpy((*list)[total], kbuf.dptr+strlen(key)); @@ -2160,7 +2140,7 @@ static int unpack_specifics(NT_PRINTER_PARAM **list, char *buf, int buflen) /**************************************************************************** get a default printer info 2 struct ****************************************************************************/ -static uint32 get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, char *sharename) +static uint32 get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharename) { extern pstring global_myname; int snum; @@ -2233,7 +2213,7 @@ static uint32 get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, char * /**************************************************************************** ****************************************************************************/ -static uint32 get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, char *sharename) +static uint32 get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharename) { pstring key; NT_PRINTER_INFO_LEVEL_2 info; @@ -2456,7 +2436,7 @@ uint32 add_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level) Get a NT_PRINTER_INFO_LEVEL struct. It returns malloced memory. ****************************************************************************/ -uint32 get_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, char *sharename) +uint32 get_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, fstring sharename) { uint32 result; NT_PRINTER_INFO_LEVEL *printer = NULL; diff --git a/source/rpc_server/srv_spoolss.c b/source/rpc_server/srv_spoolss.c index 00fd4f010e1..126581ba808 100755 --- a/source/rpc_server/srv_spoolss.c +++ b/source/rpc_server/srv_spoolss.c @@ -248,7 +248,11 @@ static BOOL api_spoolss_rffpcnex(pipes_struct *p) * api_spoolss_rfnpcnex * ReplyFindNextPrinterChangeNotifyEx * called from the spoolss dispatcher - * + + * Note - this is the *ONLY* function that breaks the RPC call + * symmetry in all the other calls. We need to do this to fix + * the massive memory allocation problem with thousands of jobs... + * JRA. ********************************************************************/ static BOOL api_spoolss_rfnpcnex(pipes_struct *p) @@ -269,10 +273,13 @@ static BOOL api_spoolss_rfnpcnex(pipes_struct *p) r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u); if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) { + safe_free(r_u.info.data); DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n")); return False; } + safe_free(r_u.info.data); + return True; } diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 2b5bdca5ad7..cfacb7ff7c4 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -148,7 +148,6 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp) safe_free(sp->ctr.type); free(sp); - } /**************************************************************************** @@ -289,7 +288,6 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle) /**************************************************************************** close printer index by handle ****************************************************************************/ - static BOOL close_printer_handle(POLICY_HND *hnd) { Printer_entry *Printer = find_printer_index_by_hnd(hnd); @@ -309,6 +307,7 @@ static BOOL close_printer_handle(POLICY_HND *hnd) Printer->notify.localmachine[0]='\0'; Printer->notify.printerlocal=0; free_spool_notify_option(&Printer->notify.option); + Printer->notify.option=NULL; Printer->notify.client_connected=False; clear_handle(hnd); @@ -845,13 +844,13 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* NT doesn't let us connect to a printer if the connecting user doesn't have print permission. */ + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; + /* map an empty access mask to the minimum access mask */ if (printer_default->access_required == 0x0) printer_default->access_required = PRINTER_ACCESS_USE; - if (!get_printer_snum(handle, &snum)) - return ERROR_INVALID_HANDLE; - if (!print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(handle); @@ -1112,7 +1111,6 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL /******************************************************************** GetPrinterData on a printer server Handle. ********************************************************************/ - static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size) { int i; @@ -1159,8 +1157,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 pstring string="You are using a Samba server"; *type = 0x1; *needed = 2*(strlen(string)+1); - if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) return False; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); /* it's done by hand ready to go on the wire */ for (i=0; i<strlen(string); i++) { @@ -1174,8 +1173,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 pstring string="Windows NT x86"; *type = 0x1; *needed = 2*(strlen(string)+1); - if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) return False; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); for (i=0; i<strlen(string); i++) { (*data)[2*i]=string[i]; (*data)[2*i+1]='\0'; @@ -1222,10 +1222,11 @@ static BOOL getprinterdata_printer(TALLOC_CTX *ctx, POLICY_HND *handle, DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size)); if (in_size) { - if((*data = (uint8 *)talloc_zero(ctx, in_size *sizeof(uint8) )) == NULL) { + if((*data = (uint8 *)talloc(ctx, in_size *sizeof(uint8) )) == NULL) { return False; } + memset(*data, 0, in_size *sizeof(uint8)); /* copy the min(in_size, len) */ memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8)); } else { @@ -1275,7 +1276,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO DEBUG(4,("_spoolss_getprinterdata\n")); if (!OPEN_HANDLE(Printer)) { - if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL) + if((*data=(uint8 *)malloc(4*sizeof(uint8))) == NULL) return ERROR_NOT_ENOUGH_MEMORY; DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; @@ -1365,12 +1366,12 @@ uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE } Printer->notify.flags=flags; + Printer->notify.options=options; Printer->notify.printerlocal=printerlocal; if (Printer->notify.option) free_spool_notify_option(&Printer->notify.option); - Printer->notify.options=options; Printer->notify.option=dup_spool_notify_option(option); unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1); @@ -2158,16 +2159,16 @@ static void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, info_data->enc_type = type_of_notify_info_data(type, field); } + /******************************************************************* * * fill a notify_info struct with info asked * ********************************************************************/ - static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int snum, SPOOL_NOTIFY_OPTION_TYPE *option_type, uint32 id, - TALLOC_CTX *ctx) + TALLOC_CTX *mem_ctx) { int field_num,j; uint16 type; @@ -2193,7 +2194,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int if (!search_notify(type, field, &j) ) continue; - if((info->data=talloc_realloc(ctx, info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { return False; } current_data=&info->data[info->count]; @@ -2204,7 +2205,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int notify_info_data_table[j].name, snum, printer->info_2->printername )); notify_info_data_table[j].fn(snum, current_data, queue, - printer, ctx); + printer, mem_ctx); info->count++; } @@ -2218,17 +2219,17 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int * fill a notify_info struct with info asked * ********************************************************************/ - static BOOL construct_notify_jobs_info(print_queue_struct *queue, SPOOL_NOTIFY_INFO *info, NT_PRINTER_INFO_LEVEL *printer, int snum, SPOOL_NOTIFY_OPTION_TYPE *option_type, uint32 id, - TALLOC_CTX *ctx) + TALLOC_CTX *mem_ctx) { int field_num,j; uint16 type; uint16 field; + SPOOL_NOTIFY_INFO_DATA *current_data; DEBUG(4,("construct_notify_jobs_info\n")); @@ -2245,19 +2246,15 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, if (!search_notify(type, field, &j) ) continue; - if((info->data=talloc_realloc(ctx, info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { return False; } - current_data=&info->data[info->count]; + current_data=&(info->data[info->count]); construct_info_data(current_data, type, field, id); - - DEBUG(10,("construct_notify_jobs_info: calling [%s] snum=%d printername=[%s])\n", - notify_info_data_table[j].name, snum, printer->info_2->printername )); - notify_info_data_table[j].fn(snum, current_data, queue, - printer, ctx); + printer, mem_ctx); info->count++; } @@ -2323,7 +2320,8 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, for (snum=0; snum<n_services; snum++) if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) - if (construct_notify_printer_info(info, snum, option_type, id, mem_ctx)) + if (construct_notify_printer_info + (info, snum, option_type, id, mem_ctx)) id++; } @@ -2331,7 +2329,7 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, * Debugging information, don't delete. */ /* - DEBUG(1,("printserver_notify_info: dumping the NOTIFY_INFO\n")); + DEBUG(1,("dumping the NOTIFY_INFO\n")); DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); @@ -2350,7 +2348,8 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, * fill a notify_info struct with info asked * ********************************************************************/ -static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALLOC_CTX *ctx) +static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, + TALLOC_CTX *mem_ctx) { int snum; Printer_entry *Printer=find_printer_index_by_hnd(hnd); @@ -2377,7 +2376,9 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALL switch ( option_type->type ) { case PRINTER_NOTIFY_TYPE: - if(construct_notify_printer_info(info, snum, option_type, id, ctx)) + if(construct_notify_printer_info(info, snum, + option_type, id, + mem_ctx)) id--; break; @@ -2387,7 +2388,8 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALL memset(&status, 0, sizeof(status)); count = print_queue_status(snum, &queue, &status); - if (get_a_printer(&printer, 2, lp_servicename(snum)) != 0) + if (get_a_printer(&printer, 2, + lp_servicename(snum)) != 0) goto done; for (j=0; j<count; j++) { @@ -2395,7 +2397,7 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALL printer, snum, option_type, queue[j].job, - ctx); + mem_ctx); } free_a_printer(&printer, 2); @@ -2410,17 +2412,17 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALL /* * Debugging information, don't delete. */ - - DEBUG(10,("printer_notify_info: dumping the NOTIFY_INFO\n")); - DEBUGADD(10,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); - DEBUGADD(10,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); + /* + DEBUG(1,("dumping the NOTIFY_INFO\n")); + DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); + DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); for (i=0; i<info->count; i++) { - DEBUGADD(10,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", + DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", i, info->data[i].type, info->data[i].field, info->data[i].reserved, info->data[i].id, info->data[i].size, info->data[i].enc_type)); } - + */ return NT_STATUS_NO_PROBLEMO; } @@ -2472,27 +2474,7 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN result = printer_notify_info(handle, info, p->mem_ctx); break; } - -#if 0 - /* - * The data returned in info->data is realloced. We need to - * convert to talloc for return. The data really should come - * back as a linked list, not a realloced array, as realloc can - * fail... JRA. - */ - - if (info->data) { - SPOOL_NOTIFY_INFO_DATA *new_data = (SPOOL_NOTIFY_INFO_DATA *)talloc_memdup(p->mem_ctx, - info->data, - info->count * sizeof(SPOOL_NOTIFY_INFO_DATA)); - if (!new_data) - return NT_STATUS_NO_MEMORY; - - safe_free(info->data); - info->data = new_data; - } -#endif - + done: return result; } @@ -3448,8 +3430,7 @@ static uint32 construct_printer_driver_info_2(DRIVER_INFO_2 *info, int snum, fst * * convert an array of ascii string to a UNICODE string ********************************************************************/ - -static void init_unistr_array(TALLOC_CTX *ctx, uint16 **uni_array, fstring *char_array, char *servername) +static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *servername) { int i=0; int j=0; @@ -3469,7 +3450,7 @@ static void init_unistr_array(TALLOC_CTX *ctx, uint16 **uni_array, fstring *char if (strlen(v) == 0) break; slprintf(line, sizeof(line)-1, "\\\\%s%s", servername, v); DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line))); - if((*uni_array=talloc_realloc(ctx,*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) { + if((*uni_array=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) { DEBUG(0,("init_unistr_array: Realloc error\n" )); return; } @@ -3488,8 +3469,7 @@ static void init_unistr_array(TALLOC_CTX *ctx, uint16 **uni_array, fstring *char * construct_printer_info_3 * fill a printer_info_3 struct ********************************************************************/ - -static void fill_printer_driver_info_3(TALLOC_CTX *ctx, DRIVER_INFO_3 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) +static void fill_printer_driver_info_3(DRIVER_INFO_3 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) { pstring temp; @@ -3528,15 +3508,14 @@ static void fill_printer_driver_info_3(TALLOC_CTX *ctx, DRIVER_INFO_3 *info, NT_ init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype ); info->dependentfiles=NULL; - init_unistr_array(ctx, &info->dependentfiles, driver.info_3->dependentfiles, servername); + init_unistr_array(&info->dependentfiles, driver.info_3->dependentfiles, servername); } /******************************************************************** * construct_printer_info_3 * fill a printer_info_3 struct ********************************************************************/ - -static uint32 construct_printer_driver_info_3(TALLOC_CTX *ctx, DRIVER_INFO_3 *info, int snum, fstring servername, fstring architecture, uint32 version) +static uint32 construct_printer_driver_info_3(DRIVER_INFO_3 *info, int snum, fstring servername, fstring architecture, uint32 version) { NT_PRINTER_INFO_LEVEL *printer = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; @@ -3555,7 +3534,7 @@ static uint32 construct_printer_driver_info_3(TALLOC_CTX *ctx, DRIVER_INFO_3 *in return ERROR_UNKNOWN_PRINTER_DRIVER; } - fill_printer_driver_info_3(ctx, info, driver, servername); + fill_printer_driver_info_3(info, driver, servername); free_a_printer(&printer,2); @@ -3567,7 +3546,7 @@ static uint32 construct_printer_driver_info_3(TALLOC_CTX *ctx, DRIVER_INFO_3 *in * fill a printer_info_6 struct - we know that driver is really level 3. This sucks. JRA. ********************************************************************/ -static void fill_printer_driver_info_6(TALLOC_CTX *ctx, DRIVER_INFO_6 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) +static void fill_printer_driver_info_6(DRIVER_INFO_6 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) { pstring temp; fstring nullstr; @@ -3608,10 +3587,10 @@ static void fill_printer_driver_info_6(TALLOC_CTX *ctx, DRIVER_INFO_6 *info, NT_ init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype ); info->dependentfiles=NULL; - init_unistr_array(ctx, &info->dependentfiles, driver.info_3->dependentfiles, servername); + init_unistr_array(&info->dependentfiles, driver.info_3->dependentfiles, servername); info->previousdrivernames=NULL; - init_unistr_array(ctx, &info->previousdrivernames, &nullstr, servername); + init_unistr_array(&info->previousdrivernames, &nullstr, servername); info->driver_date.low=0; info->driver_date.high=0; @@ -3630,8 +3609,7 @@ static void fill_printer_driver_info_6(TALLOC_CTX *ctx, DRIVER_INFO_6 *info, NT_ * construct_printer_info_6 * fill a printer_info_6 struct ********************************************************************/ - -static uint32 construct_printer_driver_info_6(TALLOC_CTX *ctx, DRIVER_INFO_6 *info, int snum, fstring servername, fstring architecture, uint32 version) +static uint32 construct_printer_driver_info_6(DRIVER_INFO_6 *info, int snum, fstring servername, fstring architecture, uint32 version) { NT_PRINTER_INFO_LEVEL *printer = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; @@ -3665,7 +3643,7 @@ static uint32 construct_printer_driver_info_6(TALLOC_CTX *ctx, DRIVER_INFO_6 *in } } - fill_printer_driver_info_6(ctx, info, driver, servername); + fill_printer_driver_info_6(info, driver, servername); free_a_printer(&printer,2); @@ -3675,16 +3653,33 @@ static uint32 construct_printer_driver_info_6(TALLOC_CTX *ctx, DRIVER_INFO_6 *in /**************************************************************************** ****************************************************************************/ -static uint32 getprinterdriver2_level1(TALLOC_CTX *ctx, fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static void free_printer_driver_info_3(DRIVER_INFO_3 *info) +{ + safe_free(info->dependentfiles); +} + +/**************************************************************************** +****************************************************************************/ + +static void free_printer_driver_info_6(DRIVER_INFO_6 *info) +{ + safe_free(info->dependentfiles); + +} + +/**************************************************************************** +****************************************************************************/ +static uint32 getprinterdriver2_level1(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_1 *info=NULL; uint32 status; - if((info=(DRIVER_INFO_1 *)talloc(ctx, sizeof(DRIVER_INFO_1))) == NULL) + if((info=(DRIVER_INFO_1 *)malloc(sizeof(DRIVER_INFO_1))) == NULL) return ERROR_NOT_ENOUGH_MEMORY; status=construct_printer_driver_info_1(info, snum, servername, architecture, version); if (status != NT_STATUS_NO_PROBLEMO) { + safe_free(info); return status; } @@ -3692,12 +3687,16 @@ static uint32 getprinterdriver2_level1(TALLOC_CTX *ctx, fstring servername, fstr *needed += spoolss_size_printer_driver_info_1(info); if (!alloc_buffer_size(buffer, *needed)) { + safe_free(info); return ERROR_INSUFFICIENT_BUFFER; } /* fill the buffer with the structures */ new_smb_io_printer_driver_info_1("", buffer, info, 0); + /* clear memory */ + safe_free(info); + if (*needed > offered) return ERROR_INSUFFICIENT_BUFFER; else @@ -3706,17 +3705,17 @@ static uint32 getprinterdriver2_level1(TALLOC_CTX *ctx, fstring servername, fstr /**************************************************************************** ****************************************************************************/ - -static uint32 getprinterdriver2_level2(TALLOC_CTX *ctx, fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static uint32 getprinterdriver2_level2(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_2 *info=NULL; uint32 status; - if((info=(DRIVER_INFO_2 *)talloc(ctx, sizeof(DRIVER_INFO_2))) == NULL) + if((info=(DRIVER_INFO_2 *)malloc(sizeof(DRIVER_INFO_2))) == NULL) return ERROR_NOT_ENOUGH_MEMORY; status=construct_printer_driver_info_2(info, snum, servername, architecture, version); if (status != NT_STATUS_NO_PROBLEMO) { + safe_free(info); return status; } @@ -3724,12 +3723,16 @@ static uint32 getprinterdriver2_level2(TALLOC_CTX *ctx, fstring servername, fstr *needed += spoolss_size_printer_driver_info_2(info); if (!alloc_buffer_size(buffer, *needed)) { + safe_free(info); return ERROR_INSUFFICIENT_BUFFER; } /* fill the buffer with the structures */ new_smb_io_printer_driver_info_2("", buffer, info, 0); + /* clear memory */ + safe_free(info); + if (*needed > offered) return ERROR_INSUFFICIENT_BUFFER; else @@ -3738,15 +3741,14 @@ static uint32 getprinterdriver2_level2(TALLOC_CTX *ctx, fstring servername, fstr /**************************************************************************** ****************************************************************************/ - -static uint32 getprinterdriver2_level3(TALLOC_CTX *ctx, fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static uint32 getprinterdriver2_level3(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_3 info; uint32 status; ZERO_STRUCT(info); - status=construct_printer_driver_info_3(ctx, &info, snum, servername, architecture, version); + status=construct_printer_driver_info_3(&info, snum, servername, architecture, version); if (status != NT_STATUS_NO_PROBLEMO) { return status; } @@ -3755,12 +3757,15 @@ static uint32 getprinterdriver2_level3(TALLOC_CTX *ctx, fstring servername, fstr *needed += spoolss_size_printer_driver_info_3(&info); if (!alloc_buffer_size(buffer, *needed)) { + free_printer_driver_info_3(&info); return ERROR_INSUFFICIENT_BUFFER; } /* fill the buffer with the structures */ new_smb_io_printer_driver_info_3("", buffer, &info, 0); + free_printer_driver_info_3(&info); + if (*needed > offered) return ERROR_INSUFFICIENT_BUFFER; else @@ -3769,15 +3774,14 @@ static uint32 getprinterdriver2_level3(TALLOC_CTX *ctx, fstring servername, fstr /**************************************************************************** ****************************************************************************/ - -static uint32 getprinterdriver2_level6(TALLOC_CTX *ctx, fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static uint32 getprinterdriver2_level6(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) { DRIVER_INFO_6 info; uint32 status; ZERO_STRUCT(info); - status=construct_printer_driver_info_6(ctx, &info, snum, servername, architecture, version); + status=construct_printer_driver_info_6(&info, snum, servername, architecture, version); if (status != NT_STATUS_NO_PROBLEMO) { return status; } @@ -3786,12 +3790,15 @@ static uint32 getprinterdriver2_level6(TALLOC_CTX *ctx, fstring servername, fstr *needed += spoolss_size_printer_driver_info_6(&info); if (!alloc_buffer_size(buffer, *needed)) { + free_printer_driver_info_6(&info); return ERROR_INSUFFICIENT_BUFFER; } /* fill the buffer with the structures */ new_smb_io_printer_driver_info_6("", buffer, &info, 0); + free_printer_driver_info_6(&info); + if (*needed > offered) return ERROR_INSUFFICIENT_BUFFER; else @@ -3836,13 +3843,13 @@ uint32 _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_ switch (level) { case 1: - return getprinterdriver2_level1(p->mem_ctx, servername, architecture, clientmajorversion, snum, buffer, offered, needed); + return getprinterdriver2_level1(servername, architecture, clientmajorversion, snum, buffer, offered, needed); case 2: - return getprinterdriver2_level2(p->mem_ctx, servername, architecture, clientmajorversion, snum, buffer, offered, needed); + return getprinterdriver2_level2(servername, architecture, clientmajorversion, snum, buffer, offered, needed); case 3: - return getprinterdriver2_level3(p->mem_ctx, servername, architecture, clientmajorversion, snum, buffer, offered, needed); + return getprinterdriver2_level3(servername, architecture, clientmajorversion, snum, buffer, offered, needed); case 6: - return getprinterdriver2_level6(p->mem_ctx, servername, architecture, clientmajorversion, snum, buffer, offered, needed); + return getprinterdriver2_level6(servername, architecture, clientmajorversion, snum, buffer, offered, needed); default: return ERROR_INVALID_LEVEL; } @@ -4958,8 +4965,7 @@ uint32 _spoolss_setjob(pipes_struct *p, SPOOL_Q_SETJOB *q_u, SPOOL_R_SETJOB *r_u /**************************************************************************** Enumerates all printer drivers at level 1. ****************************************************************************/ - -static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int i; int ndrivers; @@ -4975,14 +4981,15 @@ static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fst for (version=0; version<MAX_VERSION; version++) { list=NULL; - ndrivers=get_ntdrivers(ctx, &list, architecture, version); + ndrivers=get_ntdrivers(&list, architecture, version); DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version)); if(ndrivers == -1) return ERROR_NOT_ENOUGH_MEMORY; if(ndrivers != 0) { - if((driver_info_1=(DRIVER_INFO_1 *)talloc_realloc(ctx, driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) { + if((driver_info_1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) { + safe_free(list); return ERROR_NOT_ENOUGH_MEMORY; } } @@ -4992,6 +4999,7 @@ static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fst DEBUGADD(5,("\tdriver: [%s]\n", list[i])); ZERO_STRUCT(driver); if ((status = get_a_printer_driver(&driver, 3, list[i], architecture, version)) != 0) { + safe_free(list); return status; } fill_printer_driver_info_1(&driver_info_1[*returned+i], driver, servername, architecture ); @@ -4999,6 +5007,7 @@ static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fst } *returned+=ndrivers; + safe_free(list); } /* check the required size. */ @@ -5008,6 +5017,7 @@ static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fst } if (!alloc_buffer_size(buffer, *needed)) { + safe_free(driver_info_1); return ERROR_INSUFFICIENT_BUFFER; } @@ -5017,6 +5027,8 @@ static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fst new_smb_io_printer_driver_info_1("", buffer, &driver_info_1[i], 0); } + safe_free(driver_info_1); + if (*needed > offered) { *returned=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5028,8 +5040,7 @@ static uint32 enumprinterdrivers_level1(TALLOC_CTX *ctx, fstring servername, fst /**************************************************************************** Enumerates all printer drivers at level 2. ****************************************************************************/ - -static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int i; int ndrivers; @@ -5045,14 +5056,15 @@ static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fst for (version=0; version<MAX_VERSION; version++) { list=NULL; - ndrivers=get_ntdrivers(ctx, &list, architecture, version); + ndrivers=get_ntdrivers(&list, architecture, version); DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version)); if(ndrivers == -1) return ERROR_NOT_ENOUGH_MEMORY; if(ndrivers != 0) { - if((driver_info_2=(DRIVER_INFO_2 *)talloc_realloc(ctx,driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) { + if((driver_info_2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) { + safe_free(list); return ERROR_NOT_ENOUGH_MEMORY; } } @@ -5063,6 +5075,7 @@ static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fst DEBUGADD(5,("\tdriver: [%s]\n", list[i])); ZERO_STRUCT(driver); if ((status = get_a_printer_driver(&driver, 3, list[i], architecture, version)) != 0) { + safe_free(list); return status; } fill_printer_driver_info_2(&driver_info_2[*returned+i], driver, servername); @@ -5070,6 +5083,7 @@ static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fst } *returned+=ndrivers; + safe_free(list); } /* check the required size. */ @@ -5079,6 +5093,7 @@ static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fst } if (!alloc_buffer_size(buffer, *needed)) { + safe_free(driver_info_2); return ERROR_INSUFFICIENT_BUFFER; } @@ -5088,6 +5103,8 @@ static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fst new_smb_io_printer_driver_info_2("", buffer, &(driver_info_2[i]), 0); } + safe_free(driver_info_2); + if (*needed > offered) { *returned=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5099,8 +5116,7 @@ static uint32 enumprinterdrivers_level2(TALLOC_CTX *ctx, fstring servername, fst /**************************************************************************** Enumerates all printer drivers at level 3. ****************************************************************************/ - -static uint32 enumprinterdrivers_level3(TALLOC_CTX *ctx, fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) { int i; int ndrivers; @@ -5116,14 +5132,15 @@ static uint32 enumprinterdrivers_level3(TALLOC_CTX *ctx, fstring servername, fst for (version=0; version<MAX_VERSION; version++) { list=NULL; - ndrivers=get_ntdrivers(ctx, &list, architecture, version); + ndrivers=get_ntdrivers(&list, architecture, version); DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version)); if(ndrivers == -1) return ERROR_NOT_ENOUGH_MEMORY; if(ndrivers != 0) { - if((driver_info_3=(DRIVER_INFO_3 *)talloc_realloc(ctx,driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) { + if((driver_info_3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) { + safe_free(list); return ERROR_NOT_ENOUGH_MEMORY; } } @@ -5134,13 +5151,15 @@ static uint32 enumprinterdrivers_level3(TALLOC_CTX *ctx, fstring servername, fst DEBUGADD(5,("\tdriver: [%s]\n", list[i])); ZERO_STRUCT(driver); if ((status = get_a_printer_driver(&driver, 3, list[i], architecture, version)) != 0) { + safe_free(list); return status; } - fill_printer_driver_info_3(ctx, &driver_info_3[*returned+i], driver, servername); + fill_printer_driver_info_3(&driver_info_3[*returned+i], driver, servername); free_a_printer_driver(driver, 3); } *returned+=ndrivers; + safe_free(list); } /* check the required size. */ @@ -5150,6 +5169,7 @@ static uint32 enumprinterdrivers_level3(TALLOC_CTX *ctx, fstring servername, fst } if (!alloc_buffer_size(buffer, *needed)) { + safe_free(driver_info_3); return ERROR_INSUFFICIENT_BUFFER; } @@ -5159,6 +5179,11 @@ static uint32 enumprinterdrivers_level3(TALLOC_CTX *ctx, fstring servername, fst new_smb_io_printer_driver_info_3("", buffer, &driver_info_3[i], 0); } + for (i=0; i<*returned; i++) + safe_free(driver_info_3[i].dependentfiles); + + safe_free(driver_info_3); + if (*needed > offered) { *returned=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5198,11 +5223,11 @@ uint32 _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS switch (level) { case 1: - return enumprinterdrivers_level1(p->mem_ctx, servername, architecture, buffer, offered, needed, returned); + return enumprinterdrivers_level1(servername, architecture, buffer, offered, needed, returned); case 2: - return enumprinterdrivers_level2(p->mem_ctx, servername, architecture, buffer, offered, needed, returned); + return enumprinterdrivers_level2(servername, architecture, buffer, offered, needed, returned); case 3: - return enumprinterdrivers_level3(p->mem_ctx, servername, architecture, buffer, offered, needed, returned); + return enumprinterdrivers_level3(servername, architecture, buffer, offered, needed, returned); default: *returned=0; safe_free(list); @@ -5250,14 +5275,14 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - *numofforms = get_ntforms(p->mem_ctx, &list); + *numofforms = get_ntforms(&list); DEBUGADD(5,("Number of forms [%d]\n", *numofforms)); if (*numofforms == 0) return ERROR_NO_MORE_ITEMS; switch (level) { case 1: - if ((forms_1=(FORM_1 *)talloc(p->mem_ctx, *numofforms * sizeof(FORM_1))) == NULL) { + if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) { *numofforms=0; return ERROR_NOT_ENOUGH_MEMORY; } @@ -5268,6 +5293,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E fill_form_1(&forms_1[i], &list[i]); } + safe_free(list); + /* check the required size. */ for (i=0; i<*numofforms; i++) { DEBUGADD(6,("adding form [%d]'s size\n",i)); @@ -5276,8 +5303,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E *needed=buffer_size; - if (!alloc_buffer_size(buffer, buffer_size)) + if (!alloc_buffer_size(buffer, buffer_size)){ + safe_free(forms_1); return ERROR_INSUFFICIENT_BUFFER; + } /* fill the buffer with the form structures */ for (i=0; i<*numofforms; i++) { @@ -5285,6 +5314,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E new_smb_io_form_1("", buffer, &forms_1[i], 0); } + safe_free(forms_1); + if (*needed > offered) { *numofforms=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5293,8 +5324,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E return NT_STATUS_NO_PROBLEMO; default: + safe_free(list); return ERROR_INVALID_LEVEL; } + } /**************************************************************************** @@ -5325,7 +5358,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - numofforms = get_ntforms(p->mem_ctx, &list); + numofforms = get_ntforms(&list); DEBUGADD(5,("Number of forms [%d]\n", numofforms)); if (numofforms == 0) @@ -5346,6 +5379,8 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * } } + safe_free(list); + /* check the required size. */ *needed=spoolss_size_form_1(&form_1); @@ -5365,6 +5400,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * return NT_STATUS_NO_PROBLEMO; default: + safe_free(list); return ERROR_INVALID_LEVEL; } } @@ -6142,12 +6178,14 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM return ERROR_INVALID_HANDLE; } - count=get_ntforms(p->mem_ctx, &list); - if(!add_a_form(p->mem_ctx, &list, form, &count)) + count=get_ntforms(&list); + if(!add_a_form(&list, form, &count)) return ERROR_NOT_ENOUGH_MEMORY; write_ntforms(&list, count); - return NT_STATUS_NOPROBLEMO; + safe_free(list); + + return 0x0; } /**************************************************************************** @@ -6170,10 +6208,12 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE return ERROR_INVALID_HANDLE; } - count = get_ntforms(p->mem_ctx, &list); + count = get_ntforms(&list); if(!delete_a_form(&list, form_name, &count, &ret)) return ERROR_INVALID_PARAMETER; + safe_free(list); + return ret; } @@ -6197,10 +6237,12 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM * DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - count=get_ntforms(p->mem_ctx, &list); + count=get_ntforms(&list); update_a_form(&list, form, count); write_ntforms(&list, count); + safe_free(list); + return 0x0; } |