summaryrefslogtreecommitdiffstats
path: root/source/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-03-03 05:27:26 +0000
committerJeremy Allison <jra@samba.org>2001-03-03 05:27:26 +0000
commit57a9340cbafa40f3a41e6c676c6f2477855fd799 (patch)
tree9f4dc9eb7ef20e0ce9dcad3a723a113889ea42c9 /source/rpc_server
parentc3a1904564175a7a5cf71e88540b96f7daa59730 (diff)
downloadsamba-57a9340cbafa40f3a41e6c676c6f2477855fd799.tar.gz
samba-57a9340cbafa40f3a41e6c676c6f2477855fd799.tar.xz
samba-57a9340cbafa40f3a41e6c676c6f2477855fd799.zip
Roll back to using malloc/realloc on some of spoolss in head.
I'm having problems with talloc_realloc in the 2.2 branch and I want a stable reference. The only problem is this breaks the clean auto-generated code in *one* call in srv_spoolss.c (the rfnpcnex call). Jeremy.
Diffstat (limited to 'source/rpc_server')
-rw-r--r--source/rpc_server/srv_pipe_hnd.c4
-rwxr-xr-xsource/rpc_server/srv_spoolss.c3
-rw-r--r--source/rpc_server/srv_spoolss_nt.c114
3 files changed, 62 insertions, 59 deletions
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index 3b60c78ade3..eb369f22b44 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -397,10 +397,10 @@ authentication failed. Denying the request.\n", p->name));
}
/*
- * Check the data length doesn't go over the 1Mb limit.
+ * Check the data length doesn't go over the 10Mb limit.
*/
- if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) {
+ if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
(unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
set_incoming_fault(p);
diff --git a/source/rpc_server/srv_spoolss.c b/source/rpc_server/srv_spoolss.c
index a2bde978653..0cb72232f21 100755
--- a/source/rpc_server/srv_spoolss.c
+++ b/source/rpc_server/srv_spoolss.c
@@ -270,10 +270,13 @@ static BOOL api_spoolss_rfnpcnex(pipes_struct *p)
r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u);
if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) {
+ safe_free(r_u.info.data);
DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n"));
return False;
}
+ safe_free(r_u.info.data);
+
return True;
}
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index 2b6fb9a7e5a..830f5cdcf45 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -149,7 +149,6 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp)
safe_free(sp->ctr.type);
free(sp);
-
}
/****************************************************************************
@@ -290,7 +289,6 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle)
/****************************************************************************
close printer index by handle
****************************************************************************/
-
static BOOL close_printer_handle(POLICY_HND *hnd)
{
Printer_entry *Printer = find_printer_index_by_hnd(hnd);
@@ -310,6 +308,7 @@ static BOOL close_printer_handle(POLICY_HND *hnd)
Printer->notify.localmachine[0]='\0';
Printer->notify.printerlocal=0;
free_spool_notify_option(&Printer->notify.option);
+ Printer->notify.option=NULL;
Printer->notify.client_connected=False;
clear_handle(hnd);
@@ -846,13 +845,13 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u,
/* NT doesn't let us connect to a printer if the connecting user
doesn't have print permission. */
+ if (!get_printer_snum(handle, &snum))
+ return ERROR_INVALID_HANDLE;
+
/* map an empty access mask to the minimum access mask */
if (printer_default->access_required == 0x0)
printer_default->access_required = PRINTER_ACCESS_USE;
- if (!get_printer_snum(handle, &snum))
- return ERROR_INVALID_HANDLE;
-
if (!print_access_check(&user, snum, printer_default->access_required)) {
DEBUG(3, ("access DENIED for printer open\n"));
close_printer_handle(handle);
@@ -1113,7 +1112,6 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL
/********************************************************************
GetPrinterData on a printer server Handle.
********************************************************************/
-
static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size)
{
int i;
@@ -1160,8 +1158,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32
pstring string="You are using a Samba server";
*type = 0x1;
*needed = 2*(strlen(string)+1);
- if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
+ if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
return False;
+ memset(*data, 0, (*needed > in_size) ? *needed:in_size);
/* it's done by hand ready to go on the wire */
for (i=0; i<strlen(string); i++) {
@@ -1175,8 +1174,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32
pstring string="Windows NT x86";
*type = 0x1;
*needed = 2*(strlen(string)+1);
- if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
+ if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
return False;
+ memset(*data, 0, (*needed > in_size) ? *needed:in_size);
for (i=0; i<strlen(string); i++) {
(*data)[2*i]=string[i];
(*data)[2*i+1]='\0';
@@ -1223,10 +1223,11 @@ static BOOL getprinterdata_printer(TALLOC_CTX *ctx, POLICY_HND *handle,
DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size));
if (in_size) {
- if((*data = (uint8 *)talloc_zero(ctx, in_size *sizeof(uint8) )) == NULL) {
+ if((*data = (uint8 *)talloc(ctx, in_size *sizeof(uint8) )) == NULL) {
return False;
}
+ memset(*data, 0, in_size *sizeof(uint8));
/* copy the min(in_size, len) */
memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
} else {
@@ -1276,7 +1277,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO
DEBUG(4,("_spoolss_getprinterdata\n"));
if (!OPEN_HANDLE(Printer)) {
- if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL)
+ if((*data=(uint8 *)malloc(4*sizeof(uint8))) == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle)));
return ERROR_INVALID_HANDLE;
@@ -1366,12 +1367,12 @@ uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE
}
Printer->notify.flags=flags;
+ Printer->notify.options=options;
Printer->notify.printerlocal=printerlocal;
if (Printer->notify.option)
free_spool_notify_option(&Printer->notify.option);
- Printer->notify.options=options;
Printer->notify.option=dup_spool_notify_option(option);
unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1);
@@ -2157,12 +2158,12 @@ static void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type,
info_data->enc_type = type_of_notify_info_data(type, field);
}
+
/*******************************************************************
*
* fill a notify_info struct with info asked
*
********************************************************************/
-
static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
snum, SPOOL_NOTIFY_OPTION_TYPE
*option_type, uint32 id,
@@ -2192,7 +2193,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
if (!search_notify(type, field, &j) )
continue;
- if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
return False;
}
current_data=&info->data[info->count];
@@ -2217,7 +2218,6 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
* fill a notify_info struct with info asked
*
********************************************************************/
-
static BOOL construct_notify_jobs_info(print_queue_struct *queue,
SPOOL_NOTIFY_INFO *info,
NT_PRINTER_INFO_LEVEL *printer,
@@ -2228,6 +2228,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
int field_num,j;
uint16 type;
uint16 field;
+
SPOOL_NOTIFY_INFO_DATA *current_data;
DEBUG(4,("construct_notify_jobs_info\n"));
@@ -2248,13 +2249,9 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
return False;
}
- current_data=&info->data[info->count];
+ current_data=&(info->data[info->count]);
construct_info_data(current_data, type, field, id);
-
- DEBUG(10,("construct_notify_jobs_info: calling [%s] snum=%d printername=[%s])\n",
- notify_info_data_table[j].name, snum, printer->info_2->printername ));
-
notify_info_data_table[j].fn(snum, current_data, queue,
printer, mem_ctx);
info->count++;
@@ -2322,7 +2319,8 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd,
for (snum=0; snum<n_services; snum++)
if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) )
- if (construct_notify_printer_info(info, snum, option_type, id, mem_ctx))
+ if (construct_notify_printer_info
+ (info, snum, option_type, id, mem_ctx))
id++;
}
@@ -2330,7 +2328,7 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd,
* Debugging information, don't delete.
*/
/*
- DEBUG(1,("printserver_notify_info: dumping the NOTIFY_INFO\n"));
+ DEBUG(1,("dumping the NOTIFY_INFO\n"));
DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
@@ -2377,7 +2375,9 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
switch ( option_type->type ) {
case PRINTER_NOTIFY_TYPE:
- if(construct_notify_printer_info(info, snum, option_type, id, mem_ctx))
+ if(construct_notify_printer_info(info, snum,
+ option_type, id,
+ mem_ctx))
id--;
break;
@@ -2387,7 +2387,8 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
memset(&status, 0, sizeof(status));
count = print_queue_status(snum, &queue, &status);
- if (get_a_printer(&printer, 2, lp_servicename(snum)) != 0)
+ if (get_a_printer(&printer, 2,
+ lp_servicename(snum)) != 0)
goto done;
for (j=0; j<count; j++) {
@@ -2410,17 +2411,17 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
/*
* Debugging information, don't delete.
*/
-
- DEBUG(10,("printer_notify_info: dumping the NOTIFY_INFO\n"));
- DEBUGADD(10,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
- DEBUGADD(10,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
+ /*
+ DEBUG(1,("dumping the NOTIFY_INFO\n"));
+ DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
+ DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
for (i=0; i<info->count; i++) {
- DEBUGADD(10,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n",
+ DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n",
i, info->data[i].type, info->data[i].field, info->data[i].reserved,
info->data[i].id, info->data[i].size, info->data[i].enc_type));
}
-
+ */
return NT_STATUS_NO_PROBLEMO;
}
@@ -2472,25 +2473,7 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN
result = printer_notify_info(handle, info, p->mem_ctx);
break;
}
-
- /*
- * The data returned in info->data is realloced. We need to
- * convert to talloc for return. The data really should come
- * back as a linked list, not a realloced array, as realloc can
- * fail... JRA.
- */
-
- if (info->data) {
- SPOOL_NOTIFY_INFO_DATA *new_data = (SPOOL_NOTIFY_INFO_DATA *)talloc_memdup(p->mem_ctx,
- info->data,
- info->count * sizeof(SPOOL_NOTIFY_INFO_DATA));
- if (!new_data)
- return NT_STATUS_NO_MEMORY;
-
- safe_free(info->data);
- info->data = new_data;
- }
-
+
done:
return result;
}
@@ -5291,14 +5274,14 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
DEBUGADD(5,("Offered buffer size [%d]\n", offered));
DEBUGADD(5,("Info level [%d]\n", level));
- *numofforms = get_ntforms(p->mem_ctx, &list);
+ *numofforms = get_ntforms(&list);
DEBUGADD(5,("Number of forms [%d]\n", *numofforms));
if (*numofforms == 0) return ERROR_NO_MORE_ITEMS;
switch (level) {
case 1:
- if ((forms_1=(FORM_1 *)talloc(p->mem_ctx, *numofforms * sizeof(FORM_1))) == NULL) {
+ if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) {
*numofforms=0;
return ERROR_NOT_ENOUGH_MEMORY;
}
@@ -5309,6 +5292,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
fill_form_1(&forms_1[i], &list[i]);
}
+ safe_free(list);
+
/* check the required size. */
for (i=0; i<*numofforms; i++) {
DEBUGADD(6,("adding form [%d]'s size\n",i));
@@ -5317,8 +5302,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
*needed=buffer_size;
- if (!alloc_buffer_size(buffer, buffer_size))
+ if (!alloc_buffer_size(buffer, buffer_size)){
+ safe_free(forms_1);
return ERROR_INSUFFICIENT_BUFFER;
+ }
/* fill the buffer with the form structures */
for (i=0; i<*numofforms; i++) {
@@ -5326,6 +5313,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
new_smb_io_form_1("", buffer, &forms_1[i], 0);
}
+ safe_free(forms_1);
+
if (*needed > offered) {
*numofforms=0;
return ERROR_INSUFFICIENT_BUFFER;
@@ -5334,8 +5323,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E
return NT_STATUS_NO_PROBLEMO;
default:
+ safe_free(list);
return ERROR_INVALID_LEVEL;
}
+
}
/****************************************************************************
@@ -5366,7 +5357,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
DEBUGADD(5,("Offered buffer size [%d]\n", offered));
DEBUGADD(5,("Info level [%d]\n", level));
- numofforms = get_ntforms(p->mem_ctx, &list);
+ numofforms = get_ntforms(&list);
DEBUGADD(5,("Number of forms [%d]\n", numofforms));
if (numofforms == 0)
@@ -5387,6 +5378,8 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
}
}
+ safe_free(list);
+
/* check the required size. */
*needed=spoolss_size_form_1(&form_1);
@@ -5406,6 +5399,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
return NT_STATUS_NO_PROBLEMO;
default:
+ safe_free(list);
return ERROR_INVALID_LEVEL;
}
}
@@ -6183,12 +6177,14 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM
return ERROR_INVALID_HANDLE;
}
- count=get_ntforms(p->mem_ctx, &list);
- if(!add_a_form(p->mem_ctx, &list, form, &count))
+ count=get_ntforms(&list);
+ if(!add_a_form(&list, form, &count))
return ERROR_NOT_ENOUGH_MEMORY;
write_ntforms(&list, count);
- return NT_STATUS_NOPROBLEMO;
+ safe_free(list);
+
+ return 0x0;
}
/****************************************************************************
@@ -6211,10 +6207,12 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE
return ERROR_INVALID_HANDLE;
}
- count = get_ntforms(p->mem_ctx, &list);
+ count = get_ntforms(&list);
if(!delete_a_form(&list, form_name, &count, &ret))
return ERROR_INVALID_PARAMETER;
+ safe_free(list);
+
return ret;
}
@@ -6238,10 +6236,12 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM *
DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle)));
return ERROR_INVALID_HANDLE;
}
- count=get_ntforms(p->mem_ctx, &list);
+ count=get_ntforms(&list);
update_a_form(&list, form, count);
write_ntforms(&list, count);
+ safe_free(list);
+
return 0x0;
}