diff options
author | Jeremy Allison <jra@samba.org> | 2001-03-03 05:27:26 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-03-03 05:27:26 +0000 |
commit | 57a9340cbafa40f3a41e6c676c6f2477855fd799 (patch) | |
tree | 9f4dc9eb7ef20e0ce9dcad3a723a113889ea42c9 /source/rpc_server | |
parent | c3a1904564175a7a5cf71e88540b96f7daa59730 (diff) | |
download | samba-57a9340cbafa40f3a41e6c676c6f2477855fd799.tar.gz samba-57a9340cbafa40f3a41e6c676c6f2477855fd799.tar.xz samba-57a9340cbafa40f3a41e6c676c6f2477855fd799.zip |
Roll back to using malloc/realloc on some of spoolss in head.
I'm having problems with talloc_realloc in the 2.2 branch and I
want a stable reference.
The only problem is this breaks the clean auto-generated code
in *one* call in srv_spoolss.c (the rfnpcnex call).
Jeremy.
Diffstat (limited to 'source/rpc_server')
-rw-r--r-- | source/rpc_server/srv_pipe_hnd.c | 4 | ||||
-rwxr-xr-x | source/rpc_server/srv_spoolss.c | 3 | ||||
-rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 114 |
3 files changed, 62 insertions, 59 deletions
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 3b60c78ade3..eb369f22b44 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -397,10 +397,10 @@ authentication failed. Denying the request.\n", p->name)); } /* - * Check the data length doesn't go over the 1Mb limit. + * Check the data length doesn't go over the 10Mb limit. */ - if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) { + if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) { DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); set_incoming_fault(p); diff --git a/source/rpc_server/srv_spoolss.c b/source/rpc_server/srv_spoolss.c index a2bde978653..0cb72232f21 100755 --- a/source/rpc_server/srv_spoolss.c +++ b/source/rpc_server/srv_spoolss.c @@ -270,10 +270,13 @@ static BOOL api_spoolss_rfnpcnex(pipes_struct *p) r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u); if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) { + safe_free(r_u.info.data); DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n")); return False; } + safe_free(r_u.info.data); + return True; } diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 2b6fb9a7e5a..830f5cdcf45 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -149,7 +149,6 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp) safe_free(sp->ctr.type); free(sp); - } /**************************************************************************** @@ -290,7 +289,6 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle) /**************************************************************************** close printer index by handle ****************************************************************************/ - static BOOL close_printer_handle(POLICY_HND *hnd) { Printer_entry *Printer = find_printer_index_by_hnd(hnd); @@ -310,6 +308,7 @@ static BOOL close_printer_handle(POLICY_HND *hnd) Printer->notify.localmachine[0]='\0'; Printer->notify.printerlocal=0; free_spool_notify_option(&Printer->notify.option); + Printer->notify.option=NULL; Printer->notify.client_connected=False; clear_handle(hnd); @@ -846,13 +845,13 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* NT doesn't let us connect to a printer if the connecting user doesn't have print permission. */ + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; + /* map an empty access mask to the minimum access mask */ if (printer_default->access_required == 0x0) printer_default->access_required = PRINTER_ACCESS_USE; - if (!get_printer_snum(handle, &snum)) - return ERROR_INVALID_HANDLE; - if (!print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(handle); @@ -1113,7 +1112,6 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL /******************************************************************** GetPrinterData on a printer server Handle. ********************************************************************/ - static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size) { int i; @@ -1160,8 +1158,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 pstring string="You are using a Samba server"; *type = 0x1; *needed = 2*(strlen(string)+1); - if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) return False; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); /* it's done by hand ready to go on the wire */ for (i=0; i<strlen(string); i++) { @@ -1175,8 +1174,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 pstring string="Windows NT x86"; *type = 0x1; *needed = 2*(strlen(string)+1); - if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) return False; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); for (i=0; i<strlen(string); i++) { (*data)[2*i]=string[i]; (*data)[2*i+1]='\0'; @@ -1223,10 +1223,11 @@ static BOOL getprinterdata_printer(TALLOC_CTX *ctx, POLICY_HND *handle, DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size)); if (in_size) { - if((*data = (uint8 *)talloc_zero(ctx, in_size *sizeof(uint8) )) == NULL) { + if((*data = (uint8 *)talloc(ctx, in_size *sizeof(uint8) )) == NULL) { return False; } + memset(*data, 0, in_size *sizeof(uint8)); /* copy the min(in_size, len) */ memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8)); } else { @@ -1276,7 +1277,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO DEBUG(4,("_spoolss_getprinterdata\n")); if (!OPEN_HANDLE(Printer)) { - if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL) + if((*data=(uint8 *)malloc(4*sizeof(uint8))) == NULL) return ERROR_NOT_ENOUGH_MEMORY; DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; @@ -1366,12 +1367,12 @@ uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE } Printer->notify.flags=flags; + Printer->notify.options=options; Printer->notify.printerlocal=printerlocal; if (Printer->notify.option) free_spool_notify_option(&Printer->notify.option); - Printer->notify.options=options; Printer->notify.option=dup_spool_notify_option(option); unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1); @@ -2157,12 +2158,12 @@ static void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, info_data->enc_type = type_of_notify_info_data(type, field); } + /******************************************************************* * * fill a notify_info struct with info asked * ********************************************************************/ - static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int snum, SPOOL_NOTIFY_OPTION_TYPE *option_type, uint32 id, @@ -2192,7 +2193,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int if (!search_notify(type, field, &j) ) continue; - if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { return False; } current_data=&info->data[info->count]; @@ -2217,7 +2218,6 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int * fill a notify_info struct with info asked * ********************************************************************/ - static BOOL construct_notify_jobs_info(print_queue_struct *queue, SPOOL_NOTIFY_INFO *info, NT_PRINTER_INFO_LEVEL *printer, @@ -2228,6 +2228,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, int field_num,j; uint16 type; uint16 field; + SPOOL_NOTIFY_INFO_DATA *current_data; DEBUG(4,("construct_notify_jobs_info\n")); @@ -2248,13 +2249,9 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, return False; } - current_data=&info->data[info->count]; + current_data=&(info->data[info->count]); construct_info_data(current_data, type, field, id); - - DEBUG(10,("construct_notify_jobs_info: calling [%s] snum=%d printername=[%s])\n", - notify_info_data_table[j].name, snum, printer->info_2->printername )); - notify_info_data_table[j].fn(snum, current_data, queue, printer, mem_ctx); info->count++; @@ -2322,7 +2319,8 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, for (snum=0; snum<n_services; snum++) if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) - if (construct_notify_printer_info(info, snum, option_type, id, mem_ctx)) + if (construct_notify_printer_info + (info, snum, option_type, id, mem_ctx)) id++; } @@ -2330,7 +2328,7 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, * Debugging information, don't delete. */ /* - DEBUG(1,("printserver_notify_info: dumping the NOTIFY_INFO\n")); + DEBUG(1,("dumping the NOTIFY_INFO\n")); DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); @@ -2377,7 +2375,9 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, switch ( option_type->type ) { case PRINTER_NOTIFY_TYPE: - if(construct_notify_printer_info(info, snum, option_type, id, mem_ctx)) + if(construct_notify_printer_info(info, snum, + option_type, id, + mem_ctx)) id--; break; @@ -2387,7 +2387,8 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, memset(&status, 0, sizeof(status)); count = print_queue_status(snum, &queue, &status); - if (get_a_printer(&printer, 2, lp_servicename(snum)) != 0) + if (get_a_printer(&printer, 2, + lp_servicename(snum)) != 0) goto done; for (j=0; j<count; j++) { @@ -2410,17 +2411,17 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, /* * Debugging information, don't delete. */ - - DEBUG(10,("printer_notify_info: dumping the NOTIFY_INFO\n")); - DEBUGADD(10,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); - DEBUGADD(10,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); + /* + DEBUG(1,("dumping the NOTIFY_INFO\n")); + DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); + DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); for (i=0; i<info->count; i++) { - DEBUGADD(10,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", + DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", i, info->data[i].type, info->data[i].field, info->data[i].reserved, info->data[i].id, info->data[i].size, info->data[i].enc_type)); } - + */ return NT_STATUS_NO_PROBLEMO; } @@ -2472,25 +2473,7 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN result = printer_notify_info(handle, info, p->mem_ctx); break; } - - /* - * The data returned in info->data is realloced. We need to - * convert to talloc for return. The data really should come - * back as a linked list, not a realloced array, as realloc can - * fail... JRA. - */ - - if (info->data) { - SPOOL_NOTIFY_INFO_DATA *new_data = (SPOOL_NOTIFY_INFO_DATA *)talloc_memdup(p->mem_ctx, - info->data, - info->count * sizeof(SPOOL_NOTIFY_INFO_DATA)); - if (!new_data) - return NT_STATUS_NO_MEMORY; - - safe_free(info->data); - info->data = new_data; - } - + done: return result; } @@ -5291,14 +5274,14 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - *numofforms = get_ntforms(p->mem_ctx, &list); + *numofforms = get_ntforms(&list); DEBUGADD(5,("Number of forms [%d]\n", *numofforms)); if (*numofforms == 0) return ERROR_NO_MORE_ITEMS; switch (level) { case 1: - if ((forms_1=(FORM_1 *)talloc(p->mem_ctx, *numofforms * sizeof(FORM_1))) == NULL) { + if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) { *numofforms=0; return ERROR_NOT_ENOUGH_MEMORY; } @@ -5309,6 +5292,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E fill_form_1(&forms_1[i], &list[i]); } + safe_free(list); + /* check the required size. */ for (i=0; i<*numofforms; i++) { DEBUGADD(6,("adding form [%d]'s size\n",i)); @@ -5317,8 +5302,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E *needed=buffer_size; - if (!alloc_buffer_size(buffer, buffer_size)) + if (!alloc_buffer_size(buffer, buffer_size)){ + safe_free(forms_1); return ERROR_INSUFFICIENT_BUFFER; + } /* fill the buffer with the form structures */ for (i=0; i<*numofforms; i++) { @@ -5326,6 +5313,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E new_smb_io_form_1("", buffer, &forms_1[i], 0); } + safe_free(forms_1); + if (*needed > offered) { *numofforms=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5334,8 +5323,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E return NT_STATUS_NO_PROBLEMO; default: + safe_free(list); return ERROR_INVALID_LEVEL; } + } /**************************************************************************** @@ -5366,7 +5357,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - numofforms = get_ntforms(p->mem_ctx, &list); + numofforms = get_ntforms(&list); DEBUGADD(5,("Number of forms [%d]\n", numofforms)); if (numofforms == 0) @@ -5387,6 +5378,8 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * } } + safe_free(list); + /* check the required size. */ *needed=spoolss_size_form_1(&form_1); @@ -5406,6 +5399,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * return NT_STATUS_NO_PROBLEMO; default: + safe_free(list); return ERROR_INVALID_LEVEL; } } @@ -6183,12 +6177,14 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM return ERROR_INVALID_HANDLE; } - count=get_ntforms(p->mem_ctx, &list); - if(!add_a_form(p->mem_ctx, &list, form, &count)) + count=get_ntforms(&list); + if(!add_a_form(&list, form, &count)) return ERROR_NOT_ENOUGH_MEMORY; write_ntforms(&list, count); - return NT_STATUS_NOPROBLEMO; + safe_free(list); + + return 0x0; } /**************************************************************************** @@ -6211,10 +6207,12 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE return ERROR_INVALID_HANDLE; } - count = get_ntforms(p->mem_ctx, &list); + count = get_ntforms(&list); if(!delete_a_form(&list, form_name, &count, &ret)) return ERROR_INVALID_PARAMETER; + safe_free(list); + return ret; } @@ -6238,10 +6236,12 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM * DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - count=get_ntforms(p->mem_ctx, &list); + count=get_ntforms(&list); update_a_form(&list, form, count); write_ntforms(&list, count); + safe_free(list); + return 0x0; } |