diff options
| author | Jeremy Allison <jra@samba.org> | 2012-03-29 17:13:07 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2012-03-30 21:26:07 +0200 |
| commit | 959516d61bc6ee7cdd12409dde0ec00044208f1b (patch) | |
| tree | 7639ccf8ba796ca775ff89b6e329d37f53a3ff9a /source3/auth | |
| parent | 60eb1621d2c3224a2c7e8bec947741446ecbc4b1 (diff) | |
| download | samba-959516d61bc6ee7cdd12409dde0ec00044208f1b.tar.gz samba-959516d61bc6ee7cdd12409dde0ec00044208f1b.tar.bz2 samba-959516d61bc6ee7cdd12409dde0ec00044208f1b.zip | |
More strlcat/strlcpy truncate checks.
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_script.c | 55 |
1 files changed, 45 insertions, 10 deletions
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c index 4432ff4aec..dc8794bf16 100644 --- a/source3/auth/auth_script.c +++ b/source3/auth/auth_script.c @@ -74,32 +74,62 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co return NT_STATUS_NO_MEMORY; } - strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len); - strlcat( secret_str, "\n", secret_str_len); - strlcat( secret_str, user_info->client.account_name, secret_str_len); - strlcat( secret_str, "\n", secret_str_len); + if (strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } + if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } + if (strlcat( secret_str, user_info->client.account_name, secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } + if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } for (i = 0; i < 8; i++) { slprintf(&hex_str[i*2], 3, "%02X", auth_context->challenge.data[i]); } - strlcat( secret_str, hex_str, secret_str_len); - strlcat( secret_str, "\n", secret_str_len); + if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } + if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } if (user_info->password.response.lanman.data) { for (i = 0; i < 24; i++) { slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.lanman.data[i]); } - strlcat( secret_str, hex_str, secret_str_len); + if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } + } + if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; } - strlcat( secret_str, "\n", secret_str_len); if (user_info->password.response.nt.data) { for (i = 0; i < 24; i++) { slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.nt.data[i]); } - strlcat( secret_str, hex_str, secret_str_len); + if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; + } + } + if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) { + /* Truncate. */ + goto cat_out; } - strlcat( secret_str, "\n", secret_str_len); DEBUG(10,("script_check_user_credentials: running %s with parameters:\n%s\n", script, secret_str )); @@ -117,6 +147,11 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co /* Cause the auth system to keep going.... */ return NT_STATUS_NOT_IMPLEMENTED; + + cat_out: + + SAFE_FREE(secret_str); + return NT_STATUS_NO_MEMORY; } /* module initialisation */ |