idl: add to_null attribute to the spoolss formname array

OpenPrinterEx requests have been observed in the wild carrying a device
mode formname "A4" followed by non-utf16 garbage after the null
terminator. Such requests currently fail during unmarshalling in the
ndr_pull_charset() codepath, causing intermittent print job failures.

This change ensures that garbage after the device mode formname null
terminator is not processed in unmarshalling.

https://bugzilla.samba.org/show_bug.cgi?id=8606

Signed-off-by: Jeremy Allison <jra@samba.org>

diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl
index 4599e3ac2e516fce2c8236804c2daae476da4fb0..4b1f94f4a353b6dfd894ecec210b7975070c4c0b 100644 (file)
--- a/librpc/idl/spoolss.idl
+++ b/librpc/idl/spoolss.idl
@@ -697,7 +697,7 @@ cpp_quote("#define spoolss_security_descriptor security_descriptor")
                uint16 yresolution;
                spoolss_DeviceModeTTOption ttoption;
                spoolss_DeviceModeCollate collate;
-               [charset(UTF16)] uint16 formname[MAXDEVICENAME];
+               [charset(UTF16),to_null] uint16 formname[MAXDEVICENAME];
                uint16 logpixels; /* reserved */
                uint32 bitsperpel; /* reserved */
                uint32 pelswidth; /* reserved */