summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJim McDonough <jmcd@samba.org>2001-10-20 21:50:51 +0000
committerJim McDonough <jmcd@samba.org>2001-10-20 21:50:51 +0000
commite5868e1f57c1de537a7385a81d23671a727af5f5 (patch)
tree8ad7978f1d7d3ad8a721ffe1db495db14b3a4f1d
parent60747ab66e768ac6801838c460a1a4fc8bba32cf (diff)
downloadsamba-e5868e1f57c1de537a7385a81d23671a727af5f5.tar.gz
samba-e5868e1f57c1de537a7385a81d23671a727af5f5.tar.bz2
samba-e5868e1f57c1de537a7385a81d23671a727af5f5.zip
Use asprintf, do bounds check, better rc logic
(This used to be commit 6a734158d92663873b7a9df517bec45a27ee9790)
-rw-r--r--source3/smbd/lanman.c76
1 files changed, 43 insertions, 33 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 0d92c98628..d4d7683855 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1670,62 +1670,63 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
fstring sharename;
fstring comment;
pstring pathname;
- pstring command;
- int offset;
+ char *command, *cmdname;
+ uint offset;
int snum;
- int res;
+ int res = ERRunsup;
/* check it's a supported varient */
if (!prefix_ok(str1,RAP_WShareAdd_REQ)) return False;
if (!check_share_info(uLevel,str2)) return False;
- if (uLevel != 2) {
- *rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
- *rdata_len = 0;
- SSVAL(*rparam,0,NERR_notsupported);
- SSVAL(*rparam,2,0);
- return True;
- }
+ if (uLevel != 2) return False;
pull_ascii_fstring(sharename,data);
snum = find_service(sharename);
if (snum >= 0) { /* already exists */
- *rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
- SSVAL(*rparam,0,ERRfilexists);
- SSVAL(*rparam,2,0);
- return True;
+ res = ERRfilexists;
+ goto error_exit;
}
/* only support disk share adds */
- if (SVAL(data,14)!=STYPE_DISKTREE) {
- *rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
- *rdata_len = 0;
- SSVAL(*rparam,0,NERR_notsupported);
- SSVAL(*rparam,2,0);
- return True;
- }
+ if (SVAL(data,14)!=STYPE_DISKTREE) return False;
offset = IVAL(data, 16);
+ if (offset >= mdrcnt) {
+ res = ERRinvalidparam;
+ goto error_exit;
+ }
pull_ascii_fstring(comment, offset? (data+offset) : "");
+
offset = IVAL(data, 26);
+ if (offset >= mdrcnt) {
+ res = ERRinvalidparam;
+ goto error_exit;
+ }
pull_ascii_pstring(pathname, offset? (data+offset) : "");
string_replace(sharename, '"', ' ');
string_replace(pathname, '"', ' ');
string_replace(comment, '"', ' ');
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+ cmdname = lp_add_share_cmd();
+
+ if (!cmdname || *cmdname == '\0') return False;
+
+ asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
lp_add_share_cmd(), CONFIGFILE, sharename, pathname, comment);
- DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command ));
- if ((res = smbrun(command, NULL)) != 0) {
- DEBUG(0,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res ));
- return ERRnoaccess;
- } else
- message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False);
- return True;
+ if (command) {
+ DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command ));
+ if ((res = smbrun(command, NULL)) != 0) {
+ DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res ));
+ SAFE_FREE(command);
+ res = ERRnoaccess;
+ goto error_exit;
+ } else {
+ SAFE_FREE(command);
+ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False);
+ }
+ } else return False;
*rparam_len = 6;
*rparam = REALLOC(*rparam,*rparam_len);
@@ -1734,7 +1735,16 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
SSVAL(*rparam,4,*rdata_len);
*rdata_len = 0;
- return(True);
+ return True;
+
+ error_exit:
+ *rparam_len = 4;
+ *rparam = REALLOC(*rparam,*rparam_len);
+ *rdata_len = 0;
+ SSVAL(*rparam,0,res);
+ SSVAL(*rparam,2,0);
+ return True;
+
}
/****************************************************************************