summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-05-12 00:55:32 +0000
committerJeremy Allison <jra@samba.org>1998-05-12 00:55:32 +0000
commitf888868f46a5418bac9ab528497136c152895305 (patch)
treecf72c864807b19e098a856aaec8daf334189ff84 /source3/libsmb
parent9141acecdcebd9276107a500435e3d4545020056 (diff)
downloadsamba-f888868f46a5418bac9ab528497136c152895305.tar.gz
samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2
samba-f888868f46a5418bac9ab528497136c152895305.zip
This is a security audit change of the main source.
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clientgen.c58
-rw-r--r--source3/libsmb/credentials.c2
-rw-r--r--source3/libsmb/namequery.c24
-rw-r--r--source3/libsmb/nmblib.c4
-rw-r--r--source3/libsmb/nterr.c4
-rw-r--r--source3/libsmb/smberr.c8
6 files changed, 50 insertions, 50 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 8b4001827c..9dfd482da3 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -89,7 +89,7 @@ char *cli_errstr(struct cli_state *cli)
char *nt_msg = get_nt_error_msg(cli->nt_error);
if(nt_msg == NULL)
- sprintf(error_message, "NT code %d", cli->nt_error);
+ slprintf(error_message, sizeof(fstring) - 1, "NT code %d", cli->nt_error);
else
fstrcpy(error_message, nt_msg);
@@ -100,7 +100,7 @@ char *cli_errstr(struct cli_state *cli)
* Must have been a rap error.
*/
- sprintf(error_message, "code %d", cli->rap_error);
+ slprintf(error_message, sizeof(error_message) - 1, "code %d", cli->rap_error);
for(i = 0; rap_errmap[i].message != NULL; i++) {
if (rap_errmap[i].err == cli->rap_error) {
@@ -387,16 +387,16 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
p = param;
SSVAL(p,0,132); /* api number */
p += 2;
- strcpy(p,"OOWb54WrLh");
+ pstrcpy(p,"OOWb54WrLh");
p = skip_string(p,1);
- strcpy(p,"WB21BWDWWDDDDDDDzzzD");
+ pstrcpy(p,"WB21BWDWWDDDDDDDzzzD");
p = skip_string(p,1);
SSVAL(p,0,1);
p += 2;
- strcpy(p,user);
+ pstrcpy(p,user);
strupper(p);
p += 21; p++; p += 15; p++;
- strcpy(p, workstation);
+ pstrcpy(p, workstation);
strupper(p);
p += 16;
SSVAL(p, 0, BUFFER_SIZE);
@@ -443,9 +443,9 @@ BOOL cli_RNetShareEnum(struct cli_state *cli, void (*fn)(char *, uint32, char *)
p = param;
SSVAL(p,0,0); /* api number */
p += 2;
- strcpy(p,"WrLeh");
+ pstrcpy(p,"WrLeh");
p = skip_string(p,1);
- strcpy(p,"B13BWz");
+ pstrcpy(p,"B13BWz");
p = skip_string(p,1);
SSVAL(p,0,1);
SSVAL(p,2,BUFFER_SIZE);
@@ -505,10 +505,10 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
p = param;
SSVAL(p,0,0x68); /* api number */
p += 2;
- strcpy(p,"WrLehDz");
+ pstrcpy(p,"WrLehDz");
p = skip_string(p,1);
- strcpy(p,"B16BBDz");
+ pstrcpy(p,"B16BBDz");
p = skip_string(p,1);
SSVAL(p,0,uLevel);
@@ -625,7 +625,7 @@ BOOL cli_session_setup(struct cli_state *cli,
p = smb_buf(cli->outbuf);
memcpy(p,pword,passlen);
p += passlen;
- strcpy(p,user);
+ pstrcpy(p,user);
strupper(p);
} else {
set_message(cli->outbuf,13,0,True);
@@ -644,14 +644,14 @@ BOOL cli_session_setup(struct cli_state *cli,
p += SVAL(cli->outbuf,smb_vwv7);
memcpy(p,ntpass,ntpasslen);
p += SVAL(cli->outbuf,smb_vwv8);
- strcpy(p,user);
+ pstrcpy(p,user);
strupper(p);
p = skip_string(p,1);
- strcpy(p,workgroup);
+ pstrcpy(p,workgroup);
strupper(p);
p = skip_string(p,1);
- strcpy(p,"Unix");p = skip_string(p,1);
- strcpy(p,"Samba");p = skip_string(p,1);
+ pstrcpy(p,"Unix");p = skip_string(p,1);
+ pstrcpy(p,"Samba");p = skip_string(p,1);
set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False);
}
@@ -728,9 +728,9 @@ BOOL cli_send_tconX(struct cli_state *cli,
p = smb_buf(cli->outbuf);
memcpy(p,pword,passlen);
p += passlen;
- strcpy(p,fullshare);
+ fstrcpy(p,fullshare);
p = skip_string(p,1);
- strcpy(p,dev);
+ pstrcpy(p,dev);
SCVAL(cli->inbuf,smb_rcls, 1);
@@ -785,10 +785,10 @@ BOOL cli_mv(struct cli_state *cli, char *fname_src, char *fname_dst)
p = smb_buf(cli->outbuf);
*p++ = 4;
- strcpy(p,fname_src);
+ pstrcpy(p,fname_src);
p = skip_string(p,1);
*p++ = 4;
- strcpy(p,fname_dst);
+ pstrcpy(p,fname_dst);
send_smb(cli->fd,cli->outbuf);
if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -822,7 +822,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname)
p = smb_buf(cli->outbuf);
*p++ = 4;
- strcpy(p,fname);
+ pstrcpy(p,fname);
send_smb(cli->fd,cli->outbuf);
if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -855,7 +855,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname)
p = smb_buf(cli->outbuf);
*p++ = 4;
- strcpy(p,dname);
+ pstrcpy(p,dname);
send_smb(cli->fd,cli->outbuf);
if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -887,7 +887,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname)
p = smb_buf(cli->outbuf);
*p++ = 4;
- strcpy(p,dname);
+ pstrcpy(p,dname);
send_smb(cli->fd,cli->outbuf);
if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -952,7 +952,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
SSVAL(cli->outbuf,smb_vwv8,openfn);
p = smb_buf(cli->outbuf);
- strcpy(p,fname);
+ pstrcpy(p,fname);
p = skip_string(p,1);
send_smb(cli->fd,cli->outbuf);
@@ -1179,7 +1179,7 @@ BOOL cli_getatr(struct cli_state *cli, char *fname,
p = smb_buf(cli->outbuf);
*p = 4;
- strcpy(p+1, fname);
+ pstrcpy(p+1, fname);
send_smb(cli->fd,cli->outbuf);
if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -1228,7 +1228,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, int attr, time_t t)
p = smb_buf(cli->outbuf);
*p = 4;
- strcpy(p+1, fname);
+ pstrcpy(p+1, fname);
p = skip_string(p,1);
*p = 4;
@@ -1450,11 +1450,11 @@ BOOL cli_oem_change_password(struct cli_state *cli, char *user, char *new_passwo
SSVAL(p,0,214); /* SamOEMChangePassword command. */
p += 2;
- strcpy(p, "zsT");
+ pstrcpy(p, "zsT");
p = skip_string(p,1);
- strcpy(p, "B516B16");
+ pstrcpy(p, "B516B16");
p = skip_string(p,1);
- fstrcpy(p,user);
+ pstrcpy(p,user);
p = skip_string(p,1);
SSVAL(p,0,532);
p += 2;
@@ -1546,7 +1546,7 @@ BOOL cli_negprot(struct cli_state *cli)
prots[numprots].name && prots[numprots].prot<=cli->protocol;
numprots++) {
*p++ = 2;
- strcpy(p,prots[numprots].name);
+ pstrcpy(p,prots[numprots].name);
p += strlen(p) + 1;
}
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 9f5c70e5e4..c9f7ee429b 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -31,7 +31,7 @@ represent a credential as a string
char *credstr(uchar *cred)
{
static fstring buf;
- sprintf(buf,"%02X%02X%02X%02X%02X%02X%02X%02X",
+ slprintf(buf, sizeof(buf) - 1, "%02X%02X%02X%02X%02X%02X%02X%02X",
cred[0], cred[1], cred[2], cred[3],
cred[4], cred[5], cred[6], cred[7]);
return buf;
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 4de10f10ce..7f3d012c30 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -51,15 +51,15 @@ static void _interpret_node_status(char *p, char *master,char *rname)
type = CVAL(p,15);
p += 16;
- strcat(flags, (p[0] & 0x80) ? "<GROUP> " : " ");
- if ((p[0] & 0x60) == 0x00) strcat(flags,"B ");
- if ((p[0] & 0x60) == 0x20) strcat(flags,"P ");
- if ((p[0] & 0x60) == 0x40) strcat(flags,"M ");
- if ((p[0] & 0x60) == 0x60) strcat(flags,"H ");
- if (p[0] & 0x10) strcat(flags,"<DEREGISTERING> ");
- if (p[0] & 0x08) strcat(flags,"<CONFLICT> ");
- if (p[0] & 0x04) strcat(flags,"<ACTIVE> ");
- if (p[0] & 0x02) strcat(flags,"<PERMANENT> ");
+ fstrcat(flags, (p[0] & 0x80) ? "<GROUP> " : " ");
+ if ((p[0] & 0x60) == 0x00) fstrcat(flags,"B ");
+ if ((p[0] & 0x60) == 0x20) fstrcat(flags,"P ");
+ if ((p[0] & 0x60) == 0x40) fstrcat(flags,"M ");
+ if ((p[0] & 0x60) == 0x60) fstrcat(flags,"H ");
+ if (p[0] & 0x10) fstrcat(flags,"<DEREGISTERING> ");
+ if (p[0] & 0x08) fstrcat(flags,"<CONFLICT> ");
+ if (p[0] & 0x04) fstrcat(flags,"<ACTIVE> ");
+ if (p[0] & 0x02) fstrcat(flags,"<PERMANENT> ");
if (master && !*master && type == 0x1d) {
StrnCpy(master,qname,15);
@@ -341,9 +341,9 @@ BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr
if (*line == '#')
continue;
- strcpy(ip,"");
- strcpy(name,"");
- strcpy(flags,"");
+ pstrcpy(ip,"");
+ pstrcpy(name,"");
+ pstrcpy(flags,"");
ptr = line;
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index 5a8a037ce5..6c178758c6 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -252,7 +252,7 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
buf1[0] = '*';
buf1[15] = name->name_type;
} else {
- sprintf(buf1,"%-15.15s%c",name->name,name->name_type);
+ slprintf(buf1, sizeof(buf1) - 1,"%-15.15s%c",name->name,name->name_type);
}
buf[offset] = 0x20;
@@ -270,7 +270,7 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
if (name->scope[0]) {
/* XXXX this scope handling needs testing */
ret += strlen(name->scope) + 1;
- strcpy(&buf[offset+1],name->scope);
+ pstrcpy(&buf[offset+1],name->scope);
p = &buf[offset+1];
while ((p = strchr(p,'.'))) {
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index 0788ae1b60..d2f9335000 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -525,7 +525,7 @@ char *get_nt_error_msg(uint32 nt_code)
static pstring msg;
int idx = 0;
- strcpy(msg, "Unknown NT error");
+ pstrcpy(msg, "Unknown NT error");
nt_code &= 0xFFFF;
@@ -533,7 +533,7 @@ char *get_nt_error_msg(uint32 nt_code)
{
if (nt_errs[idx].nt_errcode == nt_code)
{
- strcpy(msg, nt_errs[idx].nt_errstr);
+ pstrcpy(msg, nt_errs[idx].nt_errstr);
return msg;
}
idx++;
diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c
index e8c4544394..c284d18ba6 100644
--- a/source3/libsmb/smberr.c
+++ b/source3/libsmb/smberr.c
@@ -165,18 +165,18 @@ char *smb_errstr(char *inbuf)
if (num == err[j].code)
{
if (DEBUGLEVEL > 0)
- sprintf(ret,"%s - %s (%s)",err_classes[i].class,
+ slprintf(ret, sizeof(ret) - 1, "%s - %s (%s)",err_classes[i].class,
err[j].name,err[j].message);
else
- sprintf(ret,"%s - %s",err_classes[i].class,err[j].name);
+ slprintf(ret, sizeof(ret) - 1, "%s - %s",err_classes[i].class,err[j].name);
return ret;
}
}
- sprintf(ret,"%s - %d",err_classes[i].class,num);
+ slprintf(ret, sizeof(ret) - 1, "%s - %d",err_classes[i].class,num);
return ret;
}
- sprintf(ret,"Error: Unknown error (%d,%d)",class,num);
+ slprintf(ret, sizeof(ret) - 1, "Error: Unknown error (%d,%d)",class,num);
return(ret);
}