summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-12-03 17:17:05 -0800
committerJeremy Allison <jra@samba.org>2007-12-03 17:17:05 -0800
commit6f46f75dfc2c80b99a6a5fb277bab456a5fd247b (patch)
tree7fb83fb23d7cdb81efb63de88d92ffe5d032a5f1
parenta22487025d20c6683f24fe3c5bb35b555d064523 (diff)
downloadsamba-6f46f75dfc2c80b99a6a5fb277bab456a5fd247b.tar.gz
samba-6f46f75dfc2c80b99a6a5fb277bab456a5fd247b.tar.bz2
samba-6f46f75dfc2c80b99a6a5fb277bab456a5fd247b.zip
Make strhex_to_str clear on string limits. Remove pstring from web/*.c
Jeremy. (This used to be commit f9c8d62389f8cb47837e5360209936176537df13)
-rw-r--r--source3/lib/util_str.c14
-rw-r--r--source3/libads/ldap.c4
-rw-r--r--source3/rpc_parse/parse_misc.c6
-rw-r--r--source3/web/cgi.c36
-rw-r--r--source3/web/startstop.c48
-rw-r--r--source3/web/statuspage.c29
-rw-r--r--source3/web/swat.c99
7 files changed, 138 insertions, 98 deletions
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index a0ca03a972..7cd0f78439 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1034,7 +1034,7 @@ static char *strncpyn(char *dest, const char *src, size_t n, char c)
**/
-size_t strhex_to_str(char *p, size_t len, const char *strhex)
+size_t strhex_to_str(char *buf, size_t buf_len, const char *strhex, size_t strhex_len)
{
size_t i;
size_t num_chars = 0;
@@ -1042,7 +1042,7 @@ size_t strhex_to_str(char *p, size_t len, const char *strhex)
const char *hexchars = "0123456789ABCDEF";
char *p1 = NULL, *p2 = NULL;
- for (i = 0; i < len && strhex[i] != 0; i++) {
+ for (i = 0; i < strhex_len && strhex[i] != 0; i++) {
if (strnequal(hexchars, "0x", 2)) {
i++; /* skip two chars */
continue;
@@ -1060,7 +1060,10 @@ size_t strhex_to_str(char *p, size_t len, const char *strhex)
hinybble = PTR_DIFF(p1, hexchars);
lonybble = PTR_DIFF(p2, hexchars);
- p[num_chars] = (hinybble << 4) | lonybble;
+ if (num_chars >= buf_len) {
+ break;
+ }
+ buf[num_chars] = (hinybble << 4) | lonybble;
num_chars++;
p1 = NULL;
@@ -1079,8 +1082,9 @@ DATA_BLOB strhex_to_data_blob(TALLOC_CTX *mem_ctx, const char *strhex)
ret_blob = data_blob(NULL, strlen(strhex)/2+1);
ret_blob.length = strhex_to_str((char*)ret_blob.data,
- strlen(strhex),
- strhex);
+ ret_blob.length,
+ strhex,
+ strlen(strhex));
return ret_blob;
}
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 533aa3026f..a4ba3760c2 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2853,10 +2853,10 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
}
break;
case ADS_EXTENDED_DN_HEX_STRING: {
- pstring buf;
+ fstring buf;
size_t buf_len;
- buf_len = strhex_to_str(buf, strlen(p), p);
+ buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p));
if (buf_len == 0) {
return False;
}
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 783c7fb7b3..9e1937ea32 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -509,8 +509,10 @@ void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf)
{
ZERO_STRUCTP(str);
if (buf && *buf) {
- create_rpc_blob(str, strlen(buf));
- str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf);
+ size_t len = strlen(buf);
+ create_rpc_blob(str, len);
+ str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len,
+ buf, len);
}
}
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 41ac29be5d..07a6fbcf54 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -173,7 +173,7 @@ void cgi_load_variables(void)
variables[num_variables].name = SMB_STRDUP(tok);
variables[num_variables].value = SMB_STRDUP(p+1);
- if (!variables[num_variables].name ||
+ if (!variables[num_variables].name ||
!variables[num_variables].value)
continue;
@@ -186,32 +186,36 @@ void cgi_load_variables(void)
printf("<!== Commandline var %s has value \"%s\" ==>\n",
variables[num_variables].name,
variables[num_variables].value);
-#endif
+#endif
num_variables++;
if (num_variables == MAX_VARIABLES) break;
}
}
#ifdef DEBUG_COMMENTS
- printf("<!== End dump in cgi_load_variables() ==>\n");
+ printf("<!== End dump in cgi_load_variables() ==>\n");
#endif
/* variables from the client are in UTF-8 - convert them
to our internal unix charset before use */
for (i=0;i<num_variables;i++) {
- pstring dest;
-
- convert_string(CH_UTF8, CH_UNIX,
- variables[i].name, -1,
- dest, sizeof(dest), True);
- free(variables[i].name);
- variables[i].name = SMB_STRDUP(dest);
-
- convert_string(CH_UTF8, CH_UNIX,
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *dest;
+
+ dest = NULL;
+ convert_string_allocate(frame, CH_UTF8, CH_UNIX,
+ variables[i].name, -1,
+ &dest, True);
+ SAFE_FREE(variables[i].name);
+ variables[i].name = SMB_STRDUP(dest ? dest : "");
+
+ dest = NULL;
+ convert_string_allocate(frame, CH_UTF8, CH_UNIX,
variables[i].value, -1,
- dest, sizeof(dest), True);
- free(variables[i].value);
- variables[i].value = SMB_STRDUP(dest);
+ &dest, True);
+ SAFE_FREE(variables[i].value);
+ variables[i].value = SMB_STRDUP(dest ? dest : "");
+ TALLOC_FREE(frame);
}
}
@@ -219,7 +223,7 @@ void cgi_load_variables(void)
/***************************************************************************
find a variable passed via CGI
Doesn't quite do what you think in the case of POST text variables, because
- if they exist they might have a value of "" or even " ", depending on the
+ if they exist they might have a value of "" or even " ", depending on the
browser. Also doesn't allow for variables[] containing multiple variables
with the same name and the same or different values.
***************************************************************************/
diff --git a/source3/web/startstop.c b/source3/web/startstop.c
index 63a9f298a5..436666f849 100644
--- a/source3/web/startstop.c
+++ b/source3/web/startstop.c
@@ -25,60 +25,60 @@
/** Startup smbd from web interface. */
void start_smbd(void)
{
- pstring binfile;
+ char *binfile = NULL;
- if (geteuid() != 0) return;
+ if (geteuid() != 0) {
+ return;
+ }
if (fork()) {
return;
}
- slprintf(binfile, sizeof(pstring) - 1, "%s/smbd", dyn_SBINDIR);
-
- become_daemon(True, False);
-
- execl(binfile, binfile, "-D", NULL);
-
+ if (asprintf(&binfile, "%s/smbd", dyn_SBINDIR) > 0) {
+ become_daemon(true, false);
+ execl(binfile, binfile, "-D", NULL);
+ }
exit(0);
}
/* startup nmbd */
void start_nmbd(void)
{
- pstring binfile;
+ char *binfile = NULL;
- if (geteuid() != 0) return;
+ if (geteuid() != 0) {
+ return;
+ }
if (fork()) {
return;
}
- slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", dyn_SBINDIR);
-
- become_daemon(True, False);
-
- execl(binfile, binfile, "-D", NULL);
-
+ if (asprintf(&binfile, "%s/nmbd", dyn_SBINDIR) > 0) {
+ become_daemon(true, false);
+ execl(binfile, binfile, "-D", NULL);
+ }
exit(0);
}
/** Startup winbindd from web interface. */
void start_winbindd(void)
{
- pstring binfile;
+ char *binfile = NULL;
- if (geteuid() != 0) return;
+ if (geteuid() != 0) {
+ return;
+ }
if (fork()) {
return;
}
- slprintf(binfile, sizeof(pstring) - 1, "%s/winbindd", dyn_SBINDIR);
-
- become_daemon(True, False);
-
- execl(binfile, binfile, NULL);
-
+ if (asprintf(&binfile, "%s/winbindd", dyn_SBINDIR) > 0) {
+ become_daemon(true, false);
+ execl(binfile, binfile, NULL);
+ }
exit(0);
}
diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c
index b59c5cdf43..647e4fcb5b 100644
--- a/source3/web/statuspage.c
+++ b/source3/web/statuspage.c
@@ -20,7 +20,7 @@
#include "includes.h"
#include "web/swat_proto.h"
-#define _(x) lang_msg_rotate(x)
+#define _(x) lang_msg_rotate(talloc_tos(),x)
#define PIDMAP struct PidMap
@@ -99,11 +99,20 @@ static char *mapPid2Machine (struct server_id pid)
return pidbuf;
}
-static char *tstring(time_t t)
+static const char *tstring(TALLOC_CTX *ctx, time_t t)
{
- static pstring buf;
- pstrcpy(buf, time_to_asc(t));
- all_string_sub(buf," ","&nbsp;",sizeof(buf));
+ char *buf;
+ buf = talloc_strdup(ctx, time_to_asc(t));
+ if (!buf) {
+ return "";
+ }
+ buf = talloc_all_string_sub(ctx,
+ buf,
+ " ",
+ "&nbsp;");
+ if (!buf) {
+ return "";
+ }
return buf;
}
@@ -162,7 +171,7 @@ static void print_share_mode(const struct share_mode_entry *e,
push_utf8_allocate(&utf8_fname, fname);
printf("<td>%s</td><td>%s</td></tr>\n",
- utf8_fname,tstring(e->time.tv_sec));
+ utf8_fname,tstring(talloc_tos(),e->time.tv_sec));
SAFE_FREE(utf8_fname);
}
@@ -199,7 +208,7 @@ static int traverse_fn2(struct db_record *rec,
printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td>\n",
procid_str_static(&crec->pid),
crec->machine, crec->addr,
- tstring(crec->start));
+ tstring(talloc_tos(),crec->start));
if (geteuid() == 0) {
printf("<td><input type=submit value=\"X\" name=\"kill_%s\"></td>\n",
procid_str_static(&crec->pid));
@@ -222,7 +231,7 @@ static int traverse_fn3(struct db_record *rec,
crec->servicename, uidtoname(crec->uid),
gidtoname(crec->gid),procid_str_static(&crec->pid),
crec->machine,
- tstring(crec->start));
+ tstring(talloc_tos(),crec->start));
return 0;
}
@@ -235,6 +244,7 @@ void status_page(void)
int refresh_interval=30;
int nr_running=0;
bool waitup = False;
+ TALLOC_CTX *ctx = talloc_stackframe();
smbd_pid = pid_to_procid(pidfile_pid("smbd"));
@@ -311,7 +321,7 @@ void status_page(void)
}
connections_forall(traverse_fn1, NULL);
-
+
initPid2Machine ();
printf("<H2>%s</H2>\n", _("Server Status"));
@@ -438,4 +448,5 @@ void status_page(void)
refresh_interval*1000);
printf("//-->\n</script>\n");
}
+ TALLOC_FREE(ctx);
}
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 65f8877bb3..b36168f71f 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -51,7 +51,7 @@ static int iNumNonAutoPrintServices = 0;
#define ENABLE_USER_FLAG "enable_user_flag"
#define RHOST "remote_host"
-#define _(x) lang_msg_rotate(x)
+#define _(x) lang_msg_rotate(talloc_tos(),x)
/****************************************************************************
****************************************************************************/
@@ -77,16 +77,30 @@ static char *fix_backslash(const char *str)
return newstring;
}
-static char *fix_quotes(const char *str)
+static const char *fix_quotes(TALLOC_CTX *ctx, const char *str)
{
- static pstring newstring;
- char *p = newstring;
- size_t newstring_len = sizeof(newstring);
+ char *newstring = NULL;
+ char *p = NULL;
+ size_t newstring_len;
int quote_len = strlen("&quot;");
+ /* Count the number of quotes. */
+ newstring_len = 1;
while (*str) {
- if ( *str == '\"' && (newstring_len - PTR_DIFF(p, newstring) - 1) > quote_len ) {
- strncpy( p, "&quot;", quote_len);
+ if ( *str == '\"') {
+ newstring_len += quote_len;
+ } else {
+ newstring_len++;
+ }
+ ++str;
+ }
+ newstring = TALLOC_ARRAY(ctx, char, newstring_len);
+ if (!newstring) {
+ return "";
+ }
+ for (p = newstring; *str; str++) {
+ if ( *str == '\"') {
+ strncpy( p, "&quot;", quote_len);
p += quote_len;
} else {
*p++ = *str;
@@ -180,25 +194,24 @@ static void print_header(void)
"i18n_translated_parm" class is used to change the color of the
translated parameter with CSS.
**************************************************************** */
-static const char* get_parm_translated(
+static const char *get_parm_translated(TALLOC_CTX *ctx,
const char* pAnchor, const char* pHelp, const char* pLabel)
{
- const char* pTranslated = _(pLabel);
- static pstring output;
- if(strcmp(pLabel, pTranslated) != 0)
- {
- pstr_sprintf(output,
+ const char *pTranslated = _(pLabel);
+ char *output;
+ if(strcmp(pLabel, pTranslated) != 0) {
+ output = talloc_asprintf(ctx,
"<A HREF=\"/swat/help/manpages/smb.conf.5.html#%s\" target=\"docs\"> %s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s <br><span class=\"i18n_translated_parm\">%s</span>",
pAnchor, pHelp, pLabel, pTranslated);
return output;
}
- pstr_sprintf(output,
+ output = talloc_asprintf(ctx,
"<A HREF=\"/swat/help/manpages/smb.conf.5.html#%s\" target=\"docs\"> %s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s",
pAnchor, pHelp, pLabel);
return output;
}
/****************************************************************************
- finish off the page
+ finish off the page
****************************************************************************/
static void print_footer(void)
{
@@ -208,19 +221,21 @@ static void print_footer(void)
}
/****************************************************************************
- display one editable parameter in a form
+ display one editable parameter in a form
****************************************************************************/
static void show_parameter(int snum, struct parm_struct *parm)
{
int i;
void *ptr = parm->ptr;
char *utf8_s1, *utf8_s2;
+ TALLOC_CTX *ctx = talloc_stackframe();
if (parm->p_class == P_LOCAL && snum >= 0) {
ptr = lp_local_ptr(snum, ptr);
}
- printf("<tr><td>%s</td><td>", get_parm_translated(stripspaceupper(parm->label), _("Help"), parm->label));
+ printf("<tr><td>%s</td><td>", get_parm_translated(ctx,
+ stripspaceupper(parm->label), _("Help"), parm->label));
switch (parm->type) {
case P_CHAR:
printf("<input type=text size=2 name=\"parm_%s\" value=\"%c\">",
@@ -256,7 +271,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
char **list = (char **)(parm->def.lvalue);
for (; *list; list++) {
/* enclose in HTML encoded quotes if the string contains a space */
- if ( strchr_m(*list, ' ') )
+ if ( strchr_m(*list, ' ') )
printf("&quot;%s&quot;%s", *list, ((*(list+1))?", ":""));
else
printf("%s%s", *list, ((*(list+1))?", ":""));
@@ -269,7 +284,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
case P_USTRING:
push_utf8_allocate(&utf8_s1, *(char **)ptr);
printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
- make_parm_name(parm->label), fix_quotes(utf8_s1));
+ make_parm_name(parm->label), fix_quotes(ctx, utf8_s1));
SAFE_FREE(utf8_s1);
printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
@@ -279,7 +294,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
case P_UGSTRING:
push_utf8_allocate(&utf8_s1, (char *)ptr);
printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
- make_parm_name(parm->label), fix_quotes(utf8_s1));
+ make_parm_name(parm->label), fix_quotes(ctx, utf8_s1));
SAFE_FREE(utf8_s1);
printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
@@ -331,6 +346,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
break;
}
printf("</td></tr>\n");
+ TALLOC_FREE(ctx);
}
/****************************************************************************
@@ -510,14 +526,17 @@ static void commit_parameters(int snum)
{
int i = 0;
struct parm_struct *parm;
- pstring label;
+ char *label;
const char *v;
while ((parm = lp_next_parameter(snum, &i, 1))) {
- slprintf(label, sizeof(label)-1, "parm_%s", make_parm_name(parm->label));
- if ((v = cgi_variable(label)) != NULL) {
- if (parm->flags & FLAG_HIDE) continue;
- commit_parameter(snum, parm, v);
+ if (asprintf(&label, "parm_%s", make_parm_name(parm->label)) > 0) {
+ if ((v = cgi_variable(label)) != NULL) {
+ if (parm->flags & FLAG_HIDE)
+ continue;
+ commit_parameter(snum, parm, v);
+ }
+ SAFE_FREE(label);
}
}
}
@@ -720,9 +739,8 @@ static void wizard_page(void)
/* Have to create Homes share? */
if ((HomeExpo == 1) && (have_home == -1)) {
- pstring unix_share;
-
- pstrcpy(unix_share,HOMES_NAME);
+ const char *unix_share = HOMES_NAME;
+
load_config(False);
lp_copy_service(GLOBAL_SECTION_SNUM, unix_share);
iNumNonAutoPrintServices = lp_numservices();
@@ -749,7 +767,6 @@ static void wizard_page(void)
winstype = 1;
if (lp_wins_server_list() && strlen(*lp_wins_server_list()))
winstype = 2;
-
/* Do we have a homes share? */
have_home = lp_servicenumber(HOMES_NAME);
@@ -1339,22 +1356,24 @@ static void printers_page(void)
doesn't have more calls to _() than the number of buffers
*/
-const char *lang_msg_rotate(const char *msgid)
+const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid)
{
-#define NUM_LANG_BUFS 16
- char *msgstr;
- static pstring bufs[NUM_LANG_BUFS];
- static int next;
+ const char *msgstr;
+ const char *ret;
- msgstr = (char *)lang_msg(msgid);
- if (!msgstr) return msgid;
+ msgstr = lang_msg(msgid);
+ if (!msgstr) {
+ return msgid;
+ }
- pstrcpy(bufs[next], msgstr);
- msgstr = bufs[next];
+ ret = talloc_strdup(ctx, msgstr);
- next = (next+1) % NUM_LANG_BUFS;
+ lang_msg_free(msgstr);
+ if (!ret) {
+ return msgid;
+ }
- return msgstr;
+ return ret;
}
/**