summaryrefslogtreecommitdiff
path: root/source3/client
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-05-11 06:38:36 +0000
committerAndrew Tridgell <tridge@samba.org>1998-05-11 06:38:36 +0000
commit3dfc0c847240ac7e12c39f4ed9c31a888949ade1 (patch)
tree305f006b62ed9dcdca0f751dbf40d2a34ee054df /source3/client
parentffc88e2d26217f99c34ce24c0836bec3c809ca1a (diff)
downloadsamba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.gz
samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.bz2
samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.zip
changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
Diffstat (limited to 'source3/client')
-rw-r--r--source3/client/client.c34
-rw-r--r--source3/client/clitar.c2
-rw-r--r--source3/client/smbmount.c4
3 files changed, 26 insertions, 14 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index b7635c1ea3..9596a3997a 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1496,9 +1496,11 @@ static void do_mget(file_info *finfo)
}
if (finfo->mode & aDIR)
- sprintf(quest,"Get directory %s? ",CNV_LANG(finfo->name));
+ slprintf(quest,sizeof(pstring)-1,
+ "Get directory %s? ",CNV_LANG(finfo->name));
else
- sprintf(quest,"Get file %s? ",CNV_LANG(finfo->name));
+ slprintf(quest,sizeof(pstring)-1,
+ "Get file %s? ",CNV_LANG(finfo->name));
if (prompt && !yesno(quest)) return;
@@ -1572,7 +1574,9 @@ static void cmd_more(char *dum_in, char *dum_out)
strcpy(rname,cur_dir);
strcat(rname,"\\");
- sprintf(tmpname,"%s/smbmore.%d",tmpdir(),(int)getpid());
+ slprintf(tmpname,
+ sizeof(fstring)-1,
+ "%s/smbmore.%d",tmpdir(),(int)getpid());
strcpy(lname,tmpname);
if (!next_token(NULL,rname+strlen(rname),NULL)) {
@@ -1584,7 +1588,9 @@ static void cmd_more(char *dum_in, char *dum_out)
do_get(rname,lname,NULL);
pager=getenv("PAGER");
- sprintf(pager_cmd,"%s %s",(pager? pager:PAGER), tmpname);
+
+ slprintf(pager_cmd,sizeof(pager_cmd)-1,
+ "%s %s",(pager? pager:PAGER), tmpname);
system(pager_cmd);
unlink(tmpname);
}
@@ -2046,11 +2052,14 @@ static void cmd_mput(char *dum_in, char *dum_out)
pstring tmpname;
FILE *f;
- sprintf(tmpname,"%s/ls.smb.%d",tmpdir(),(int)getpid());
+ slprintf(tmpname,sizeof(pstring)-1,
+ "%s/ls.smb.%d",tmpdir(),(int)getpid());
if (recurse)
- sprintf(cmd,"find . -name \"%s\" -print > %s",p,tmpname);
+ slprintf(cmd,sizeof(pstring)-1,
+ "find . -name \"%s\" -print > %s",p,tmpname);
else
- sprintf(cmd,"/bin/ls %s > %s",p,tmpname);
+ slprintf(cmd,sizeof(pstring)-1,
+ "/bin/ls %s > %s",p,tmpname);
system(cmd);
f = fopen(tmpname,"r");
@@ -2069,7 +2078,8 @@ static void cmd_mput(char *dum_in, char *dum_out)
if (directory_exist(lname,&st))
{
if (!recurse) continue;
- sprintf(quest,"Put directory %s? ",lname);
+ slprintf(quest,sizeof(pstring)-1,
+ "Put directory %s? ",lname);
if (prompt && !yesno(quest))
{
strcat(lname,"/");
@@ -2091,7 +2101,8 @@ static void cmd_mput(char *dum_in, char *dum_out)
}
else
{
- sprintf(quest,"Put file %s? ",lname);
+ slprintf(quest,sizeof(quest)-1,
+ "Put file %s? ",lname);
if (prompt && !yesno(quest)) continue;
strcpy(rname,cur_dir);
@@ -3721,7 +3732,7 @@ static void usage(char *pname)
save_debuglevel = DEBUGLEVEL = atoi(optarg);
break;
case 'l':
- sprintf(debugf,"%s.client",optarg);
+ slprintf(debugf,sizeof(debugf)-1, "%s.client",optarg);
break;
case 'p':
port = atoi(optarg);
@@ -3814,7 +3825,8 @@ static void usage(char *pname)
if (*query_host && !nt_domain_logon)
{
int ret = 0;
- sprintf(service,"\\\\%s\\IPC$",query_host);
+ slprintf(service,sizeof(service)-1,
+ "\\\\%s\\IPC$",query_host);
strupper(service);
connect_as_ipc = True;
if (cli_open_sockets(port))
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index 98364b77ed..69a8c9823b 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -2129,7 +2129,7 @@ int process_tar(char *inbuf, char *outbuf)
switch(tar_type) {
case 'x':
-#ifdef 0
+#if 0
do_tarput2();
#else
do_tarput();
diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
index cdfeb68064..51c1ee6310 100644
--- a/source3/client/smbmount.c
+++ b/source3/client/smbmount.c
@@ -350,7 +350,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
string_replace(share_name, '\\', '/');
string_replace(share_name, ' ', '_');
- sprintf(mount_command, "smbmnt %s -s %s", mount_point, share_name);
+ slprintf(mount_command, sizeof(mount_command)-1,"smbmnt %s -s %s", mount_point, share_name);
while(next_token(NULL, buf, NULL))
{
@@ -830,7 +830,7 @@ static void usage(char *pname)
DEBUGLEVEL = atoi(optarg);
break;
case 'l':
- sprintf(debugf,"%s.client",optarg);
+ slprintf(debugf,sizeof(debugf)-1,"%s.client",optarg);
break;
case 'p':
port = atoi(optarg);