From 30a2314d9ab26cedcc7312c58abbf02c31dea861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 1 Sep 2016 19:54:46 +0200 Subject: [PATCH 1/2] s4-torture: test GetPrinterData with server handle and 0 keylength. This is what e.g. Windows 10 does a lot. Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider BUG: https://bugzilla.samba.org/show_bug.cgi?id=12245 (cherry picked from commit 518b2a3f5f3a4814e96546505487b775b5dbca40) --- source4/torture/rpc/spoolss.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 4bc99f2..52494b6 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -4119,19 +4119,27 @@ static bool test_GetPrinterData_list(struct torture_context *tctx, for (i=0; i < ARRAY_SIZE(list); i++) { enum winreg_Type type = REG_NONE; - enum winreg_Type type_ex= REG_NONE; + enum winreg_Type type_ex1 = REG_NONE; + enum winreg_Type type_ex2 = REG_NONE; uint8_t *data; - uint8_t *data_ex = NULL; + uint8_t *data_ex1 = NULL; + uint8_t *data_ex2 = NULL; uint32_t needed; - uint32_t needed_ex = 0; + uint32_t needed_ex1 = 0; + uint32_t needed_ex2 = 0; torture_assert(tctx, test_GetPrinterData(tctx, b, &ctx->server_handle, list[i], &type, &data, &needed), talloc_asprintf(tctx, "GetPrinterData failed on %s\n", list[i])); - torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "random_string", list[i], &type_ex, &data_ex, &needed_ex), + torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "random_string", list[i], &type_ex1, &data_ex1, &needed_ex1), talloc_asprintf(tctx, "GetPrinterDataEx failed on %s\n", list[i])); - torture_assert_int_equal(tctx, type, type_ex, "type mismatch"); - torture_assert_int_equal(tctx, needed, needed_ex, "needed mismatch"); - torture_assert_mem_equal(tctx, data, data_ex, needed, "data mismatch"); + torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "", list[i], &type_ex2, &data_ex2, &needed_ex2), + talloc_asprintf(tctx, "GetPrinterDataEx failed on %s\n", list[i])); + torture_assert_int_equal(tctx, type, type_ex1, "type mismatch"); + torture_assert_int_equal(tctx, type, type_ex2, "type mismatch"); + torture_assert_int_equal(tctx, needed, needed_ex1, "needed mismatch"); + torture_assert_int_equal(tctx, needed, needed_ex2, "needed mismatch"); + torture_assert_mem_equal(tctx, data, data_ex1, needed, "data mismatch"); + torture_assert_mem_equal(tctx, data, data_ex2, needed, "data mismatch"); } return true; -- 1.9.1 From 962843c61360708a476b82f715f1b91396965935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 1 Sep 2016 19:55:40 +0200 Subject: [PATCH 2/2] s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the keyname lengthcheck. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Sep 7 03:00:14 CEST 2016 on sn-devel-144 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12245 (cherry picked from commit d8b57e3828eac084ad302a90b33c35ff4e918e5a) --- source3/rpc_server/spoolss/srv_spoolss_nt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 2778ba8..e30c70b 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -9729,12 +9729,6 @@ WERROR _spoolss_GetPrinterDataEx(struct pipes_struct *p, goto done; } - /* check to see if the keyname is valid */ - if (!strlen(r->in.key_name)) { - result = WERR_INVALID_PARAM; - goto done; - } - /* Is the handle to a printer or to the server? */ if (Printer->printer_type == SPLHND_SERVER) { @@ -9765,6 +9759,12 @@ WERROR _spoolss_GetPrinterDataEx(struct pipes_struct *p, goto done; } + /* check to see if the keyname is valid */ + if (!strlen(r->in.key_name)) { + result = WERR_INVALID_PARAM; + goto done; + } + if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { result = WERR_BADFID; goto done; -- 1.9.1