#define SHPWLEN 8 /* share password length */
-static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param, char *data,
- int mdrcnt, int mprcnt,
- char **rdata, char **rparam,
- int *rdata_len, int *rparam_len);
+static BOOL api_Unsupported(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt, int mprcnt,
+ char **rdata, char **rparam,
+ int *rdata_len, int *rparam_len);
+
static BOOL api_TooSmall(connection_struct *conn, uint16 vuid, char *param, char *data,
int mdrcnt, int mprcnt,
char **rdata, char **rparam,
lp_servicename(snum)));
goto err;
}
-
+
if ( !W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername,
"Windows 4.0", 0)) )
{
trim_string(driver.info_3->driverpath, "\\print$\\WIN40\\0\\", 0);
trim_string(driver.info_3->datafile, "\\print$\\WIN40\\0\\", 0);
trim_string(driver.info_3->helpfile, "\\print$\\WIN40\\0\\", 0);
-
+
PACKI(desc, "W", 0x0400); /* don't know */
PACKS(desc, "z", driver.info_3->name); /* long printer name */
PACKS(desc, "z", driver.info_3->driverpath); /* Driverfile Name */
PACKS(desc, "z", driver.info_3->datafile); /* Datafile name */
PACKS(desc, "z", driver.info_3->monitorname); /* language monitor */
-
+
fstrcpy(location, "\\\\%L\\print$\\WIN40\\0");
standard_sub_basic( "", "", location, sizeof(location)-1 );
PACKS(desc,"z", location); /* share to retrieve files */
-
+
PACKS(desc,"z", driver.info_3->defaultdatatype); /* default data type */
PACKS(desc,"z", driver.info_3->helpfile); /* helpfile name */
PACKS(desc,"z", driver.info_3->driverpath); /* driver name */
PACKS(desc,"z",driver.info_3->dependentfiles[i]); /* driver files to copy */
DEBUG(3,("Dependent File: %s:\n",driver.info_3->dependentfiles[i]));
}
-
+
/* sanity check */
if ( i != count )
DEBUG(3,("fill_printq_info_52: file count specified by client [%d] != number of dependent files [%i]\n",
count, i));
-
+
DEBUG(3,("fill_printq_info on <%s> gave %d entries\n", SERVICE(snum),i));
desc->errcode=NERR_Success;
done:
if ( printer )
free_a_printer( &printer, 2 );
-
+
if ( driver.info_3 )
free_a_printer_driver( driver, 3 );
}
lp_servicename(snum)));
goto done;
}
-
+
if ( !W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername,
"Windows 4.0", 0)) )
{
printer->info_2->drivername));
goto done;
}
-
+
/* count the number of files */
while ( driver.info_3->dependentfiles && *driver.info_3->dependentfiles[result] )
result++;
done:
if ( printer )
free_a_printer( &printer, 2 );
-
+
if ( driver.info_3 )
free_a_printer_driver( driver, 3 );
-
+
return result;
}
-static BOOL api_DosPrintQGetInfo(connection_struct *conn,
- uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
char *QueueName = p;
unsigned int uLevel;
int count=0;
int snum;
- char* str3;
+ char *str3;
struct pack_desc desc;
print_queue_struct *queue=NULL;
print_status_struct status;
char* tmpdata=NULL;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
memset((char *)&status,'\0',sizeof(status));
memset((char *)&desc,'\0',sizeof(desc));
-
- p = skip_string(p,1);
- uLevel = SVAL(p,0);
- str3 = p + 4;
-
+
+ p = skip_string(param,tpscnt,p,1);
+ if (!p) {
+ return False;
+ }
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ str3 = get_safe_offset(param,tpscnt,p,4) ? p + 4 : 0;
+ /* Check if string exists. */
+ if (skip_string(param,tpscnt,str3,1) == NULL) {
+ return False;
+ }
+
/* remove any trailing username */
if ((p = strchr_m(QueueName,'%')))
*p = 0;
View list of all print jobs on all queues.
****************************************************************************/
-static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, char* data,
- int mdrcnt, int mprcnt,
- char **rdata, char** rparam,
- int *rdata_len, int *rparam_len)
+static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt, int mprcnt,
+ char **rdata, char** rparam,
+ int *rdata_len, int *rparam_len)
{
- char *param_format = param+2;
- char *output_format1 = skip_string(param_format,1);
- char *p = skip_string(output_format1,1);
- unsigned int uLevel = SVAL(p,0);
- char *output_format2 = p + 4;
+ char *param_format = get_safe_offset(param,tpscnt,param,2);
+ char *output_format1 = skip_string(param,tpscnt,param_format,1);
+ char *p = skip_string(param,tpscnt,output_format1,1);
+ unsigned int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ char *output_format2 = get_safe_offset(param,tpscnt,p,4);
int services = lp_numservices();
int i, n;
struct pack_desc desc;
int *subcntarr = NULL;
int queuecnt = 0, subcnt = 0, succnt = 0;
+ if (!param_format || !output_format1 || !p || !output_format2) {
+ return False;
+ }
+
+ uLevel = SVAL(p,0);
+ output_format2 = p + 4;
+
memset((char *)&desc,'\0',sizeof(desc));
DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel));
extracted from lists saved by nmbd on the local host.
****************************************************************************/
-static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param, char *data,
- int mdrcnt, int mprcnt, char **rdata,
- char **rparam, int *rdata_len, int *rparam_len)
+static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt, int mprcnt, char **rdata,
+ char **rparam, int *rdata_len, int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- int uLevel = SVAL(p,0);
- int buf_len = SVAL(p,2);
- uint32 servertype = IVAL(p,4);
+ char *str1 = get_safe_offset(param, tpscnt, param, 2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+ int uLevel = get_safe_offset(param, tpscnt, p, 2) ? SVAL(p,0) : -1;
+ int buf_len = get_safe_offset(param,tpscnt, p, 4) ? SVAL(p,2) : 0;
+ uint32 servertype = get_safe_offset(param,tpscnt,p,8) ? IVAL(p,4) : 0;
char *p2;
int data_len, fixed_len, string_len;
int f_len = 0, s_len = 0;
BOOL domain_request;
BOOL local_request;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
/* If someone sets all the bits they don't really mean to set
DOMAIN_ENUM and LOCAL_LIST_ONLY, they just want all the
known servers. */
DEBUG(4, ("local_only:%s\n", BOOLSTR(local_request)));
if (strcmp(str1, "WrLehDz") == 0) {
+ if (skip_string(param,tpscnt,p,1) == NULL) {
+ return False;
+ }
pull_ascii_fstring(domain, p);
} else {
fstrcpy(domain, lp_workgroup());
command 0x34 - suspected of being a "Lookup Names" stub api
****************************************************************************/
-static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *param, char *data,
- int mdrcnt, int mprcnt, char **rdata,
- char **rparam, int *rdata_len, int *rparam_len)
+static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt, int mprcnt, char **rdata,
+ char **rparam, int *rdata_len, int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- int uLevel = SVAL(p,0);
- int buf_len = SVAL(p,2);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int buf_len = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : 0;
int counted=0;
int missed=0;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
DEBUG(5,("RNetGroupGetUsers: %s %s %s %d %d\n",
str1, str2, p, uLevel, buf_len));
return len;
}
-static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *netname = skip_string(str2,1);
- char *p = skip_string(netname,1);
- int uLevel = SVAL(p,0);
- int snum = find_service(netname);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *netname = skip_string(param,tpscnt,str2,1);
+ char *p = skip_string(param,tpscnt,netname,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int snum;
+ if (!str1 || !str2 || !netname || !p) {
+ return False;
+ }
+
+ snum = find_service(netname);
if (snum < 0) {
return False;
}
Share names longer than 12 bytes must be skipped.
****************************************************************************/
-static BOOL api_RNetShareEnum( connection_struct *conn,
- uint16 vuid,
- char *param,
- char *data,
- int mdrcnt,
- int mprcnt,
- char **rdata,
- char **rparam,
- int *rdata_len,
- int *rparam_len )
+static BOOL api_RNetShareEnum( connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,
+ int mprcnt,
+ char **rdata,
+ char **rparam,
+ int *rdata_len,
+ int *rparam_len )
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- int uLevel = SVAL(p,0);
- int buf_len = SVAL(p,2);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ int buf_len = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : 0;
char *p2;
int count = 0;
int total=0,counted=0;
int data_len, fixed_len, string_len;
int f_len = 0, s_len = 0;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
if (!prefix_ok(str1,"WrLeh")) {
return False;
}
Add a share
****************************************************************************/
-static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- int uLevel = SVAL(p,0);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
fstring sharename;
fstring comment;
pstring pathname;
int snum;
int res = ERRunsup;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
/* check it's a supported varient */
if (!prefix_ok(str1,RAP_WShareAdd_REQ)) {
return False;
return False;
}
+ /* Do we have a string ? */
+ if (skip_string(data,mdrcnt,data,1) == NULL) {
+ return False;
+ }
pull_ascii_fstring(sharename,data);
snum = find_service(sharename);
if (snum >= 0) { /* already exists */
goto error_exit;
}
+ if (mdrcnt < 28) {
+ return False;
+ }
+
/* only support disk share adds */
if (SVAL(data,14)!=STYPE_DISKTREE) {
return False;
goto error_exit;
}
+ /* Do we have a string ? */
+ if (skip_string(data,mdrcnt,data+offset,1) == NULL) {
+ return False;
+ }
pull_ascii_fstring(comment, offset? (data+offset) : "");
offset = IVAL(data, 26);
goto error_exit;
}
+ /* Do we have a string ? */
+ if (skip_string(data,mdrcnt,data+offset,1) == NULL) {
+ return False;
+ }
pull_ascii_pstring(pathname, offset? (data+offset) : "");
string_replace(sharename, '"', ' ');
view list of groups available
****************************************************************************/
-static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
int i;
int errflags=0;
int resume_context, cli_buf_size;
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
struct pdb_search *search;
struct samr_displayentry *entries;
int num_entries;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
if (strcmp(str1,"WrLeh") != 0) {
return False;
}
return False;
}
- resume_context = SVAL(p,0);
- cli_buf_size=SVAL(p+2,0);
+ resume_context = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ cli_buf_size= get_safe_offset(param,tpscnt,p,4) ? SVAL(p+2,0) : 0;
DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: "
"%d\n", resume_context, cli_buf_size));
Get groups that a user is a member of.
******************************************************************/
-static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *UserName = skip_string(str2,1);
- char *p = skip_string(UserName,1);
- int uLevel = SVAL(p,0);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *UserName = skip_string(param,tpscnt,str2,1);
+ char *p = skip_string(param,tpscnt,UserName,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
const char *level_string;
int count=0;
struct samu *sampw = NULL;
enum lsa_SidType type;
TALLOC_CTX *mem_ctx;
+ if (!str1 || !str2 || !UserName || !p) {
+ return False;
+ }
+
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
if (!*rparam) {
Get all users.
******************************************************************/
-static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_RNetUserEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
int count_sent=0;
int num_users=0;
struct pdb_search *search;
struct samr_displayentry *users;
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
if (strcmp(str1,"WrLeh") != 0)
return False;
* h -> return parameter total number of users
*/
- resume_context = SVAL(p,0);
- cli_buf_size=SVAL(p+2,0);
+ resume_context = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ cli_buf_size= get_safe_offset(param,tpscnt,p,4) ? SVAL(p+2,0) : 0;
DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n",
resume_context, cli_buf_size));
Get the time of day info.
****************************************************************************/
-static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
struct tm *t;
time_t unixdate = time(NULL);
Set the user password.
*****************************************************************************/
-static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *p = skip_string(param+2,2);
+ char *np = get_safe_offset(param,tpscnt,param,2);
+ char *p = skip_string(param,tpscnt,np,2);
fstring user;
fstring pass1,pass2;
+ if (!np || !p) {
+ return False;
+ }
+
+ /* Do we have a string ? */
+ if (skip_string(param,tpscnt,p,1) == NULL) {
+ return False;
+ }
pull_ascii_fstring(user,p);
- p = skip_string(p,1);
+ p = skip_string(param,tpscnt,p,1);
+ if (!p) {
+ return False;
+ }
memset(pass1,'\0',sizeof(pass1));
memset(pass2,'\0',sizeof(pass2));
+ if (get_safe_offset(param,tpscnt,p,32) == NULL) {
+ return False;
+ }
memcpy(pass1,p,16);
memcpy(pass2,p+16,16);
Set the user password (SamOEM version - gets plaintext).
****************************************************************************/
-static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
fstring user;
- char *p = param + 2;
+ char *p = get_safe_offset(param,tpscnt,param,2);
*rparam_len = 2;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
if (!*rparam) {
return False;
}
+ if (!p) {
+ return False;
+ }
*rdata_len = 0;
SSVAL(*rparam,0,NERR_badpass);
* Check the parameter definition is correct.
*/
- if(!strequal(param + 2, "zsT")) {
- DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2));
+ /* Do we have a string ? */
+ if (skip_string(param,tpscnt,p,1) == 0) {
+ return False;
+ }
+ if(!strequal(p, "zsT")) {
+ DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", p));
+ return False;
+ }
+ p = skip_string(param, tpscnt, p, 1);
+ if (!p) {
return False;
}
- p = skip_string(p, 1);
+ /* Do we have a string ? */
+ if (skip_string(param,tpscnt,p,1) == 0) {
+ return False;
+ }
if(!strequal(p, "B516B16")) {
DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p));
return False;
}
- p = skip_string(p,1);
+ p = skip_string(param,tpscnt,p,1);
+ if (!p) {
+ return False;
+ }
+ /* Do we have a string ? */
+ if (skip_string(param,tpscnt,p,1) == 0) {
+ return False;
+ }
p += pull_ascii_fstring(user,p);
DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user));
Form: <W> <>
****************************************************************************/
-static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- int function = SVAL(param,0);
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ int function = get_safe_offset(param,tpscnt,param,2) ? SVAL(param,0) : 0;
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
uint32 jobid;
int snum;
fstring sharename;
int errcode;
WERROR werr = WERR_OK;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+ if (get_safe_offset(param,tpscnt,p,2) == NULL) {
+ return False;
+ }
if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
return False;
Purge a print queue - or pause or resume it.
****************************************************************************/
-static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- int function = SVAL(param,0);
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *QueueName = skip_string(str2,1);
+ int function = get_safe_offset(param,tpscnt,param,2) ? SVAL(param,0) : 0;
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *QueueName = skip_string(param,tpscnt,str2,1);
int errcode = NERR_notsupported;
int snum;
WERROR werr = WERR_OK;
+ if (!str1 || !str2 || !QueueName) {
+ return False;
+ }
+
/* check it's a supported varient */
if (!(strcsequal(str1,"z") && strcsequal(str2,"")))
return(False);
return True;
}
-static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_PrintJobInfo(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
struct pack_desc desc;
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
uint32 jobid;
fstring sharename;
- int uLevel = SVAL(p,2);
- int function = SVAL(p,4);
+ int uLevel = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : -1;
+ int function = get_safe_offset(param,tpscnt,p,6) ? SVAL(p,4) : -1;
int place, errcode;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+ if (get_safe_offset(param,tpscnt,p,2) == NULL) {
+ return False;
+ }
if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
return False;
*rparam_len = 4;
Get info about the server.
****************************************************************************/
-static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- int uLevel = SVAL(p,0);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
char *p2;
int struct_len;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
DEBUG(4,("NetServerGetInfo level %d\n",uLevel));
/* check it's a supported varient */
current_user_info.domain,
comment, sizeof(comment));
StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0));
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
}
}
Get info about the server.
****************************************************************************/
-static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
char *p2;
- int level = SVAL(p,0);
+ int level = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
DEBUG(4,("NetWkstaGetInfo level %d\n",level));
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
- p2 = p + 22;
+ p2 = get_safe_offset(*rdata,*rdata_len,p,22);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */
pstrcpy(p2,get_local_machine_name());
strupper_m(p2);
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata));
pstrcpy(p2,current_user_info.smb_name);
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */
pstrcpy(p2,lp_workgroup());
strupper_m(p2);
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
p += 4;
SCVAL(p,0,lp_major_announce_version()); /* system version - e.g 4 in 4.1 */
SIVAL(p,0,PTR_DIFF(p2,*rdata));
pstrcpy(p2,lp_workgroup()); /* don't know. login domain?? */
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */
pstrcpy(p2,"");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
p += 4;
*rdata_len = PTR_DIFF(p2,*rdata);
#define AF_OP_ACCOUNTS 3
-static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *UserName = skip_string(str2,1);
- char *p = skip_string(UserName,1);
- int uLevel = SVAL(p,0);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *UserName = skip_string(param,tpscnt,str2,1);
+ char *p = skip_string(param,tpscnt,UserName,1);
+ int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
char *p2;
const char *level_string;
vuser->user.unix_name));
}
+ if (!str1 || !str2 || !UserName || !p) {
+ return False;
+ }
+
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
if (!*rparam) {
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
- p2 = p + usri11_end;
+ p2 = get_safe_offset(*rdata,*rdata_len,p,usri11_end);
+ if (!p2) {
+ return False;
+ }
memset(p,0,21);
fstrcpy(p+usri11_name,UserName); /* 21 bytes - user name */
if (uLevel >= 10) {
SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */
pstrcpy(p2,"Comment");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */
pstrcpy(p2,"UserComment");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
/* EEK! the cifsrap.txt doesn't have this in!!!! */
SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
pstrcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName));
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
}
if (uLevel == 11) {
SIVALS(p,usri11_password_age,-1); /* password age */
SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
pstrcpy(p2, vuser && vuser->homedir ? vuser->homedir : "");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */
pstrcpy(p2,"");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,usri11_last_logon,0); /* last logon */
SIVAL(p,usri11_last_logoff,0); /* last logoff */
SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */
SSVALS(p,usri11_num_logons,-1); /* num logons */
SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */
pstrcpy(p2,"\\\\*");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SSVAL(p,usri11_country_code,0); /* country code */
SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */
pstrcpy(p2,"");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVALS(p,usri11_max_storage,-1); /* max storage */
SSVAL(p,usri11_units_per_week,168); /* units per week */
/* a simple way to get logon hours at all times. */
memset(p2,0xff,21);
SCVAL(p2,21,0); /* fix zero termination */
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SSVAL(p,usri11_code_page,0); /* code page */
}
conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
pstrcpy(p2, vuser && vuser->homedir ? vuser->homedir : "");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */
*p2++ = 0;
SSVAL(p,52,0); /* flags */
SIVAL(p,54,PTR_DIFF(p2,*rdata)); /* script_path */
pstrcpy(p2,vuser && vuser->logon_script ? vuser->logon_script : "");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
if (uLevel == 2) {
SIVAL(p,60,0); /* auth_flags */
SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
pstrcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName));
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,68,0); /* urs_comment */
SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */
pstrcpy(p2,"");
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SIVAL(p,76,0); /* workstations */
SIVAL(p,80,0); /* last_logon */
SIVAL(p,84,0); /* last_logoff */
standard_sub_basic("", "", tmp, sizeof(tmp));
pstrcpy(p2, tmp);
}
- p2 = skip_string(p2,1);
+ p2 = skip_string(*rdata,*rdata_len,p2,1);
+ if (!p2) {
+ return False;
+ }
SSVAL(p,110,49); /* country_code */
SSVAL(p,112,860); /* code page */
}
return(True);
}
-static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
struct pack_desc desc;
char* name;
Don't depend on vuser being non-null !!. JRA */
user_struct *vuser = get_valid_user_struct(vuid);
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid,
vuser->user.unix_name));
}
- uLevel = SVAL(p,0);
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
+ if (skip_string(param,tpscnt,p+2,1) == NULL) {
+ return False;
+ }
name = p + 2;
memset((char *)&desc,'\0',sizeof(desc));
api_WAccessGetUserPerms
****************************************************************************/
-static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *user = skip_string(str2,1);
- char *resource = skip_string(user,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *user = skip_string(param,tpscnt,str2,1);
+ char *resource = skip_string(param,tpscnt,user,1);
+
+ if (!str1 || !str2 || !user || !resource) {
+ return False;
+ }
DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource));
api_WPrintJobEnumerate
****************************************************************************/
-static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintJobGetInfo(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
int count;
int i;
print_status_struct status;
char *tmpdata=NULL;
- uLevel = SVAL(p,2);
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
+ uLevel = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : -1;
memset((char *)&desc,'\0',sizeof(desc));
memset((char *)&status,'\0',sizeof(status));
return True;
}
-static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- char* name = p;
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
+ char *name = p;
int uLevel;
int count;
int i, succnt=0;
print_queue_struct *queue=NULL;
print_status_struct status;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
memset((char *)&desc,'\0',sizeof(desc));
memset((char *)&status,'\0',sizeof(status));
- p = skip_string(p,1);
- uLevel = SVAL(p,0);
+ p = skip_string(param,tpscnt,p,1);
+ if (!p) {
+ return False;
+ }
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name));
}
}
-static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintDestGetInfo(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
char* PrinterName = p;
int uLevel;
struct pack_desc desc;
int snum;
char *tmpdata=NULL;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
memset((char *)&desc,'\0',sizeof(desc));
- p = skip_string(p,1);
- uLevel = SVAL(p,0);
+ p = skip_string(param,tpscnt,p,1);
+ if (!p) {
+ return False;
+ }
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName));
return True;
}
-static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintDestEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
int queuecnt;
int i, n, succnt=0;
struct pack_desc desc;
int services = lp_numservices();
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = SVAL(p,0);
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel));
return True;
}
-static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintDriverEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
int succnt;
struct pack_desc desc;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = SVAL(p,0);
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : 0;
DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel));
return True;
}
-static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+static BOOL api_WPrintQProcEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
int succnt;
struct pack_desc desc;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = SVAL(p,0);
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel));
return True;
}
-static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+static BOOL api_WPrintPortEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
int succnt;
struct pack_desc desc;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = SVAL(p,0);
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel));
return True;
}
-
/****************************************************************************
List open sessions
****************************************************************************/
-static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param, char *data,
- int mdrcnt,int mprcnt,
- char **rdata,char **rparam,
- int *rdata_len,int *rparam_len)
+
+static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
+ char *str1 = get_safe_offset(param,tpscnt,param,2);
+ char *str2 = skip_string(param,tpscnt,str1,1);
+ char *p = skip_string(param,tpscnt,str2,1);
int uLevel;
struct pack_desc desc;
struct sessionid *session_list;
int i, num_sessions;
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+
memset((char *)&desc,'\0',sizeof(desc));
- uLevel = SVAL(p,0);
+ uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1;
DEBUG(3,("RNetSessionEnum uLevel=%d\n",uLevel));
DEBUG(7,("RNetSessionEnum req string=%s\n",str1));
The request is not supported.
****************************************************************************/
-static BOOL api_Unsupported(connection_struct *conn, uint16 vuid, char *param, char *data,
- int mdrcnt, int mprcnt,
- char **rdata, char **rparam,
- int *rdata_len, int *rparam_len)
+static BOOL api_Unsupported(connection_struct *conn, uint16 vuid,
+ char *param, int tpscnt,
+ char *data, int tdscnt,
+ int mdrcnt, int mprcnt,
+ char **rdata, char **rparam,
+ int *rdata_len, int *rparam_len)
{
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
static const struct {
const char *name;
int id;
- BOOL (*fn)(connection_struct *,uint16,char *,char *,
+ BOOL (*fn)(connection_struct *, uint16,
+ char *, int,
+ char *, int,
int,int,char **,char **,int *,int *);
BOOL auth_user; /* Deny anonymous access? */
} api_commands[] = {
int api_command;
char *rdata = NULL;
char *rparam = NULL;
+ const char *name1 = NULL;
+ const char *name2 = NULL;
int rdata_len = 0;
int rparam_len = 0;
BOOL reply=False;
return 0;
}
+ if (tpscnt < 2) {
+ return 0;
+ }
api_command = SVAL(params,0);
+ /* Is there a string at position params+2 ? */
+ if (skip_string(params,tpscnt,params+2,1)) {
+ name1 = params + 2;
+ } else {
+ name1 = "";
+ }
+ name2 = skip_string(params,tpscnt,params+2,1);
+ if (!name2) {
+ name2 = "";
+ }
DEBUG(3,("Got API command %d of form <%s> <%s> (tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n",
api_command,
- params+2,
- skip_string(params+2,1),
+ name1,
+ name2,
tdscnt,tpscnt,mdrcnt,mprcnt));
for (i=0;api_commands[i].name;i++) {
return -1;
}
- reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt,
+ reply = api_commands[i].fn(conn,
+ vuid,
+ params,tpscnt, /* params + length */
+ data,tdscnt, /* data + length */
+ mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
/* if we get False back then it's actually unsupported */
if (!reply) {
- reply = api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt,
+ reply = api_Unsupported(conn,vuid,params,tpscnt,data,tdscnt,mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
}
git.samba.org / metze / samba / wip.git / commitdiff