diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-03-15 07:14:55 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-03-15 07:14:55 +0000 |
| commit | 3b5bc93e9db4df6ded2eef7b32bda74328b04811 (patch) | |
| tree | a1eda3d3fa69f62a05414b4f0fff2f4520c81055 /source3/lib/charcnv.c | |
| parent | 9a00acc472b3a9530ca71705faef3166aa9c4d47 (diff) | |
| download | samba-3b5bc93e9db4df6ded2eef7b32bda74328b04811.tar.gz samba-3b5bc93e9db4df6ded2eef7b32bda74328b04811.tar.bz2 samba-3b5bc93e9db4df6ded2eef7b32bda74328b04811.zip | |
String handling parinoia fixes.
This patch enables the compile-time checking of strings assable by means of
sizeof(). (Original code had the configure check reversed).
This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives. There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).
Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).
This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache. When jeremy fixes that, we should be able to get back to testing
this stuff.
This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack. This is printed at
smb_panic() time. (Original idea and patch by metze).
It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.
For now, this patch gives us some confidence on one class of trivial parsing
error in our code.
Andrew Bartlett
(This used to be commit 31f4827acc2a2f00399a5528fc83a0dae5cebaf4)
Diffstat (limited to 'source3/lib/charcnv.c')
| -rw-r--r-- | source3/lib/charcnv.c | 83 |
1 files changed, 14 insertions, 69 deletions
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index a8df003f8b..76d77ddd67 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -186,7 +186,7 @@ size_t convert_string(charset_t from, charset_t to, * @returns Size in bytes of the converted string; or -1 in case of error. **/ -size_t convert_string_allocate(charset_t from, charset_t to, +static size_t convert_string_allocate(charset_t from, charset_t to, void const *src, size_t srclen, void **dest) { size_t i_len, o_len, destlen; @@ -265,7 +265,7 @@ convert: * * @returns Size in bytes of the converted string; or -1 in case of error. **/ -size_t convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, +static size_t convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, void const *src, size_t srclen, void **dest) { void *alloced_string; @@ -303,7 +303,7 @@ size_t unix_strlower(const char *src, size_t srclen, char *dest, size_t destlen) } -size_t ucs2_align(const void *base_ptr, const void *p, int flags) +static size_t ucs2_align(const void *base_ptr, const void *p, int flags) { if (flags & (STR_NOALIGN|STR_ASCII)) return 0; @@ -356,11 +356,6 @@ size_t push_ascii_pstring(void *dest, const char *src) return push_ascii(dest, src, sizeof(pstring), STR_TERMINATE); } -size_t push_pstring(void *dest, const char *src) -{ - return push_ascii(dest, src, sizeof(pstring), STR_TERMINATE); -} - /** * Copy a string from a dos codepage source to a unix char* destination. * @@ -507,7 +502,7 @@ size_t push_ucs2_allocate(smb_ucs2_t **dest, const char *src) is -1 then no maxiumum is used. **/ -size_t push_utf8(void *dest, const char *src, size_t dest_len, int flags) +static size_t push_utf8(void *dest, const char *src, size_t dest_len, int flags) { size_t src_len = strlen(src); pstring tmpbuf; @@ -533,11 +528,6 @@ size_t push_utf8_fstring(void *dest, const char *src) return push_utf8(dest, src, sizeof(fstring), STR_TERMINATE); } -size_t push_utf8_pstring(void *dest, const char *src) -{ - return push_utf8(dest, src, sizeof(pstring), STR_TERMINATE); -} - /** * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer using talloc * @@ -666,7 +656,7 @@ size_t pull_ucs2_allocate(void **dest, const smb_ucs2_t *src) The resulting string in "dest" is always null terminated. **/ -size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, int flags) +static size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, int flags) { size_t ret; @@ -690,16 +680,7 @@ size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, i return src_len; } - -size_t pull_utf8_pstring(char *dest, const void *src) -{ - return pull_utf8(dest, src, sizeof(pstring), -1, STR_TERMINATE); -} - -size_t pull_utf8_fstring(char *dest, const void *src) -{ - return pull_utf8(dest, src, sizeof(fstring), -1, STR_TERMINATE); -} +#endif /** * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc @@ -745,8 +726,11 @@ size_t pull_utf8_allocate(void **dest, const char *src) is -1 then no maxiumum is used. **/ -size_t push_string(const void *base_ptr, void *dest, const char *src, size_t dest_len, int flags) +size_t push_string_fn(const char *function, unsigned int line, const void *base_ptr, void *dest, const char *src, size_t dest_len, int flags) { + if (dest_len != (size_t)-1) + clobber_region(function, line, dest, dest_len); + if (!(flags & STR_ASCII) && \ ((flags & STR_UNICODE || \ (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { @@ -770,8 +754,11 @@ size_t push_string(const void *base_ptr, void *dest, const char *src, size_t des The resulting string in "dest" is always null terminated. **/ -size_t pull_string(const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags) +size_t pull_string_fn(const char *function, unsigned int line, const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags) { + if (dest_len != (size_t)-1) + clobber_region(function, line, dest, dest_len); + if (!(flags & STR_ASCII) && \ ((flags & STR_UNICODE || \ (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { @@ -791,27 +778,6 @@ size_t align_string(const void *base_ptr, const char *p, int flags) } /** - Convert from ucs2 to unix charset and return the - allocated and converted string or NULL if an error occurred. - You must provide a zero terminated string. - The returning string will be zero terminated. -**/ - -char *acnv_u2ux(const smb_ucs2_t *src) -{ - size_t slen; - size_t dlen; - void *dest; - - slen = (strlen_w(src) + 1) * sizeof(smb_ucs2_t); - dlen = convert_string_allocate(CH_UCS2, CH_UNIX, src, slen, &dest); - if (dlen == (size_t)-1) - return NULL; - else - return dest; -} - -/** Convert from unix to ucs2 charset and return the allocated and converted string or NULL if an error occurred. You must provide a zero terminated string. @@ -833,27 +799,6 @@ smb_ucs2_t *acnv_uxu2(const char *src) } /** - Convert from ucs2 to dos charset and return the - allocated and converted string or NULL if an error occurred. - You must provide a zero terminated string. - The returning string will be zero terminated. -**/ - -char *acnv_u2dos(const smb_ucs2_t *src) -{ - size_t slen; - size_t dlen; - void *dest; - - slen = (strlen_w(src) + 1) * sizeof(smb_ucs2_t); - dlen = convert_string_allocate(CH_UCS2, CH_DOS, src, slen, &dest); - if (dlen == (size_t)-1) - return NULL; - else - return dest; -} - -/** Convert from dos to ucs2 charset and return the allocated and converted string or NULL if an error occurred. You must provide a zero terminated string. |