spoolss: fix segfault when "default devmode" is disabled

Currently when "default devmode" is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().

Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.

This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.

https://bugzilla.samba.org/show_bug.cgi?id=9433

Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 13:03:05 CET 2012 on sn-devel-104

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index ff342dea920665ae9c0af61e0570377d1a70e58a..b8ee9f407249c9ced17051d4c3283b6d298d015d 100644 (file)
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1938,24 +1938,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
         * save it here in case we get a job submission on this handle
         */
 
-        if ((Printer->printer_type != SPLHND_SERVER) &&
-            r->in.devmode_ctr.devmode) {
+        if ((Printer->printer_type != SPLHND_SERVER)
+         && (r->in.devmode_ctr.devmode != NULL)) {
                copy_devicemode(NULL, r->in.devmode_ctr.devmode,
                                &Printer->devmode);
         }
 
-#if 0  /* JERRY -- I'm doubtful this is really effective */
-       /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN
-          optimization in Windows 2000 clients  --jerry */
-
-       if ( (r->in.access_mask == PRINTER_ACCESS_ADMINISTER)
-               && (RA_WIN2K == get_remote_arch()) )
-       {
-               DEBUG(10,("_spoolss_OpenPrinterEx: Enabling LAN/WAN hack for Win2k clients.\n"));
-               usleep( 500000 );
-       }
-#endif
-
        return WERR_OK;
 }
 
@@ -4030,8 +4018,22 @@ static WERROR construct_printer_info2(TALLOC_CTX *mem_ctx,
        r->cjobs                = count;
        r->averageppm           = info2->averageppm;
 
-       copy_devicemode(mem_ctx, info2->devmode, &r->devmode);
-       if (!r->devmode) {
+       if (info2->devmode != NULL) {
+               result = copy_devicemode(mem_ctx,
+                                        info2->devmode,
+                                        &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else if (lp_default_devmode(snum)) {
+               result = spoolss_create_default_devmode(mem_ctx,
+                                                       info2->printername,
+                                                       &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else {
+               r->devmode = NULL;
                DEBUG(8,("Returning NULL Devicemode!\n"));
        }
 
@@ -4201,8 +4203,22 @@ static WERROR construct_printer_info8(TALLOC_CTX *mem_ctx,
                return result;
        }
 
-       copy_devicemode(mem_ctx, info2->devmode, &r->devmode);
-       if (!r->devmode) {
+       if (info2->devmode != NULL) {
+               result = copy_devicemode(mem_ctx,
+                                        info2->devmode,
+                                        &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else if (lp_default_devmode(snum)) {
+               result = spoolss_create_default_devmode(mem_ctx,
+                                                       info2->printername,
+                                                       &r->devmode);
+               if (!W_ERROR_IS_OK(result)) {
+                       return result;
+               }
+       } else {
+               r->devmode = NULL;
                DEBUG(8,("Returning NULL Devicemode!\n"));
        }