From df7d6c168b4e0d64f6140ea37e61c215d91008a8 Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Tue, 27 Nov 2012 16:10:28 +0100 Subject: [PATCH] spoolss: fix segfault when "default devmode" is disabled Currently when "default devmode" is explicitly disabled, and a printer is added with a null device mode, spoolssd crashes in copy_devicemode(). Both construct_printer_info2() and construct_printer_info8() code paths currently unconditionally attempt to copy a printers device mode, without checking whether one is present. This change fixes this regression such that construct_printer_info*() functions check for a null device mode before copying. https://bugzilla.samba.org/show_bug.cgi?id=9433 --- source3/rpc_server/spoolss/srv_spoolss_nt.c | 52 +++++++++++++++++--------- 1 files changed, 34 insertions(+), 18 deletions(-) diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 8868a98..b5949e4 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1942,24 +1942,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, * save it here in case we get a job submission on this handle */ - if ((Printer->printer_type != SPLHND_SERVER) && - r->in.devmode_ctr.devmode) { + if ((Printer->printer_type != SPLHND_SERVER) + && (r->in.devmode_ctr.devmode != NULL)) { copy_devicemode(NULL, r->in.devmode_ctr.devmode, &Printer->devmode); } -#if 0 /* JERRY -- I'm doubtful this is really effective */ - /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN - optimization in Windows 2000 clients --jerry */ - - if ( (r->in.access_mask == PRINTER_ACCESS_ADMINISTER) - && (RA_WIN2K == get_remote_arch()) ) - { - DEBUG(10,("_spoolss_OpenPrinterEx: Enabling LAN/WAN hack for Win2k clients.\n")); - sys_usleep( 500000 ); - } -#endif - return WERR_OK; } @@ -4037,8 +4025,22 @@ static WERROR construct_printer_info2(TALLOC_CTX *mem_ctx, r->cjobs = count; r->averageppm = info2->averageppm; - copy_devicemode(mem_ctx, info2->devmode, &r->devmode); - if (!r->devmode) { + if (info2->devmode != NULL) { + result = copy_devicemode(mem_ctx, + info2->devmode, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else if (lp_default_devmode(snum)) { + result = spoolss_create_default_devmode(mem_ctx, + info2->printername, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else { + r->devmode = NULL; DEBUG(8,("Returning NULL Devicemode!\n")); } @@ -4218,8 +4220,22 @@ static WERROR construct_printer_info8(TALLOC_CTX *mem_ctx, return result; } - copy_devicemode(mem_ctx, info2->devmode, &r->devmode); - if (!r->devmode) { + if (info2->devmode != NULL) { + result = copy_devicemode(mem_ctx, + info2->devmode, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else if (lp_default_devmode(snum)) { + result = spoolss_create_default_devmode(mem_ctx, + info2->printername, + &r->devmode); + if (!W_ERROR_IS_OK(result)) { + return result; + } + } else { + r->devmode = NULL; DEBUG(8,("Returning NULL Devicemode!\n")); } -- 1.7.1