From 6d8c131f50e708d4c009355a7c5fe026cf8d350a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 5 Jun 2000 20:55:57 +0000
Subject: [PATCH] Some tidyup fixes (memory leaks etc.). Still no progress with
 the "no driver" issue. I'm banging my head against comparitive packet dumps
 right now... Jeremy. (This used to be commit
 03cd4aa1443acd958593f37c61ff9c90a43c660b)

---
 source3/include/proto.h             |  1 +
 source3/rpc_parse/parse_prs.c       |  6 +++---
 source3/rpc_parse/parse_spoolss.c   | 19 ++++++++++++-------
 source3/rpc_server/srv_spoolss.c    |  2 ++
 source3/rpc_server/srv_spoolss_nt.c | 29 +++++++++++++++++++----------
 5 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index d4c5f442d46..7f94fef7d73 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2589,6 +2589,7 @@ BOOL make_spoolss_q_enumprinterdata(SPOOL_Q_ENUMPRINTERDATA *q_u,
 		const POLICY_HND *hnd,
 		uint32 idx, uint32 valuelen, uint32 datalen);
 BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_struct *ps, int depth);
+void free_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u);
 BOOL spoolss_io_r_setprinterdata(char *desc, SPOOL_R_SETPRINTERDATA *r_u, prs_struct *ps, int depth);
 BOOL convert_specific_param(NT_PRINTER_PARAM **param, const UNISTR2 *value,
 				uint32 type, const uint8 *data, uint32 len);
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 0e057e9403a..d2771820439 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -232,9 +232,6 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
 		if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
 			DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
 				(unsigned int)new_size));
-			/* JRATEST */
-			smb_panic("prs_grow: ralloc fail\n");
-			/* JRATEST */
 			return False;
 		}
 
@@ -343,6 +340,9 @@ BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
 
 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
 {	
+	if (len == 0)
+		return True;
+
 	if(!prs_grow(dst, len))
 		return False;
 	
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 2e6f8ba5909..4530f638bc2 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1529,7 +1529,7 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
 ********************************************************************/
 static BOOL new_smb_io_reldevmode(char *desc, NEW_BUFFER *buffer, int depth, DEVICEMODE **devmode)
 {
-	prs_struct *ps=&(buffer->prs);
+	prs_struct *ps=&buffer->prs;
 
 	prs_debug(ps, depth, desc, "new_smb_io_reldevmode");
 	depth++;
@@ -2022,7 +2022,7 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
 	prs_debug(ps, depth, desc, "new_spoolss_io_buffer");
 	depth++;
 	
-	if (!prs_uint32("ptr", ps, depth, &(buffer->ptr)))
+	if (!prs_uint32("ptr", ps, depth, &buffer->ptr))
 		return False;
 	
 	/* reading */
@@ -2031,7 +2031,7 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
 		buffer->string_at_end=0;
 		
 		if (buffer->ptr==0) {
-			if (!prs_init(&(buffer->prs), 0, 4, UNMARSHALL))
+			if (!prs_init(&buffer->prs, 0, 4, UNMARSHALL))
 				return False;
 			return True;
 		}
@@ -2039,10 +2039,10 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
 		if (!prs_uint32("size", ps, depth, &buffer->size))
 			return False;
 					
-		if (!prs_init(&(buffer->prs), buffer->size, 4, UNMARSHALL))
+		if (!prs_init(&buffer->prs, buffer->size, 4, UNMARSHALL))
 			return False;
 
-		if (!prs_append_some_prs_data(&(buffer->prs), ps, prs_offset(ps), buffer->size))
+		if (!prs_append_some_prs_data(&buffer->prs, ps, prs_offset(ps), buffer->size))
 			return False;
 
 		if (!prs_set_offset(&buffer->prs, 0))
@@ -2060,9 +2060,9 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF
 		if (buffer->ptr==0)
 			return True;
 		
-		if (!prs_uint32("size", ps, depth, &(buffer->size)))
+		if (!prs_uint32("size", ps, depth, &buffer->size))
 			return False;
-		if (!prs_append_some_prs_data(ps, &(buffer->prs), 0, buffer->size))
+		if (!prs_append_some_prs_data(ps, &buffer->prs, 0, buffer->size))
 			return False;
 
 		return True;
@@ -4543,6 +4543,11 @@ BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_st
 	return True;
 }
 
+void free_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u)
+{
+	safe_free(q_u->data);
+}
+
 /*******************************************************************
 ********************************************************************/  
 BOOL spoolss_io_r_setprinterdata(char *desc, SPOOL_R_SETPRINTERDATA *r_u, prs_struct *ps, int depth)
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index 2513fe91e69..c2839bfbf76 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -930,6 +930,8 @@ static BOOL api_spoolss_setprinterdata(prs_struct *data, prs_struct *rdata)
 				&q_u.value, q_u.type, q_u.max_len,
 				q_u.data, q_u.real_len, q_u.numeric_data);
 				
+	free_spoolss_q_setprinterdata(&q_u);
+
 	if(!spoolss_io_r_setprinterdata("", &r_u, rdata, 0)) {
 		DEBUG(0,("spoolss_io_r_setprinterdata: unable to marshall SPOOL_R_SETPRINTERDATA.\n"));
 		return False;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 8015b9e4f88..8dca09dc95e 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -773,13 +773,17 @@ static BOOL getprinterdata_printer(const POLICY_HND *handle,
 
 	DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size));
 
-	if((*data  = (uint8 *)malloc( in_size *sizeof(uint8) )) == NULL) {
-		return False;
-	}
+	if (in_size) {
+		if((*data  = (uint8 *)malloc( in_size *sizeof(uint8) )) == NULL) {
+			return False;
+		}
 
-	memset(*data, 0, in_size *sizeof(uint8));
-	/* copy the min(in_size, len) */
-	memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
+		memset(*data, 0, in_size *sizeof(uint8));
+		/* copy the min(in_size, len) */
+		memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
+	} else {
+		*data = NULL;
+	}
 
 	*needed = len;
 	
@@ -835,9 +839,14 @@ uint32 _spoolss_getprinterdata(const POLICY_HND *handle, UNISTR2 *valuename,
 	if (found==False) {
 		DEBUG(5, ("value not found, allocating %d\n", *out_size));
 		/* reply this param doesn't exist */
-		if((*data=(uint8 *)malloc(*out_size*sizeof(uint8))) == NULL)
-			return ERROR_NOT_ENOUGH_MEMORY;
-		memset(*data, 0x0, *out_size*sizeof(uint8));
+		if (*out_size) {
+			if((*data=(uint8 *)malloc(*out_size*sizeof(uint8))) == NULL)
+				return ERROR_NOT_ENOUGH_MEMORY;
+			memset(*data, '\0', *out_size*sizeof(uint8));
+		} else {
+			*data = NULL;
+		}
+
 		return ERROR_INVALID_PARAMETER;
 	}
 	
@@ -3102,8 +3111,8 @@ uint32 _spoolss_fcpn(const POLICY_HND *handle)
 	Printer->notify.options=0;
 	Printer->notify.localmachine[0]='\0';
 	Printer->notify.printerlocal=0;
-	safe_free(Printer->notify.option);
 	safe_free(Printer->notify.option->ctr.type);
+	safe_free(Printer->notify.option);
 	Printer->notify.option=NULL;
 	
 	return NT_STATUS_NO_PROBLEMO;
-- 
2.34.1