Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.

Reported and found by Martin Hochreiter <linuxbox@wavenet.at>.
Ensure we copy the right amount of registry data into the outgoing
buffer.

Jeremy.

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index e88c73304be9bebb262133474182aae8f099eec5..c490a38a42fd9fc32f01869af8a266193ff95efe 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -8073,8 +8073,15 @@ WERROR _spoolss_EnumPrinterData(pipes_struct *p,
 
                /* data - counted in bytes */
 
-               if (r->out.data && regval_size(val)) {
-                       memcpy(r->out.data, regval_data_p(val), regval_size(val));
+               /*
+                * See the section "Dynamically Typed Query Parameters"
+                * in MS-RPRN.
+                */
+
+               if (r->out.data && regval_data_p(val) &&
+                               regval_size(val) && r->in.data_offered) {
+                       memcpy(r->out.data, regval_data_p(val),
+                               MIN(regval_size(val),r->in.data_offered));
                }
 
                *r->out.data_needed = regval_size(val);