summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-08-31 03:11:42 +0000
committerAndrew Tridgell <tridge@samba.org>1998-08-31 03:11:42 +0000
commit61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 (patch)
tree06d72234112a52e30d5b72e367e42efc43e9762f /source3/lib
parentab4577f141b0c08a543d998a36892bbafae4e902 (diff)
downloadsamba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.tar.gz
samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.tar.bz2
samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.zip
bounds check next_token() to prevent possible buffer overflows
(This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/interface.c2
-rw-r--r--source3/lib/username.c2
-rw-r--r--source3/lib/util.c26
3 files changed, 17 insertions, 13 deletions
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
index 8cc5cfb0b1..581a2135bd 100644
--- a/source3/lib/interface.c
+++ b/source3/lib/interface.c
@@ -136,7 +136,7 @@ static void interpret_interfaces(char *s, struct interface **interfaces,
allones_ip = *interpret_addr2("255.255.255.255");
loopback_ip = *interpret_addr2("127.0.0.1");
- while (next_token(&ptr,token,NULL)) {
+ while (next_token(&ptr,token,NULL,sizeof(token))) {
/* parse it into an IP address/netmasklength pair */
char *p = strchr(token,'/');
if (p) *p++ = 0;
diff --git a/source3/lib/username.c b/source3/lib/username.c
index a9d391f11a..f56f7efce2 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -297,7 +297,7 @@ BOOL user_in_list(char *user,char *list)
pstring tok;
char *p=list;
- while (next_token(&p,tok,LIST_SEP))
+ while (next_token(&p,tok,LIST_SEP, sizeof(tok)))
{
/*
* Check raw username.
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 5b8428b546..a52228c997 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -131,10 +131,11 @@ static char *last_ptr=NULL;
Based on a routine by GJC@VILLAGE.COM.
Extensively modified by Andrew.Tridgell@anu.edu.au
****************************************************************************/
-BOOL next_token(char **ptr,char *buff,char *sep)
+BOOL next_token(char **ptr,char *buff,char *sep, int bufsize)
{
char *s;
BOOL quoted;
+ int len=1;
if (!ptr) ptr = &last_ptr;
if (!ptr) return(False);
@@ -151,12 +152,14 @@ BOOL next_token(char **ptr,char *buff,char *sep)
if (! *s) return(False);
/* copy over the token */
- for (quoted = False; *s && (quoted || !strchr(sep,*s)); s++)
+ for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++)
{
- if (*s == '\"')
- quoted = !quoted;
- else
- *buff++ = *s;
+ if (*s == '\"') {
+ quoted = !quoted;
+ } else {
+ len++;
+ *buff++ = *s;
+ }
}
*ptr = (*s) ? s+1 : s;
@@ -291,7 +294,7 @@ void set_socket_options(int fd, char *options)
{
fstring tok;
- while (next_token(&options,tok," \t,"))
+ while (next_token(&options,tok," \t,", sizeof(tok)))
{
int ret=0,i;
int value = 1;
@@ -2618,7 +2621,7 @@ BOOL in_list(char *s,char *list,BOOL casesensitive)
if (!list) return(False);
- while (next_token(&p,tok,LIST_SEP))
+ while (next_token(&p,tok,LIST_SEP,sizeof(tok)))
{
if (casesensitive) {
if (strcmp(tok,s) == 0)
@@ -5085,7 +5088,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
}
p += 2;
- if(!next_token(&p, tok, "-")) {
+ if(!next_token(&p, tok, "-", sizeof(tok))) {
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
@@ -5093,7 +5096,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
/* Get the revision number. */
sidout->sid_rev_num = atoi(tok);
- if(!next_token(&p, tok, "-")) {
+ if(!next_token(&p, tok, "-", sizeof(tok))) {
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
@@ -5111,7 +5114,8 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
sidout->num_auths = 0;
- while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) {
+ while(next_token(&p, tok, "-", sizeof(tok)) &&
+ sidout->num_auths < MAXSUBAUTHS) {
/*
* NOTE - the subauths are in native machine-endian format. They
* are converted to little-endian when linearized onto the wire.