From 91ee1b4d4f75234f9c28d1d9e3168e1786809840 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Feb 2010 16:32:51 -0800
Subject: [PATCH] Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.

Reported and found by Martin Hochreiter <linuxbox@wavenet.at>.
Ensure we copy the right amount of registry data into the outgoing
buffer.

Jeremy.
(cherry picked from commit 110a6f29f0d130753419d5fc5c7b238ab30822ec)
---
 source3/rpc_server/srv_spoolss_nt.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 0028ec0..5ef0f3f 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -7628,8 +7628,15 @@ WERROR _spoolss_EnumPrinterData(pipes_struct *p,
 
 		/* data - counted in bytes */
 
-		if (r->out.data && regval_size(val)) {
-			memcpy(r->out.data, regval_data_p(val), regval_size(val));
+		/*
+		 * See the section "Dynamically Typed Query Parameters"
+ 		 * in MS-RPRN.
+ 		 */
+
+		if (r->out.data && regval_data_p(val) &&
+				regval_size(val) && r->in.data_offered) {
+			memcpy(r->out.data, regval_data_p(val),
+				MIN(regval_size(val),r->in.data_offered));
 		}
 
 		*r->out.data_needed = regval_size(val);
-- 
1.6.6