Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.

Ensure we have no naked memcpy calls. This isn't a crash bug (it's
already checked in the data_blob_talloc_zero() above, but I want to
get into the pattern of having all memcpy's covered by safety checks.

Jeremy.
(cherry picked from commit 974bc68d7884ab77210a237e4ca8020ee88ae059)

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index c490a38a42fd9fc32f01869af8a266193ff95efe..7f7bba077d69fa2b4cc9666858897f412ff93923 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -9955,7 +9955,10 @@ WERROR _spoolss_XcvData(pipes_struct *p,
 
        *r->out.status_code = 0;
 
-       memcpy(r->out.out_data, out_data.data, out_data.length);
+       if (r->out.out_data && r->in.out_data_size && out_data.length) {
+               memcpy(r->out.out_data, out_data.data,
+                       MIN(r->in.out_data_size, out_data.length));
+       }
 
        return WERR_OK;
 }