From 219d8c916fd890ca4b4eae77abd5a651aa37e4ff Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@suse.de>
Date: Sun, 13 Nov 2011 20:40:56 +0100
Subject: [PATCH] idl: add to_null attribute to the spoolss formname array

OpenPrinterEx requests have been observed in the wild carrying a device
mode formname "A4" followed by non-utf16 garbage after the null
terminator. Such requests currently fail during unmarshalling in the
ndr_pull_charset() codepath, causing intermittent print job failures.

This change ensures that garbage after the device mode formname null
terminator is not processed in unmarshalling.

https://bugzilla.samba.org/show_bug.cgi?id=8606

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 librpc/idl/spoolss.idl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl
index 4599e3ac2e5..4b1f94f4a35 100644
--- a/librpc/idl/spoolss.idl
+++ b/librpc/idl/spoolss.idl
@@ -697,7 +697,7 @@ cpp_quote("#define spoolss_security_descriptor security_descriptor")
 		uint16 yresolution;
 		spoolss_DeviceModeTTOption ttoption;
 		spoolss_DeviceModeCollate collate;
-		[charset(UTF16)] uint16 formname[MAXDEVICENAME];
+		[charset(UTF16),to_null] uint16 formname[MAXDEVICENAME];
 		uint16 logpixels; /* reserved */
 		uint32 bitsperpel; /* reserved */
 		uint32 pelswidth; /* reserved */
-- 
2.34.1