spoolss: fix segfault when "default devmode" is disabled

Currently when "default devmode" is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().

Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.

This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.

https://bugzilla.samba.org/show_bug.cgi?id=9433

Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d7fdb05464a67ced7afb8dfdf0aa6be77cb84fd6)

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 8868a9894e666e6e1f120f91097d0c269db5aebf..b5949e44cc5f9c1ce2b8437491d8cc0568fa5c3b 100644 (file)
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1942,24 +1942,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
         * save it here in case we get a job submission on this handle
         */
 
-        if ((Printer->printer_type != SPLHND_SERVER) &&
-            r->in.devmode_ctr.devmode) {
+        if ((Printer->printer_type != SPLHND_SERVER)
+         && (r->in.devmode_ctr.devmode != NULL)) {
                copy_devicemode(NULL, r->in.devmode_ctr.devmode,
                                &Printer->devmode);
         }
 
-#if 0  /* JERRY -- I'm doubtful this is really effective */
-       /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN
-          optimization in Windows 2000 clients  --jerry */
-
-       if ( (r->in.access_mask == PRINTER_ACCESS_ADMINISTER)
-               && (RA_WIN2K == get_remote_arch()) )
-       {
-               DEBUG(10,("_spoolss_OpenPrinterEx: Enabling LAN/WAN hack for Win2k clients.\n"));
-               sys_usleep( 500000 );
-       }
-#endif
-
        return WERR_OK;
 }
 
@@ -4037,8 +4025,22 @@ static WERROR construct_printer_info2(TALLOC_CTX *mem_ctx,
        r->cjobs                = count;
        r->averageppm           = info2->averageppm;
 
-       copy_devicemode(mem_ctx, info2->devmode, &r->devmode);
-       if (!r->devmode) {
+       if (info2->devmode != NULL) {
+               result = copy_devicemode(mem_ctx,
+                                        info2->devmode,
+                                        &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else if (lp_default_devmode(snum)) {
+               result = spoolss_create_default_devmode(mem_ctx,
+                                                       info2->printername,
+                                                       &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else {
+               r->devmode = NULL;
                DEBUG(8,("Returning NULL Devicemode!\n"));
        }
 
@@ -4218,8 +4220,22 @@ static WERROR construct_printer_info8(TALLOC_CTX *mem_ctx,
                return result;
        }
 
-       copy_devicemode(mem_ctx, info2->devmode, &r->devmode);
-       if (!r->devmode) {
+       if (info2->devmode != NULL) {
+               result = copy_devicemode(mem_ctx,
+                                        info2->devmode,
+                                        &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else if (lp_default_devmode(snum)) {
+               result = spoolss_create_default_devmode(mem_ctx,
+                                                       info2->printername,
+                                                       &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else {
+               r->devmode = NULL;
                DEBUG(8,("Returning NULL Devicemode!\n"));
        }