git.samba.org / kamenim / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f6bdfd9)
s3-spoolss: fix some crash bugs and missing error codes in AddDriver paths.
authorGünther Deschner <gd@samba.org>
Fri, 23 Apr 2010 00:34:43 +0000 (02:34 +0200)
committerGünther Deschner <gd@samba.org>
Fri, 23 Apr 2010 00:34:43 +0000 (02:34 +0200)
Found by torture test.

Guenther

source3/printing/nt_printing.c patch | blob | history
source3/rpc_server/srv_spoolss_nt.c patch | blob | history

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index a2d7e8c94748118005042a4c0840e83439e8a255..56f5d18691f3ff2828a9b2ea2bd921ab81c3af34 100644 (file)
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1605,7 +1605,7 @@ static uint32 get_correct_cversion(struct pipes_struct *p,
 ****************************************************************************/
 
 #define strip_driver_path(_mem_ctx, _element) do { \
-       if ((_p = strrchr((_element), '\\')) != NULL) { \
+       if (_element && ((_p = strrchr((_element), '\\')) != NULL)) { \
                (_element) = talloc_asprintf((_mem_ctx), "%s", _p+1); \
                W_ERROR_HAVE_NO_MEMORY((_element)); \
        } \
@@ -1626,6 +1626,10 @@ static WERROR clean_up_driver_struct_level(TALLOC_CTX *mem_ctx,
        WERROR err;
        char *_p;
 
+       if (!*driver_path || !*data_file || !*config_file) {
+               return WERR_INVALID_PARAM;
+       }
+
        /* clean up the driver name.
         * we can get .\driver.dll
         * or worse c:\windows\system\driver.dll !
@@ -1635,7 +1639,9 @@ static WERROR clean_up_driver_struct_level(TALLOC_CTX *mem_ctx,
        strip_driver_path(mem_ctx, *driver_path);
        strip_driver_path(mem_ctx, *data_file);
        strip_driver_path(mem_ctx, *config_file);
-       strip_driver_path(mem_ctx, *help_file);
+       if (help_file) {
+               strip_driver_path(mem_ctx, *help_file);
+       }
 
        if (dependent_files && dependent_files->string) {
                for (i=0; dependent_files->string[i]; i++) {
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index eec421f67a1c2f1130e09ced6d0c98a9b4b29ef8..72499d8ad05ff705033497e0ff65cdf6e03c1ebe 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -7511,6 +7511,10 @@ WERROR _spoolss_AddPrinterDriverEx(pipes_struct *p,
         * i.e. only copy files that are newer than existing ones
         */
 
+       if (r->in.flags == 0) {
+               return WERR_INVALID_PARAM;
+       }
+
        if (r->in.flags != APD_COPY_NEW_FILES) {
                return WERR_ACCESS_DENIED;
        }
kamenim's wip repo