r13994: Belt and braces - ensure RPC_BUFFER is valid.

Jeremy.

diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index cc51df98c12ab705e493c9c0711e078be163b1d8..6a1be53738571fa4fddff30a34d281a316af26b1 100644 (file)
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -4624,11 +4624,13 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_
        
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_enumprinters\n"));
 
        *needed=0;
@@ -4933,11 +4935,13 @@ WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        *needed=0;
 
        if (!get_printer_snum(p, handle, &snum))
@@ -5530,11 +5534,13 @@ WERROR _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_getprinterdriver2\n"));
 
        if ( !(printer = find_printer_index_by_hnd( p, handle )) ) {
@@ -6367,8 +6373,11 @@ WERROR _spoolss_addjob(pipes_struct *p, SPOOL_Q_ADDJOB *q_u, SPOOL_R_ADDJOB *r_u
 {
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) 
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
+       }
+
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
 
        r_u->needed = 0;
        return WERR_INVALID_PARAM; /* this is what a NT server
@@ -6579,11 +6588,13 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_enumjobs\n"));
 
        *needed=0;
@@ -6944,11 +6955,13 @@ WERROR _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_enumprinterdrivers\n"));
        
        *needed   = 0;
@@ -7007,11 +7020,13 @@ WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMF
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_enumforms\n"));
        DEBUGADD(5,("Offered buffer size [%d]\n", offered));
        DEBUGADD(5,("Info level [%d]\n",          level));
@@ -7114,11 +7129,13 @@ WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        unistr2_to_ascii(form_name, uni_formname, sizeof(form_name)-1);
 
        DEBUG(4,("_spoolss_getform\n"));
@@ -7392,11 +7409,13 @@ WERROR _spoolss_enumports( pipes_struct *p, SPOOL_Q_ENUMPORTS *q_u, SPOOL_R_ENUM
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_enumports\n"));
        
        *returned=0;
@@ -7800,11 +7819,13 @@ WERROR _spoolss_getprinterdriverdirectory(pipes_struct *p, SPOOL_Q_GETPRINTERDRI
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer ) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(4,("_spoolss_getprinterdriverdirectory\n"));
 
        *needed=0;
@@ -8410,11 +8431,13 @@ WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(5,("spoolss_enumprintprocessors\n"));
 
        /*
@@ -8487,11 +8510,13 @@ WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDAT
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(5,("_spoolss_enumprintprocdatatypes\n"));
        
        *returned=0;
@@ -8613,11 +8638,13 @@ WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(5,("spoolss_enumprintmonitors\n"));
 
        /*
@@ -8787,11 +8814,13 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(5,("spoolss_getjob\n"));
        
        *needed = 0;
@@ -9407,11 +9436,13 @@ WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROC
 
        /* that's an [in out] buffer */
 
-       if ( q_u->buffer ) {
-               rpcbuf_move(q_u->buffer, &r_u->buffer);
-               buffer = r_u->buffer;
+       if (!q_u->buffer) {
+               return WERR_INVALID_PARAM;
        }
 
+       rpcbuf_move(q_u->buffer, &r_u->buffer);
+       buffer = r_u->buffer;
+
        DEBUG(5,("_spoolss_getprintprocessordirectory\n"));
        
        *needed=0;