From 799f1d9cbdec5e6365b50cc476826b5c7ae4299d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Feb 2010 16:38:40 -0800
Subject: [PATCH] Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core
 dumps.

Reported and found by Martin Hochreiter <linuxbox@wavenet.at>.
Ensure we copy the right amount of registry data into the outgoing
buffer.

Jeremy.
(cherry picked from commit 4dd841cf3f71b33a18db70bbbb968a647aaa8efc)
---
 source3/rpc_server/srv_spoolss_nt.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index e88c73304be..c490a38a42f 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -8073,8 +8073,15 @@ WERROR _spoolss_EnumPrinterData(pipes_struct *p,
 
 		/* data - counted in bytes */
 
-		if (r->out.data && regval_size(val)) {
-			memcpy(r->out.data, regval_data_p(val), regval_size(val));
+		/*
+		 * See the section "Dynamically Typed Query Parameters"
+		 * in MS-RPRN.
+		 */
+
+		if (r->out.data && regval_data_p(val) &&
+				regval_size(val) && r->in.data_offered) {
+			memcpy(r->out.data, regval_data_p(val),
+				MIN(regval_size(val),r->in.data_offered));
 		}
 
 		*r->out.data_needed = regval_size(val);
-- 
2.34.1