summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-08-31 03:11:42 +0000
committerAndrew Tridgell <tridge@samba.org>1998-08-31 03:11:42 +0000
commit61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 (patch)
tree06d72234112a52e30d5b72e367e42efc43e9762f
parentab4577f141b0c08a543d998a36892bbafae4e902 (diff)
downloadsamba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.tar.gz
samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.tar.bz2
samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.zip
bounds check next_token() to prevent possible buffer overflows
(This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)
-rw-r--r--source3/client/client.c49
-rw-r--r--source3/client/clitar.c10
-rw-r--r--source3/client/smbmount.c10
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/lib/interface.c2
-rw-r--r--source3/lib/username.c2
-rw-r--r--source3/lib/util.c26
-rw-r--r--source3/libsmb/namequery.c10
-rw-r--r--source3/nmbd/nmbd.c4
-rw-r--r--source3/nmbd/nmbd_sendannounce.c4
-rw-r--r--source3/nmbd/nmbd_synclists.c10
-rw-r--r--source3/nmbd/nmbd_winsserver.c14
-rw-r--r--source3/printing/printing.c27
-rw-r--r--source3/rpc_client/cli_netlogon.c5
-rw-r--r--source3/rpc_parse/parse_net.c4
-rw-r--r--source3/rpc_server/srv_util.c10
-rw-r--r--source3/smbd/chgpasswd.c4
-rw-r--r--source3/smbd/groupname.c4
-rw-r--r--source3/smbd/ipc.c26
-rw-r--r--source3/smbd/password.c4
-rw-r--r--source3/utils/make_smbcodepage.c8
21 files changed, 128 insertions, 107 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index 9a4806b7a2..855d4cc2de 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -448,7 +448,7 @@ static void cmd_cd(char *inbuf,char *outbuf)
{
fstring buf;
- if (next_token(NULL,buf,NULL))
+ if (next_token(NULL,buf,NULL,sizeof(buf)))
do_cd(buf);
else
DEBUG(0,("Current directory is %s\n",CNV_LANG(cur_dir)));
@@ -1033,7 +1033,7 @@ static void cmd_dir(char *inbuf,char *outbuf)
if(mask[strlen(mask)-1]!='\\')
pstrcat(mask,"\\");
- if (next_token(NULL,buf,NULL))
+ if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if (*p == '\\')
pstrcpy(mask,p);
@@ -1463,14 +1463,14 @@ static void cmd_get(char *dum_in, char *dum_out)
p = rname + strlen(rname);
- if (!next_token(NULL,p,NULL)) {
+ if (!next_token(NULL,p,NULL,sizeof(rname)-strlen(rname))) {
DEBUG(0,("get <filename>\n"));
return;
}
pstrcpy(lname,p);
dos_clean_name(rname);
- next_token(NULL,lname,NULL);
+ next_token(NULL,lname,NULL,sizeof(lname));
do_get(rname,lname,NULL);
}
@@ -1577,7 +1577,7 @@ static void cmd_more(char *dum_in, char *dum_out)
"%s/smbmore.%d",tmpdir(),(int)getpid());
fstrcpy(lname,tmpname);
- if (!next_token(NULL,rname+strlen(rname),NULL)) {
+ if (!next_token(NULL,rname+strlen(rname),NULL,sizeof(rname)-strlen(rname))) {
DEBUG(0,("more <filename>\n"));
return;
}
@@ -1612,7 +1612,7 @@ static void cmd_mget(char *inbuf,char *outbuf)
abort_mget = False;
- while (next_token(NULL,p,NULL))
+ while (next_token(NULL,p,NULL,sizeof(buf)))
{
pstrcpy(mget_mask,cur_dir);
if(mget_mask[strlen(mget_mask)-1]!='\\')
@@ -1692,7 +1692,7 @@ static void cmd_mkdir(char *inbuf,char *outbuf)
pstrcpy(mask,cur_dir);
- if (!next_token(NULL,p,NULL))
+ if (!next_token(NULL,p,NULL,sizeof(buf)))
{
if (!recurse)
DEBUG(0,("mkdir <dirname>\n"));
@@ -1983,14 +1983,14 @@ static void cmd_put(char *dum_in, char *dum_out)
pstrcat(rname,"\\");
- if (!next_token(NULL,p,NULL))
+ if (!next_token(NULL,p,NULL,sizeof(buf)))
{
DEBUG(0,("put <filename>\n"));
return;
}
pstrcpy(lname,p);
- if (next_token(NULL,p,NULL))
+ if (next_token(NULL,p,NULL,sizeof(buf)))
pstrcat(rname,p);
else
pstrcat(rname,lname);
@@ -2040,7 +2040,7 @@ static BOOL seek_list(FILE *f,char *name)
static void cmd_select(char *dum_in, char *dum_out)
{
pstrcpy(fileselection,"");
- next_token(NULL,fileselection,NULL);
+ next_token(NULL,fileselection,NULL,sizeof(fileselection));
}
@@ -2058,7 +2058,7 @@ static void cmd_mput(char *dum_in, char *dum_out)
finfo = def_finfo;
- while (next_token(NULL,p,NULL))
+ while (next_token(NULL,p,NULL,sizeof(buf)))
{
struct stat st;
pstring cmd;
@@ -2197,14 +2197,14 @@ static void cmd_cancel(char *inbuf,char *outbuf )
DEBUG(0,("Trying to cancel print jobs without -P may fail\n"));
}
- if (!next_token(NULL,buf,NULL)) {
+ if (!next_token(NULL,buf,NULL,sizeof(buf))) {
printf("cancel <jobid> ...\n");
return;
}
do {
job = atoi(buf);
do_cancel(job);
- } while (next_token(NULL,buf,NULL));
+ } while (next_token(NULL,buf,NULL,sizeof(buf)));
}
@@ -2228,7 +2228,7 @@ static void cmd_print(char *inbuf,char *outbuf )
DEBUG(0,("Trying to print without -P may fail\n"));
}
- if (!next_token(NULL,lname,NULL))
+ if (!next_token(NULL,lname,NULL, sizeof(lname)))
{
DEBUG(0,("print <filename>\n"));
return;
@@ -2699,7 +2699,7 @@ static void cmd_del(char *inbuf,char *outbuf )
pstrcpy(mask,cur_dir);
- if (!next_token(NULL,buf,NULL))
+ if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0,("del <filename>\n"));
return;
@@ -2721,7 +2721,7 @@ static void cmd_rmdir(char *inbuf,char *outbuf )
pstrcpy(mask,cur_dir);
- if (!next_token(NULL,buf,NULL))
+ if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0,("rmdir <dirname>\n"));
return;
@@ -2763,7 +2763,8 @@ static void cmd_rename(char *inbuf,char *outbuf )
pstrcpy(src,cur_dir);
pstrcpy(dest,cur_dir);
- if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL))
+ if (!next_token(NULL,buf,NULL,sizeof(buf)) ||
+ !next_token(NULL,buf2,NULL, sizeof(buf2)))
{
DEBUG(0,("rename <src> <dest>\n"));
return;
@@ -2817,7 +2818,7 @@ static void cmd_newer(char *dum_in, char *dum_out)
BOOL ok;
struct stat sbuf;
- ok = next_token(NULL,buf,NULL);
+ ok = next_token(NULL,buf,NULL,sizeof(buf));
if (ok && (sys_stat(buf,&sbuf) == 0))
{
newer_than = sbuf.st_mtime;
@@ -2838,7 +2839,7 @@ static void cmd_archive(char *dum_in, char *dum_out)
{
fstring buf;
- if (next_token(NULL,buf,NULL)) {
+ if (next_token(NULL,buf,NULL,sizeof(buf))) {
archive_level = atoi(buf);
} else
DEBUG(0,("Archive level is %d\n",archive_level));
@@ -2884,7 +2885,7 @@ static void cmd_printmode(char *dum_in, char *dum_out)
fstring buf;
fstring mode;
- if (next_token(NULL,buf,NULL))
+ if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if (strequal(buf,"text"))
printmode = 0;
@@ -2921,7 +2922,7 @@ static void cmd_lcd(char *dum_in, char *dum_out)
fstring buf;
pstring d;
- if (next_token(NULL,buf,NULL))
+ if (next_token(NULL,buf,NULL,sizeof(buf)))
sys_chdir(buf);
DEBUG(2,("the local directory is now %s\n",GetWd(d)));
}
@@ -3299,7 +3300,7 @@ void cmd_help(char *dum_in, char *dum_out)
int i=0,j;
fstring buf;
- if (next_token(NULL,buf,NULL))
+ if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if ((i = process_tok(buf)) >= 0)
DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description));
@@ -3398,7 +3399,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
- if (!next_token(&ptr,tok,NULL)) continue;
+ if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)
@@ -3438,7 +3439,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
- if (!next_token(&ptr,tok,NULL)) continue;
+ if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index 395f31edcf..47903d20be 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -2073,7 +2073,7 @@ void cmd_block(char *dum_in, char *dum_out)
fstring buf;
int block;
- if (!next_token(NULL,buf,NULL))
+ if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0, ("blocksize <n>\n"));
return;
@@ -2097,7 +2097,7 @@ void cmd_tarmode(char *dum_in, char *dum_out)
{
fstring buf;
- while (next_token(NULL,buf,NULL)) {
+ while (next_token(NULL,buf,NULL,sizeof(buf))) {
if (strequal(buf, "full"))
tar_inc=False;
else if (strequal(buf, "inc"))
@@ -2143,7 +2143,7 @@ void cmd_setmode(char *dum_in, char *dum_out)
attra[0] = attra[1] = 0;
- if (!next_token(NULL,buf,NULL))
+ if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0, ("setmode <filename> <perm=[+|-]rsha>\n"));
return;
@@ -2152,7 +2152,7 @@ void cmd_setmode(char *dum_in, char *dum_out)
safe_strcpy(fname, cur_dir, sizeof(pstring));
safe_strcat(fname, buf, sizeof(pstring));
- while (next_token(NULL,buf,NULL)) {
+ while (next_token(NULL,buf,NULL,sizeof(buf))) {
q=buf;
while(*q)
@@ -2194,7 +2194,7 @@ void cmd_tar(char *inbuf, char *outbuf)
char **argl;
int argcl;
- if (!next_token(NULL,buf,NULL))
+ if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0,("tar <c|x>[IXbga] <filename>\n"));
return;
diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
index 9bc7cba6f6..95aeecde3c 100644
--- a/source3/client/smbmount.c
+++ b/source3/client/smbmount.c
@@ -326,7 +326,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
int retval;
char mount_point[MAXPATHLEN+1];
- if (!next_token(NULL, mpoint, NULL))
+ if (!next_token(NULL, mpoint, NULL, sizeof(mpoint)))
{
DEBUG(0,("You must supply a mount point\n"));
return;
@@ -350,7 +350,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
slprintf(mount_command, sizeof(mount_command)-1,"smbmnt %s -s %s", mount_point, share_name);
- while(next_token(NULL, buf, NULL))
+ while(next_token(NULL, buf, NULL, sizeof(buf)))
{
pstrcat(mount_command, " ");
pstrcat(mount_command, buf);
@@ -429,7 +429,7 @@ void cmd_help(char *dum_in, char *dum_out)
int i=0,j;
fstring buf;
- if (next_token(NULL,buf,NULL))
+ if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if ((i = process_tok(buf)) >= 0)
DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description));
@@ -527,7 +527,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
- if (!next_token(&ptr,tok,NULL)) continue;
+ if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)
@@ -567,7 +567,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
- if (!next_token(&ptr,tok,NULL)) continue;
+ if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ae38ece1a2..8ee95483c5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -216,7 +216,7 @@ BOOL user_in_list(char *user,char *list);
char *tmpdir(void);
BOOL is_a_socket(int fd);
-BOOL next_token(char **ptr,char *buff,char *sep);
+BOOL next_token(char **ptr,char *buff,char *sep, int bufsize);
char **toktocliplist(int *ctok, char *sep);
void *mem_dup( void *from, int size );
void array_promote(char *array,int elsize,int element);
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
index 8cc5cfb0b1..581a2135bd 100644
--- a/source3/lib/interface.c
+++ b/source3/lib/interface.c
@@ -136,7 +136,7 @@ static void interpret_interfaces(char *s, struct interface **interfaces,
allones_ip = *interpret_addr2("255.255.255.255");
loopback_ip = *interpret_addr2("127.0.0.1");
- while (next_token(&ptr,token,NULL)) {
+ while (next_token(&ptr,token,NULL,sizeof(token))) {
/* parse it into an IP address/netmasklength pair */
char *p = strchr(token,'/');
if (p) *p++ = 0;
diff --git a/source3/lib/username.c b/source3/lib/username.c
index a9d391f11a..f56f7efce2 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -297,7 +297,7 @@ BOOL user_in_list(char *user,char *list)
pstring tok;
char *p=list;
- while (next_token(&p,tok,LIST_SEP))
+ while (next_token(&p,tok,LIST_SEP, sizeof(tok)))
{
/*
* Check raw username.
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 5b8428b546..a52228c997 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -131,10 +131,11 @@ static char *last_ptr=NULL;
Based on a routine by GJC@VILLAGE.COM.
Extensively modified by Andrew.Tridgell@anu.edu.au
****************************************************************************/
-BOOL next_token(char **ptr,char *buff,char *sep)
+BOOL next_token(char **ptr,char *buff,char *sep, int bufsize)
{
char *s;
BOOL quoted;
+ int len=1;
if (!ptr) ptr = &last_ptr;
if (!ptr) return(False);
@@ -151,12 +152,14 @@ BOOL next_token(char **ptr,char *buff,char *sep)
if (! *s) return(False);
/* copy over the token */
- for (quoted = False; *s && (quoted || !strchr(sep,*s)); s++)
+ for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++)
{
- if (*s == '\"')
- quoted = !quoted;
- else
- *buff++ = *s;
+ if (*s == '\"') {
+ quoted = !quoted;
+ } else {
+ len++;
+ *buff++ = *s;
+ }
}
*ptr = (*s) ? s+1 : s;
@@ -291,7 +294,7 @@ void set_socket_options(int fd, char *options)
{
fstring tok;
- while (next_token(&options,tok," \t,"))
+ while (next_token(&options,tok," \t,", sizeof(tok)))
{
int ret=0,i;
int value = 1;
@@ -2618,7 +2621,7 @@ BOOL in_list(char *s,char *list,BOOL casesensitive)
if (!list) return(False);
- while (next_token(&p,tok,LIST_SEP))
+ while (next_token(&p,tok,LIST_SEP,sizeof(tok)))
{
if (casesensitive) {
if (strcmp(tok,s) == 0)
@@ -5085,7 +5088,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
}
p += 2;
- if(!next_token(&p, tok, "-")) {
+ if(!next_token(&p, tok, "-", sizeof(tok))) {
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
@@ -5093,7 +5096,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
/* Get the revision number. */
sidout->sid_rev_num = atoi(tok);
- if(!next_token(&p, tok, "-")) {
+ if(!next_token(&p, tok, "-", sizeof(tok))) {
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
@@ -5111,7 +5114,8 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
sidout->num_auths = 0;
- while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) {
+ while(next_token(&p, tok, "-", sizeof(tok)) &&
+ sidout->num_auths < MAXSUBAUTHS) {
/*
* NOTE - the subauths are in native machine-endian format. They
* are converted to little-endian when linearized onto the wire.
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 8b0d68ce6a..5e189020ad 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -347,13 +347,13 @@ BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr
ptr = line;
- if (next_token(&ptr,ip ,NULL))
+ if (next_token(&ptr,ip ,NULL,sizeof(ip)))
++count;
- if (next_token(&ptr,name ,NULL))
+ if (next_token(&ptr,name ,NULL, sizeof(name)))
++count;
- if (next_token(&ptr,flags,NULL))
+ if (next_token(&ptr,flags,NULL, sizeof(flags)))
++count;
- if (next_token(&ptr,extra,NULL))
+ if (next_token(&ptr,extra,NULL, sizeof(extra)))
++count;
if (count <= 0)
@@ -452,7 +452,7 @@ BOOL resolve_name(char *name, struct in_addr *return_ip)
ptr = name_resolve_list;
if (!ptr || !*ptr) ptr = "host";
- while (next_token(&ptr, tok, LIST_SEP)) {
+ while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
if(strequal(tok, "host") || strequal(tok, "hosts")) {
/*
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 9210ce4dcf..feb9c2420e 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -468,7 +468,7 @@ static BOOL init_structs(void)
*/
/* Work out the max number of netbios aliases that we have */
ptr = lp_netbios_aliases();
- for( namecount=0; next_token(&ptr,nbname,NULL); namecount++ )
+ for( namecount=0; next_token(&ptr,nbname,NULL, sizeof(nbname)); namecount++ )
;
if ( *global_myname )
namecount++;
@@ -487,7 +487,7 @@ static BOOL init_structs(void)
my_netbios_names[namecount++] = global_myname;
ptr = lp_netbios_aliases();
- while ( next_token( &ptr, nbname, NULL ) )
+ while ( next_token( &ptr, nbname, NULL, sizeof(nbname) ) )
{
strupper( nbname );
/* Look for duplicates */
diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c
index d43d2878e3..38c8deafe7 100644
--- a/source3/nmbd/nmbd_sendannounce.c
+++ b/source3/nmbd/nmbd_sendannounce.c
@@ -506,7 +506,7 @@ void announce_remote(time_t t)
comment = lp_serverstring();
- for (ptr=s; next_token(&ptr,s2,NULL); )
+ for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); )
{
/* The entries are of the form a.b.c.d/WORKGROUP with
WORKGROUP being optional */
@@ -596,7 +596,7 @@ for workgroup %s on subnet %s.\n", global_myworkgroup, FIRST_SUBNET->subnet_name
strupper(p);
p = skip_string(p,1);
- for (ptr=s; next_token(&ptr,s2,NULL); )
+ for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); )
{
/* The entries are of the form a.b.c.d */
addr = *interpret_addr2(s2);
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index b62d9b7569..432b6dcbe2 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -150,6 +150,8 @@ void sync_browse_lists(struct work_record *work,
CatchChild();
if ((s->pid = fork())) return;
+ BlockSignals( False, SIGTERM );
+
DEBUG(2,("Initiating browse sync for %s to %s(%s)\n",
work->work_group, name, inet_ntoa(ip)));
@@ -239,11 +241,9 @@ static void complete_sync(struct sync_record *s)
ptr = line;
- DEBUG(9,("sync line [%s]\n", line));
-
- if (!next_token(&ptr,server,NULL) ||
- !next_token(&ptr,type_str,NULL) ||
- !next_token(&ptr,comment,NULL)) {
+ if (!next_token(&ptr,server,NULL,sizeof(server)) ||
+ !next_token(&ptr,type_str,NULL, sizeof(type_str)) ||
+ !next_token(&ptr,comment,NULL, sizeof(comment))) {
continue;
}
diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
index d891124d06..2fcc95e1d6 100644
--- a/source3/nmbd/nmbd_winsserver.c
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -211,13 +211,13 @@ BOOL initialise_wins(void)
* time to actually parse them into the ip_list array.
*/
- if (!next_token(&ptr,name_str,NULL))
+ if (!next_token(&ptr,name_str,NULL,sizeof(name_str)))
{
DEBUG(0,("initialise_wins: Failed to parse name when parsing line %s\n", line ));
continue;
}
- if (!next_token(&ptr,ttl_str,NULL))
+ if (!next_token(&ptr,ttl_str,NULL,sizeof(ttl_str)))
{
DEBUG(0,("initialise_wins: Failed to parse time to live when parsing line %s\n", line ));
continue;
@@ -229,7 +229,7 @@ BOOL initialise_wins(void)
num_ips = 0;
do
{
- got_token = next_token(&ptr,ip_str,NULL);
+ got_token = next_token(&ptr,ip_str,NULL,sizeof(ip_str));
was_ip = False;
if(got_token && strchr(ip_str, '.'))
@@ -260,16 +260,16 @@ BOOL initialise_wins(void)
/* Reset and re-parse the line. */
ptr = line;
- next_token(&ptr,name_str,NULL);
- next_token(&ptr,ttl_str,NULL);
+ next_token(&ptr,name_str,NULL,sizeof(name_str));
+ next_token(&ptr,ttl_str,NULL,sizeof(ttl_str));
for(i = 0; i < num_ips; i++)
{
- next_token(&ptr, ip_str, NULL);
+ next_token(&ptr, ip_str, NULL, sizeof(ip_str));
ip_list[i] = *interpret_addr2(ip_str);
if (ip_equal(ip_list[i], ipzero))
source = SELF_NAME;
}
- next_token(&ptr,nb_flags_str,NULL);
+ next_token(&ptr,nb_flags_str,NULL, sizeof(nb_flags_str));
/*
* Deal with SELF or REGISTER name encoding. Default is REGISTER
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 2c7197f9db..fae4c1cc05 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -228,7 +228,10 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
- for (count=0; count<NTOK && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0;
+ count<NTOK &&
+ next_token(&line,tok[count],NULL, sizeof(tok[count]));
+ count++) ;
/* we must get NTOK tokens */
if (count < NTOK)
@@ -398,7 +401,10 @@ A long spool-path will just waste significant chars of the file name.
string_sub(line,"(","\"");
string_sub(line,")","\"");
- for (count=0; count<LPRNG_NTOK && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0;
+ count<LPRNG_NTOK &&
+ next_token(&line,tok[count],NULL, sizeof(tok[count]));
+ count++) ;
/* we must get LPRNG_NTOK tokens */
if (count < LPRNG_NTOK)
@@ -471,7 +477,10 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
- for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0;
+ count<10 &&
+ next_token(&line,tok[count],NULL, sizeof(tok[count]));
+ count++) ;
/* we must get 6 tokens */
if (count < 10)
@@ -585,7 +594,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
- for (count=0; count<2 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0; count<2 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 2 tokens */
if (count < 2) return(False);
@@ -621,7 +630,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
/* handle the dash in the job id */
string_sub(line,"-"," ");
- for (count=0; count<12 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 8 tokens */
if (count < 8) return(False);
@@ -671,7 +680,7 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
/* handle the dash in the job id */
string_sub(line,"-"," ");
- for (count=0; count<9 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0; count<9 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 7 tokens */
if (count < 7)
@@ -735,7 +744,7 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
- for (count=0; count<7 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0; count<7 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 7 tokens */
if (count < 7)
@@ -790,7 +799,7 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
- for (count=0; count<11 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0; count<11 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 11 tokens */
if (count < 11)
@@ -858,7 +867,7 @@ static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first)
/* mung all the ":"s to spaces*/
string_sub(line,":"," ");
- for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ;
+ for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 9 tokens */
if (count < 9)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ebe35abbcb..59d85db675 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -609,8 +609,9 @@ account password for domain %s.\n", domain));
*/
generate_random_buffer( new_trust_passwd_hash, 16, True);
- while(remote_machine_list && next_token( &remote_machine_list,
- remote_machine, LIST_SEP)) {
+ while(remote_machine_list &&
+ next_token(&remote_machine_list, remote_machine,
+ LIST_SEP, sizeof(remote_machine))) {
strupper(remote_machine);
if(modify_trust_password( domain, remote_machine,
old_trust_passwd_hash, new_trust_passwd_hash)) {
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 744bd455c9..182b3495db 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -558,7 +558,9 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids)
if (sids_str == NULL || *sids_str == 0) return 0;
- for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++)
+ for (count = 0, ptr = sids_str;
+ next_token(&ptr, s2, NULL, sizeof(s2)) && count < max_sids;
+ count++)
{
DOM_SID tmpsid;
string_to_sid(&tmpsid, s2);
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 6c47db04bf..0a7728aa3a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -137,7 +137,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
if (gids_str == NULL || *gids_str == 0)
return 0;
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+ for (count = 0, ptr = gids_str;
+ next_token(&ptr, s2, NULL, sizeof(s2));
+ count++)
;
gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
@@ -147,8 +149,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
return 0;
}
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) &&
- count < LSA_MAX_GROUPS; count++)
+ for (count = 0, ptr = gids_str;
+ next_token(&ptr, s2, NULL, sizeof(s2)) &&
+ count < LSA_MAX_GROUPS;
+ count++)
{
/* the entries are of the form GID/ATTR, ATTR being optional.*/
char *attr;
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index ee6a2d14f4..aebdde6d34 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -262,7 +262,7 @@ static int talktochild(int master, char *chatsequence)
*buf = 0;
sleep(1);
- while (next_token(&ptr,chatbuf,NULL)) {
+ while (next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) {
BOOL ok=True;
count++;
pwd_sub(chatbuf);
@@ -277,7 +277,7 @@ static int talktochild(int master, char *chatsequence)
return(False);
}
- if (!next_token(&ptr,chatbuf,NULL)) break;
+ if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break;
pwd_sub(chatbuf);
if (!strequal(chatbuf,"."))
writestring(master,chatbuf);
diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c
index 689fdbbbd9..3183c5c83c 100644
--- a/source3/smbd/groupname.c
+++ b/source3/smbd/groupname.c
@@ -125,10 +125,10 @@ void load_groupname_map(void)
if (!*s || strchr("#;",*s))
continue;
- if(!next_token(&s,unixname, "\t\n\r="))
+ if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
continue;
- if(!next_token(&s,windows_name, "\t\n\r="))
+ if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name)))
continue;
trim_string(unixname, " ", " ");
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 70c2668d92..7c0a51f785 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -658,7 +658,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
p = q; /* reset string pointer */
fgets(p,8191,f);
p[strlen(p)-1]='\0';
- if (next_token(&p,tok,":") &&
+ if (next_token(&p,tok,":",sizeof(tok)) &&
(strlen(lp_printerdriver(snum)) == strlen(tok)) &&
(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))))
ok=1;
@@ -666,9 +666,9 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
fclose(f);
/* driver file name */
- if (ok && !next_token(&p,driver,":")) ok = 0;
+ if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0;
/* data file name */
- if (ok && !next_token(&p,datafile,":")) ok = 0;
+ if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0;
/*
* for the next tokens - which may be empty - I have to check for empty
* tokens first because the next_token function will skip all empty
@@ -679,7 +679,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
if (*p == ':') {
*helpfile = '\0';
p++;
- } else if (!next_token(&p,helpfile,":")) ok = 0;
+ } else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0;
}
if (ok) {
@@ -687,11 +687,11 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
if (*p == ':') {
*langmon = '\0';
p++;
- } else if (!next_token(&p,langmon,":")) ok = 0;
+ } else if (!next_token(&p,langmon,":",sizeof(langmon))) ok = 0;
}
/* default data type */
- if (ok && !next_token(&p,datatype,":")) ok = 0;
+ if (ok && !next_token(&p,datatype,":",sizeof(datatype))) ok = 0;
if (ok) {
PACKI(desc,"W",0x0400); /* don't know */
@@ -714,7 +714,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
/* no need to check return value here - it was already tested in
* get_printerdrivernumber
*/
- next_token(&p,tok,",");
+ next_token(&p,tok,",",sizeof(tok));
PACKS(desc,"z",tok); /* driver files to copy */
DEBUG(3,("file:%s:\n",tok));
}
@@ -755,7 +755,7 @@ int get_printerdrivernumber(int snum)
{
p = q; /* reset string pointer */
fgets(p,8191,f);
- if (next_token(&p,tok,":") &&
+ if (next_token(&p,tok,":",sizeof(tok)) &&
(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))))
ok=1;
}
@@ -771,7 +771,7 @@ int get_printerdrivernumber(int snum)
return(0);
/* count the number of files */
- while (next_token(&p,tok,","))
+ while (next_token(&p,tok,",",sizeof(tok)))
i++;
}
free(q);
@@ -1021,10 +1021,10 @@ static int get_server_info(uint32 servertype,
}
s = &(*servers)[count];
- if (!next_token(&ptr,s->name , NULL)) continue;
- if (!next_token(&ptr,stype , NULL)) continue;
- if (!next_token(&ptr,s->comment, NULL)) continue;
- if (!next_token(&ptr,s->domain , NULL)) {
+ if (!next_token(&ptr,s->name , NULL, sizeof(s->name))) continue;
+ if (!next_token(&ptr,stype , NULL, sizeof(stype))) continue;
+ if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue;
+ if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) {
/* this allows us to cope with an old nmbd */
pstrcpy(s->domain,global_myworkgroup);
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 4ee9e8705d..dadbcad11e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -934,7 +934,7 @@ struct cli_state *server_cryptkey(void)
return NULL;
p = lp_passwordserver();
- while(p && next_token( &p, desthost, LIST_SEP)) {
+ while(p && next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
standard_sub_basic(desthost);
strupper(desthost);
@@ -1214,7 +1214,7 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup ));
*/
p = lp_passwordserver();
- while(p && next_token( &p, remote_machine, LIST_SEP)) {
+ while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
standard_sub_basic(remote_machine);
strupper(remote_machine);
diff --git a/source3/utils/make_smbcodepage.c b/source3/utils/make_smbcodepage.c
index 86c9df3a18..155ed5aeb5 100644
--- a/source3/utils/make_smbcodepage.c
+++ b/source3/utils/make_smbcodepage.c
@@ -244,7 +244,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
unsigned char b = 0;
/* Get the 'lower' value. */
- if(!next_token(&p, token_buf, NULL))
+ if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse first value");
if(!parse_byte( token_buf, &b))
parse_error(buf, "first value doesn't resolve to a byte");
@@ -253,7 +253,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4),b);
/* Get the 'upper' value. */
- if(!next_token(&p, token_buf, NULL))
+ if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse second value");
if(!parse_byte( token_buf, &b))
parse_error(buf, "second value doesn't resolve to a byte");
@@ -262,7 +262,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 1,b);
/* Get the 'upper to lower' value. */
- if(!next_token(&p, token_buf, NULL))
+ if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse third value");
if(!parse_bool( token_buf, &b))
parse_error(buf, "third value doesn't resolve to a boolean");
@@ -271,7 +271,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 2,b);
/* Get the 'lower to upper' value. */
- if(!next_token(&p, token_buf, NULL))
+ if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse fourth value");
if(!parse_bool( token_buf, &b))
parse_error(buf, "fourth value doesn't resolve to a boolean");