git.samba.org / ira / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aefbec5)
s3-spoolss: disallow storing an invalid devmode size.
authorGünther Deschner <gd@samba.org>
Wed, 19 Jan 2011 12:49:51 +0000 (13:49 +0100)
committerGünther Deschner <gd@samba.org>
Fri, 21 Jan 2011 09:58:20 +0000 (10:58 +0100)
Guenther

source3/rpc_server/srv_spoolss_util.c patch | blob | history

diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c
index 89cdc2dc1fd114312179b241b58f6181676d7276..a0f5a4cfc5ac00c4262c534a857d88c943265391 100644 (file)
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -1773,6 +1773,12 @@ WERROR winreg_update_printer(TALLOC_CTX *mem_ctx,
                                goto done;
                        }
                }
+
+               if (devmode->size != (ndr_size_spoolss_DeviceMode(devmode, 0) - devmode->__driverextra_length)) {
+                       result = WERR_INVALID_PARAM;
+                       goto done;
+               }
+
                ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, devmode,
                                (ndr_push_flags_fn_t) ndr_push_spoolss_DeviceMode);
                if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
Unnamed repository; edit this file 'description' to name the repository.