integer overflows in XpGetPrinterList() [CVE-2013-2062 2/3]

listCount is a CARD32 that needs to be bounds checked before it is
multiplied by the size of the structs to allocate, and the string
lengths are CARD32s and need to be bounds checked before adding one
to them to come up with the total size to allocate, to avoid integer
overflow leading to underallocation and writing data from the network
past the end of the allocated buffer.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>