This is a security audit change of the main source.

It removed all ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)

3 files changed, 32 insertions, 7 deletions

diff --git a/source3/include/includes.h b/source3/include/includes.h
index d741e07c28..d345ea38de 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -332,6 +332,10 @@ extern int innetgr (const char *, const char *, const char *, const char *);
 #define REPLACE_GETPASS
 #endif /* REPLACE_GETPASS */
 #define USE_SIGPROCMASK
+#ifndef QSORT_CAST
+#define QSORT_CAST (int (*)(const void *, const void *))
+#endif /* QSORT_CAST */
+#define HAVE_VSNPRINTF
 #endif
 
 
@@ -547,6 +551,7 @@ char *mktemp(char *); /* No standard include */
 #define HAVE_GETTIMEOFDAY
 #define HAVE_PATHCONF
 #define HAVE_GETGRNAM 1
+#define HAVE_VSNPRINTF
 #define QSORT_CAST (int (*)(const void *, const void *))
 #if !defined(O_SYNC)
 #if defined(O_FSYNC)
@@ -624,6 +629,7 @@ char *mktemp(char *); /* No standard include */
 #define USE_SETRES
 #define USE_SYSV_IPC
 #define NO_SEMUN
+#define HAVE_VALLOC
 #define DEFAULT_PRINTING PRINT_HPUX
 /* Ken Weiss <krweiss@ucdavis.edu> tells us that SIGCLD_IGNORE is
    not good for HPUX */
@@ -1353,12 +1359,29 @@ extern int errno;
 #define strncasecmp(s1,s2,n) StrnCaseCmp(s1,s2,n)
 #endif
 
-#ifndef strcpy
-#define strcpy(dest,src) StrCpy(dest,src)
-#endif
+#ifdef strcpy
+#undef strcpy
+#endif /* strcpy */
+#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___;
+
+#ifdef strcat
+#undef strcat
+#endif /* strcat */
+#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___;
+
+#ifdef sprintf
+#undef sprintf
+#endif /* sprintf */
+#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__>;
+
+#define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1)
+#define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1)
+#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
 
 #if MEM_MAN
 #include "mem_man/mem_man.h"
-#endif
+#endif /* MEM_MAN */
+
 
 #endif
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 79712d3c87..2285f36aa9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1170,7 +1170,7 @@ BOOL is_8_3( char *fname, BOOL check_case );
 int str_checksum( char *s );
 void reset_mangled_cache( void );
 BOOL check_mangled_cache( char *s );
-void mangle_name_83( char *s );
+void mangle_name_83( char *s, int s_len );
 BOOL name_map_mangle( char *OutName, BOOL need83, int snum );
 
 /*The following definitions come from  md4.c  */
@@ -2054,7 +2054,9 @@ char *unistr(char *buf);
 int unistrncpy(char *dst, char *src, int len);
 int unistrcpy(char *dst, char *src);
 void fstrcpy(char *dest, char *src);
-void pstrcpy(char *dest, char *src);
+void fstrcat(char *dest, char *src);
+char *safe_strcpy(char *dest, char *src, int maxlength);
+char *safe_strcat(char *dest, char *src, int maxlength);
 char *align4(char *q, char *base);
 char *align2(char *q, char *base);
 char *align_offset(char *q, char *base, int align_offset_len);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index d8fe5a84f7..714d3b2eb4 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -237,7 +237,7 @@ implemented */
 
 typedef char pstring[1024];
 typedef char fstring[128];
-typedef fstring string;
+/* typedef fstring string; */
 
 
 /* pipe strings */