From: David Disseldorp Date: Tue, 27 Nov 2012 15:10:28 +0000 (+0100) Subject: spoolss: fix segfault when "default devmode" is disabled X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=2e12deedcfdc5ce3637a125b083b0f00b208bf61;p=obnox%2Fsamba%2Fsamba-obnox.git spoolss: fix segfault when "default devmode" is disabled Currently when "default devmode" is explicitly disabled, and a printer is added with a null device mode, spoolssd crashes in copy_devicemode(). Both construct_printer_info2() and construct_printer_info8() code paths currently unconditionally attempt to copy a printers device mode, without checking whether one is present. This change fixes this regression such that construct_printer_info*() functions check for a null device mode before copying. https://bugzilla.samba.org/show_bug.cgi?id=9433 Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Nov 29 13:03:05 CET 2012 on sn-devel-104 --- diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index ff342dea920..b8ee9f40724 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1938,24 +1938,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, * save it here in case we get a job submission on this handle */ - if ((Printer->printer_type != SPLHND_SERVER) && - r->in.devmode_ctr.devmode) { + if ((Printer->printer_type != SPLHND_SERVER) + && (r->in.devmode_ctr.devmode != NULL)) { copy_devicemode(NULL, r->in.devmode_ctr.devmode, &Printer->devmode); } -#if 0 /* JERRY -- I'm doubtful this is really effective */ - /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN - optimization in Windows 2000 clients --jerry */ - - if ( (r->in.access_mask == PRINTER_ACCESS_ADMINISTER) - && (RA_WIN2K == get_remote_arch()) ) - { - DEBUG(10,("_spoolss_OpenPrinterEx: Enabling LAN/WAN hack for Win2k clients.\n")); - usleep( 500000 ); - } -#endif - return WERR_OK; } @@ -4030,8 +4018,22 @@ static WERROR construct_printer_info2(TALLOC_CTX *mem_ctx, r->cjobs = count; r->averageppm = info2->averageppm; - copy_devicemode(mem_ctx, info2->devmode, &r->devmode); - if (!r->devmode) { + if (info2->devmode != NULL) { + result = copy_devicemode(mem_ctx, + info2->devmode, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else if (lp_default_devmode(snum)) { + result = spoolss_create_default_devmode(mem_ctx, + info2->printername, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else { + r->devmode = NULL; DEBUG(8,("Returning NULL Devicemode!\n")); } @@ -4201,8 +4203,22 @@ static WERROR construct_printer_info8(TALLOC_CTX *mem_ctx, return result; } - copy_devicemode(mem_ctx, info2->devmode, &r->devmode); - if (!r->devmode) { + if (info2->devmode != NULL) { + result = copy_devicemode(mem_ctx, + info2->devmode, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else if (lp_default_devmode(snum)) { + result = spoolss_create_default_devmode(mem_ctx, + info2->printername, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else { + r->devmode = NULL; DEBUG(8,("Returning NULL Devicemode!\n")); }