diff options
author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
commit | f888868f46a5418bac9ab528497136c152895305 (patch) | |
tree | cf72c864807b19e098a856aaec8daf334189ff84 /source3/libsmb/clientgen.c | |
parent | 9141acecdcebd9276107a500435e3d4545020056 (diff) | |
download | samba-f888868f46a5418bac9ab528497136c152895305.tar.gz samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2 samba-f888868f46a5418bac9ab528497136c152895305.zip |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/libsmb/clientgen.c')
-rw-r--r-- | source3/libsmb/clientgen.c | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 8b4001827c..9dfd482da3 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -89,7 +89,7 @@ char *cli_errstr(struct cli_state *cli) char *nt_msg = get_nt_error_msg(cli->nt_error); if(nt_msg == NULL) - sprintf(error_message, "NT code %d", cli->nt_error); + slprintf(error_message, sizeof(fstring) - 1, "NT code %d", cli->nt_error); else fstrcpy(error_message, nt_msg); @@ -100,7 +100,7 @@ char *cli_errstr(struct cli_state *cli) * Must have been a rap error. */ - sprintf(error_message, "code %d", cli->rap_error); + slprintf(error_message, sizeof(error_message) - 1, "code %d", cli->rap_error); for(i = 0; rap_errmap[i].message != NULL; i++) { if (rap_errmap[i].err == cli->rap_error) { @@ -387,16 +387,16 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation) p = param; SSVAL(p,0,132); /* api number */ p += 2; - strcpy(p,"OOWb54WrLh"); + pstrcpy(p,"OOWb54WrLh"); p = skip_string(p,1); - strcpy(p,"WB21BWDWWDDDDDDDzzzD"); + pstrcpy(p,"WB21BWDWWDDDDDDDzzzD"); p = skip_string(p,1); SSVAL(p,0,1); p += 2; - strcpy(p,user); + pstrcpy(p,user); strupper(p); p += 21; p++; p += 15; p++; - strcpy(p, workstation); + pstrcpy(p, workstation); strupper(p); p += 16; SSVAL(p, 0, BUFFER_SIZE); @@ -443,9 +443,9 @@ BOOL cli_RNetShareEnum(struct cli_state *cli, void (*fn)(char *, uint32, char *) p = param; SSVAL(p,0,0); /* api number */ p += 2; - strcpy(p,"WrLeh"); + pstrcpy(p,"WrLeh"); p = skip_string(p,1); - strcpy(p,"B13BWz"); + pstrcpy(p,"B13BWz"); p = skip_string(p,1); SSVAL(p,0,1); SSVAL(p,2,BUFFER_SIZE); @@ -505,10 +505,10 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, p = param; SSVAL(p,0,0x68); /* api number */ p += 2; - strcpy(p,"WrLehDz"); + pstrcpy(p,"WrLehDz"); p = skip_string(p,1); - strcpy(p,"B16BBDz"); + pstrcpy(p,"B16BBDz"); p = skip_string(p,1); SSVAL(p,0,uLevel); @@ -625,7 +625,7 @@ BOOL cli_session_setup(struct cli_state *cli, p = smb_buf(cli->outbuf); memcpy(p,pword,passlen); p += passlen; - strcpy(p,user); + pstrcpy(p,user); strupper(p); } else { set_message(cli->outbuf,13,0,True); @@ -644,14 +644,14 @@ BOOL cli_session_setup(struct cli_state *cli, p += SVAL(cli->outbuf,smb_vwv7); memcpy(p,ntpass,ntpasslen); p += SVAL(cli->outbuf,smb_vwv8); - strcpy(p,user); + pstrcpy(p,user); strupper(p); p = skip_string(p,1); - strcpy(p,workgroup); + pstrcpy(p,workgroup); strupper(p); p = skip_string(p,1); - strcpy(p,"Unix");p = skip_string(p,1); - strcpy(p,"Samba");p = skip_string(p,1); + pstrcpy(p,"Unix");p = skip_string(p,1); + pstrcpy(p,"Samba");p = skip_string(p,1); set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False); } @@ -728,9 +728,9 @@ BOOL cli_send_tconX(struct cli_state *cli, p = smb_buf(cli->outbuf); memcpy(p,pword,passlen); p += passlen; - strcpy(p,fullshare); + fstrcpy(p,fullshare); p = skip_string(p,1); - strcpy(p,dev); + pstrcpy(p,dev); SCVAL(cli->inbuf,smb_rcls, 1); @@ -785,10 +785,10 @@ BOOL cli_mv(struct cli_state *cli, char *fname_src, char *fname_dst) p = smb_buf(cli->outbuf); *p++ = 4; - strcpy(p,fname_src); + pstrcpy(p,fname_src); p = skip_string(p,1); *p++ = 4; - strcpy(p,fname_dst); + pstrcpy(p,fname_dst); send_smb(cli->fd,cli->outbuf); if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) { @@ -822,7 +822,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname) p = smb_buf(cli->outbuf); *p++ = 4; - strcpy(p,fname); + pstrcpy(p,fname); send_smb(cli->fd,cli->outbuf); if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) { @@ -855,7 +855,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname) p = smb_buf(cli->outbuf); *p++ = 4; - strcpy(p,dname); + pstrcpy(p,dname); send_smb(cli->fd,cli->outbuf); if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) { @@ -887,7 +887,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname) p = smb_buf(cli->outbuf); *p++ = 4; - strcpy(p,dname); + pstrcpy(p,dname); send_smb(cli->fd,cli->outbuf); if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) { @@ -952,7 +952,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode) SSVAL(cli->outbuf,smb_vwv8,openfn); p = smb_buf(cli->outbuf); - strcpy(p,fname); + pstrcpy(p,fname); p = skip_string(p,1); send_smb(cli->fd,cli->outbuf); @@ -1179,7 +1179,7 @@ BOOL cli_getatr(struct cli_state *cli, char *fname, p = smb_buf(cli->outbuf); *p = 4; - strcpy(p+1, fname); + pstrcpy(p+1, fname); send_smb(cli->fd,cli->outbuf); if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) { @@ -1228,7 +1228,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, int attr, time_t t) p = smb_buf(cli->outbuf); *p = 4; - strcpy(p+1, fname); + pstrcpy(p+1, fname); p = skip_string(p,1); *p = 4; @@ -1450,11 +1450,11 @@ BOOL cli_oem_change_password(struct cli_state *cli, char *user, char *new_passwo SSVAL(p,0,214); /* SamOEMChangePassword command. */ p += 2; - strcpy(p, "zsT"); + pstrcpy(p, "zsT"); p = skip_string(p,1); - strcpy(p, "B516B16"); + pstrcpy(p, "B516B16"); p = skip_string(p,1); - fstrcpy(p,user); + pstrcpy(p,user); p = skip_string(p,1); SSVAL(p,0,532); p += 2; @@ -1546,7 +1546,7 @@ BOOL cli_negprot(struct cli_state *cli) prots[numprots].name && prots[numprots].prot<=cli->protocol; numprots++) { *p++ = 2; - strcpy(p,prots[numprots].name); + pstrcpy(p,prots[numprots].name); p += strlen(p) + 1; } |