Fixed the problem with UNISTR marshalling in a buffer5 struct.

The smb_io_unistr() code called a prs_align, this was not being
counted in the size or taken account of in the offset calculation.
Fixed size_ calculation to always return a size a multiple of 4
and also set the offset correctly. This fixes the problem I saw
and will hopefully fix the problem HP reported. JF please check
this change.
Jeremy.
(This used to be commit ceba9f3dcdb4bddae17ec0024692c9074086302d)

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 02ab707a40b18c31e6b3fdd14a015a0553c9707d..e7b8c23619b9b862fc98cf31d549f1085db69080 100644 (file)
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -475,8 +475,7 @@ void init_unistr(UNISTR *str, const char *buf)
 {
        size_t len;
 
-       if (buf == NULL)
-       {
+       if (buf == NULL) {
                str->buffer = NULL;
                return;
        }
@@ -484,21 +483,19 @@ void init_unistr(UNISTR *str, const char *buf)
 
        len = strlen(buf) + 1;
 
-       if (!parse_misc_talloc)
+       if (!parse_misc_talloc)
                parse_misc_talloc = talloc_init();
 
        if (len < MAX_UNISTRLEN)
                len = MAX_UNISTRLEN;
        len *= sizeof(uint16);
 
-       str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
+       str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
        if (str->buffer == NULL)
-               smb_panic("init_unistr2: malloc fail\n");
+               smb_panic("init_unistr: malloc fail\n");
 
        /* store the string (null-terminated copy) */
        dos_struni2((char *)str->buffer, buf, len);
-
-       return;
 }
 
 /*******************************************************************

diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 1a16d7ca9f079d5ca95faf2012bb5f169442cd17..3550c56e6214ed87c5004c870552c0beb6b0baf0 100644 (file)
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -96,18 +96,18 @@ static BOOL smb_io_doc_info_1(char *desc, DOC_INFO_1 *info_1, prs_struct *ps, in
        if(!prs_align(ps))
                return False;
        
-       if(!prs_uint32("p_docname",    ps, depth, &(info_1->p_docname)))
+       if(!prs_uint32("p_docname",    ps, depth, &info_1->p_docname))
                return False;
-       if(!prs_uint32("p_outputfile", ps, depth, &(info_1->p_outputfile)))
+       if(!prs_uint32("p_outputfile", ps, depth, &info_1->p_outputfile))
                return False;
-       if(!prs_uint32("p_datatype",   ps, depth, &(info_1->p_datatype)))
+       if(!prs_uint32("p_datatype",   ps, depth, &info_1->p_datatype))
                return False;
 
-       if(!smb_io_unistr2("", &(info_1->docname),    info_1->p_docname,    ps, depth))
+       if(!smb_io_unistr2("", &info_1->docname,    info_1->p_docname,    ps, depth))
                return False;
-       if(!smb_io_unistr2("", &(info_1->outputfile), info_1->p_outputfile, ps, depth))
+       if(!smb_io_unistr2("", &info_1->outputfile, info_1->p_outputfile, ps, depth))
                return False;
-       if(!smb_io_unistr2("", &(info_1->datatype),   info_1->p_datatype,   ps, depth))
+       if(!smb_io_unistr2("", &info_1->datatype,   info_1->p_datatype,   ps, depth))
                return False;
 
        return True;
@@ -128,16 +128,16 @@ static BOOL smb_io_doc_info(char *desc, DOC_INFO *info, prs_struct *ps, int dept
        if(!prs_align(ps))
                return False;
         
-       if(!prs_uint32("switch_value", ps, depth, &(info->switch_value)))
+       if(!prs_uint32("switch_value", ps, depth, &info->switch_value))
                return False;
        
-       if(!prs_uint32("doc_info_X ptr", ps, depth, &(useless_ptr)))
+       if(!prs_uint32("doc_info_X ptr", ps, depth, &useless_ptr))
                return False;
 
        switch (info->switch_value)
        {
                case 1: 
-                       if(!smb_io_doc_info_1("",&(info->doc_info_1), ps, depth))
+                       if(!smb_io_doc_info_1("",&info->doc_info_1, ps, depth))
                                return False;
                        break;
                case 2:
@@ -151,7 +151,7 @@ static BOOL smb_io_doc_info(char *desc, DOC_INFO *info, prs_struct *ps, int dept
                          Maybe one day with Windows for dishwasher 2037 ...
                          
                        */
-                       /* smb_io_doc_info_2("",&(info->doc_info_2), ps, depth); */
+                       /* smb_io_doc_info_2("",&info->doc_info_2, ps, depth); */
                        break;
                default:
                        DEBUG(0,("Something is obviously wrong somewhere !\n"));
@@ -1446,6 +1446,8 @@ static uint32 size_of_relative_string(UNISTR *string)
        size=str_len_uni(string);       /* the string length       */
        size=size+1;                    /* add the leading zero    */
        size=size*2;                    /* convert in char         */
+       /* Ensure size is 4 byte multiple (prs_align is being called...). */
+       size += ((4 - (size & 3)) & 3);
        size=size+4;                    /* add the size of the ptr */   
 
        return size;
@@ -1473,28 +1475,6 @@ static uint32 size_of_systemtime(SYSTEMTIME *systime)
                return (sizeof(SYSTEMTIME) +4);
 }
 
-/*******************************************************************
- * write a UNICODE string.
- * used by all the RPC structs passing a buffer
- ********************************************************************/
-static BOOL spoolss_smb_io_unistr(char *desc, UNISTR *uni, prs_struct *ps, int depth)
-{
-       if (uni == NULL)
-               return False;
-
-       prs_debug(ps, depth, desc, "spoolss_smb_io_unistr");
-       depth++;
-       
-       if (!prs_align(ps))
-               return False;
-               
-       if (!prs_unistr("unistr", ps, depth, uni))
-               return False;
-
-       return True;
-}
-
-
 /*******************************************************************
  * write a UNICODE string and its relative pointer.
  * used by all the RPC structs passing a buffer
@@ -1522,12 +1502,15 @@ static BOOL new_smb_io_relstr(char *desc, NEW_BUFFER *buffer, int depth, UNISTR
                uint32 struct_offset = prs_offset(ps);
                uint32 relative_offset;
                
-               buffer->string_at_end -= 2*(str_len_uni(string)+1);
+               buffer->string_at_end -= (size_of_relative_string(string) - 4);
                if(!prs_set_offset(ps, buffer->string_at_end))
                        return False;
+               if (!prs_align(ps))
+                       return False;
+               buffer->string_at_end = prs_offset(ps);
                
                /* write the string */
-               if (!spoolss_smb_io_unistr(desc, string, ps, depth))
+               if (!smb_io_unistr(desc, string, ps, depth))
                        return False;
 
                if(!prs_set_offset(ps, struct_offset))
@@ -1550,7 +1533,7 @@ static BOOL new_smb_io_relstr(char *desc, NEW_BUFFER *buffer, int depth, UNISTR
                        return False;
 
                /* read the string */
-               if (!spoolss_smb_io_unistr(desc, string, ps, depth))
+               if (!smb_io_unistr(desc, string, ps, depth))
                        return False;
 
                if(!prs_set_offset(ps, old_offset))
@@ -1605,7 +1588,7 @@ static BOOL new_smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, ui
                        }
 
                        /* write the string */
-                       if (!spoolss_smb_io_unistr(desc, &chaine, ps, depth)) {
+                       if (!smb_io_unistr(desc, &chaine, ps, depth)) {
                                free(chaine.buffer);
                                return False;
                        }
@@ -1640,7 +1623,7 @@ static BOOL new_smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, ui
                        return False;
        
                do {
-                       if (!spoolss_smb_io_unistr(desc, &chaine, ps, depth))
+                       if (!smb_io_unistr(desc, &chaine, ps, depth))
                                return False;
                        
                        l_chaine=str_len_uni(&chaine);
@@ -1686,15 +1669,10 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
                }
                
                if (*secdesc != NULL) {
-#if 0 /* JRATEST */
-                       if(!prs_set_offset(ps, 0x54))
-                               return False;
-#else
                        buffer->string_at_end -= sec_desc_size(*secdesc);
 
                        if(!prs_set_offset(ps, buffer->string_at_end))
                                return False;
-#endif
                        /* write the secdesc */
                        if (!sec_io_desc(desc, secdesc, ps, depth))
                                return False;
@@ -1705,9 +1683,6 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
 
                relative_offset=buffer->string_at_end - buffer->struct_start;
                /* write its offset */
-#if 0 /* JRATEST */
-               relative_offset = 0x54;
-#endif
 
                if (!prs_uint32("offset", ps, depth, &relative_offset))
                        return False;
@@ -2418,7 +2393,7 @@ BOOL new_smb_io_driverdir_1(char *desc, NEW_BUFFER *buffer, DRIVER_DIRECTORY_1 *
 
        buffer->struct_start=prs_offset(ps);
 
-       if (!spoolss_smb_io_unistr(desc, &info->name, ps, depth))
+       if (!smb_io_unistr(desc, &info->name, ps, depth))
                return False;
 
        return True;