diff options
| author | Jeremy Allison <jra@samba.org> | 2012-03-28 16:49:30 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2012-03-29 20:48:15 +0200 |
| commit | 5df1c115391f2d673d3dd2dfb89146ce77639d41 (patch) | |
| tree | 6476e3ef1ad04b57f230f4f4167e04e020bce111 /lib/util | |
| parent | 762928945d8c18abbce1447fb0e731a4515ffb4c (diff) | |
| download | samba-5df1c115391f2d673d3dd2dfb89146ce77639d41.tar.gz samba-5df1c115391f2d673d3dd2dfb89146ce77639d41.tar.bz2 samba-5df1c115391f2d673d3dd2dfb89146ce77639d41.zip | |
Start to add truncate checks on all uses of strlcpy(). Reading lwn
has it's uses :-).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Mar 29 20:48:15 CEST 2012 on sn-devel-104
Diffstat (limited to 'lib/util')
| -rw-r--r-- | lib/util/fault.c | 30 | ||||
| -rw-r--r-- | lib/util/util_net.c | 21 |
2 files changed, 29 insertions, 22 deletions
diff --git a/lib/util/fault.c b/lib/util/fault.c index d0b34e540b..4f8e8db5ca 100644 --- a/lib/util/fault.c +++ b/lib/util/fault.c @@ -116,8 +116,6 @@ _PUBLIC_ const char *panic_action = NULL; */ static void smb_panic_default(const char *why) { - int result; - #if defined(HAVE_PRCTL) && defined(PR_SET_PTRACER) /* * Make sure all children can attach a debugger. @@ -126,20 +124,22 @@ static void smb_panic_default(const char *why) #endif if (panic_action && *panic_action) { - char pidstr[20]; char cmdstring[200]; - strlcpy(cmdstring, panic_action, sizeof(cmdstring)); - snprintf(pidstr, sizeof(pidstr), "%d", (int) getpid()); - all_string_sub(cmdstring, "%d", pidstr, sizeof(cmdstring)); - DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmdstring)); - result = system(cmdstring); - - if (result == -1) - DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n", - strerror(errno))); - else - DEBUG(0, ("smb_panic(): action returned status %d\n", - WEXITSTATUS(result))); + if (strlcpy(cmdstring, panic_action, sizeof(cmdstring)) < sizeof(cmdstring)) { + int result; + char pidstr[20]; + snprintf(pidstr, sizeof(pidstr), "%d", (int) getpid()); + all_string_sub(cmdstring, "%d", pidstr, sizeof(cmdstring)); + DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmdstring)); + result = system(cmdstring); + + if (result == -1) + DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n", + strerror(errno))); + else + DEBUG(0, ("smb_panic(): action returned status %d\n", + WEXITSTATUS(result))); + } } DEBUG(0,("PANIC: %s\n", why)); diff --git a/lib/util/util_net.c b/lib/util/util_net.c index 637c52b988..69e5324180 100644 --- a/lib/util/util_net.c +++ b/lib/util/util_net.c @@ -107,9 +107,11 @@ static bool interpret_string_addr_pref(struct sockaddr_storage *pss, */ if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) { - strlcpy(addr, str, - MIN(PTR_DIFF(p,str)+1, - sizeof(addr))); + size_t len = MIN(PTR_DIFF(p,str)+1, sizeof(addr)); + if (strlcpy(addr, str, len) >= len) { + /* Truncate. */ + return false; + } str = addr; } } @@ -332,9 +334,11 @@ bool is_ipaddress_v6(const char *str) */ if (p && (p > str) && (if_nametoindex(p+1) != 0)) { - strlcpy(addr, str, - MIN(PTR_DIFF(p,str)+1, - sizeof(addr))); + size_t len = MIN(PTR_DIFF(p,str)+1, sizeof(addr)); + if (strlcpy(addr, str, len) >= len) { + /* Truncate. */ + return false; + } sp = addr; } ret = inet_pton(AF_INET6, sp, &dest6); @@ -723,7 +727,10 @@ static const char *get_socket_addr(int fd, char *addr_buf, size_t addr_len) * zero IPv6 address. No good choice here. */ - strlcpy(addr_buf, "0.0.0.0", addr_len); + if (strlcpy(addr_buf, "0.0.0.0", addr_len) >= addr_len) { + /* Truncate ! */ + return NULL; + } if (fd == -1) { return addr_buf; |