diff options
author | Luke Leighton <lkcl@samba.org> | 1999-06-24 18:58:08 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-06-24 18:58:08 +0000 |
commit | cae3620b2e8abbe35f0369a82d5461cb596475a3 (patch) | |
tree | 1f0e36b2a99fd2bb9cce280a0b35f4d3c17f9802 /source3/libsmb | |
parent | 07afc549e2cde45e1c5b536cc03903fe8765902f (diff) | |
download | samba-cae3620b2e8abbe35f0369a82d5461cb596475a3.tar.gz samba-cae3620b2e8abbe35f0369a82d5461cb596475a3.tar.bz2 samba-cae3620b2e8abbe35f0369a82d5461cb596475a3.zip |
safe string error reporting functions (found a potential buffer overflow
of a pstrcpy into an fstring).
(This used to be commit ac0060443de800fec9042b69b299ff2e9128a31c)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clientgen.c | 97 | ||||
-rw-r--r-- | source3/libsmb/nterr.c | 19 | ||||
-rw-r--r-- | source3/libsmb/smberr.c | 39 |
3 files changed, 93 insertions, 62 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index bd5d58e4de..cb0f2e5c74 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -90,6 +90,26 @@ static BOOL cli_send_smb(struct cli_state *cli, BOOL show) return True; } +/****************************************************** + Return an error message - either an SMB error or a RAP + error. +*******************************************************/ + +char *cli_errstr(struct cli_state *cli) +{ + static fstring error_message; + cli_safe_errstr(cli, error_message, sizeof(error_message)); + return error_message; +} + +/**************************************************************************** + return a description of an SMB error +****************************************************************************/ +void cli_safe_smb_errstr(struct cli_state *cli, char *msg, size_t len) +{ + smb_safe_errstr(cli->inbuf, msg, len); +} + /***************************************************** RAP error codes - a small start but will be extended. *******************************************************/ @@ -112,24 +132,32 @@ struct }; /**************************************************************************** - return a description of an SMB error + return a description of a RAP error ****************************************************************************/ -static char *cli_smb_errstr(struct cli_state *cli) +BOOL get_safe_rap_errstr(int rap_error, char *err_msg, size_t msglen) { - return smb_errstr(cli->inbuf); + int i; + + slprintf(err_msg, msglen - 1, "RAP code %d", rap_error); + + for (i = 0; rap_errmap[i].message != NULL; i++) + { + if (rap_errmap[i].err == rap_error) + { + safe_strcpy( err_msg, rap_errmap[i].message, msglen); + return True; + } + } + return False; } -/****************************************************** - Return an error message - either an SMB error or a RAP - error. -*******************************************************/ - -char *cli_errstr(struct cli_state *cli) +/**************************************************************************** + return a description of an SMB error +****************************************************************************/ +void cli_safe_errstr(struct cli_state *cli, char *err_msg, size_t msglen) { - static fstring error_message; uint8 errclass; uint32 errnum; - int i; /* * Errors are of three kinds - smb errors, @@ -142,47 +170,24 @@ char *cli_errstr(struct cli_state *cli) if (errclass != 0) { - return cli_smb_errstr(cli); + cli_safe_smb_errstr(cli, err_msg, msglen); } - - /* - * Was it an NT error ? - */ - - if (cli->nt_error) + else if (cli->nt_error) { - char *nt_msg = get_nt_error_msg(cli->nt_error); - - if (nt_msg == NULL) - { - slprintf(error_message, sizeof(fstring) - 1, "NT code %d", cli->nt_error); - } - else - { - fstrcpy(error_message, nt_msg); - } + /* + * Was it an NT error ? + */ - return error_message; + (void)get_safe_nt_error_msg(cli->nt_error, err_msg, msglen); } - - /* - * Must have been a rap error. - */ - - slprintf(error_message, sizeof(error_message) - 1, "code %d", cli->rap_error); - - for (i = 0; rap_errmap[i].message != NULL; i++) + else { - if (rap_errmap[i].err == cli->rap_error) - { - fstrcpy( error_message, rap_errmap[i].message); - break; - } - } - - return error_message; + /* + * Must have been a rap error. + */ + (void)get_safe_rap_errstr(cli->rap_error, err_msg, msglen); + } } - /**************************************************************************** setup basics in a outgoing packet ****************************************************************************/ diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index b094050a33..9cf1fb8214 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -521,12 +521,11 @@ nt_err_code_struct nt_errs[] = /***************************************************************************** returns an NT error message. not amazingly helpful, but better than a number. *****************************************************************************/ -char *get_nt_error_msg(uint32 nt_code) +void get_safe_nt_error_msg(uint32 nt_code, char *msg, size_t len) { - static pstring msg; int idx = 0; - snprintf(msg, sizeof(msg), "%08x", nt_code); + snprintf(msg, len, "NT code %08x", nt_code); nt_code &= 0xFFFF; @@ -534,11 +533,19 @@ char *get_nt_error_msg(uint32 nt_code) { if (nt_errs[idx].nt_errcode == nt_code) { - pstrcpy(msg, nt_errs[idx].nt_errstr); - return msg; + safe_strcpy(msg, nt_errs[idx].nt_errstr, len); + return; } idx++; } - return msg; } +/***************************************************************************** + returns an NT error message. not amazingly helpful, but better than a number. + *****************************************************************************/ +char *get_nt_error_msg(uint32 nt_code) +{ + static pstring msg; + get_safe_nt_error_msg(nt_code, msg, sizeof(msg)); + return msg; +} diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c index 85827dde28..228eee5892 100644 --- a/source3/libsmb/smberr.c +++ b/source3/libsmb/smberr.c @@ -143,13 +143,19 @@ struct {0xFF,"ERRCMD",NULL}, {-1,NULL,NULL}}; +char *smb_err_msg(uint8 class, uint32 num) +{ + static pstring ret; + smb_safe_err_msg(class, num, ret, sizeof(ret)); + return ret; +} + /**************************************************************************** return a SMB error string from a SMB buffer ****************************************************************************/ -char *smb_err_msg(uint8 class, uint32 num) +BOOL smb_safe_err_msg(uint8 class, uint32 num, char *ret, size_t len) { - static pstring ret; int i,j; for (i=0;err_classes[i].class;i++) @@ -165,29 +171,42 @@ char *smb_err_msg(uint8 class, uint32 num) { if (DEBUGLEVEL > 0) { - slprintf(ret, sizeof(ret) - 1, "%s - %s (%s)",err_classes[i].class, + slprintf(ret, len - 1, "%s - %s (%s)",err_classes[i].class, err[j].name,err[j].message); } else { - slprintf(ret, sizeof(ret) - 1, "%s - %s",err_classes[i].class,err[j].name); + slprintf(ret, len - 1, "%s - %s",err_classes[i].class,err[j].name); } - return ret; + return True; } } } - slprintf(ret, sizeof(ret) - 1, "%s - %d",err_classes[i].class, num); - return ret; + slprintf(ret, len - 1, "%s - %d",err_classes[i].class, num); + return True; } } - slprintf(ret, sizeof(ret) - 1, "Error: Unknown error (%d,%d)",class,num); - return(ret); + + slprintf(ret, len - 1, "Error: Unknown error (%d,%d)",class,num); + return False; } + +/**************************************************************************** +return a SMB error string from a SMB buffer +****************************************************************************/ +BOOL smb_safe_errstr(char *inbuf, char *msg, size_t len) +{ + return smb_safe_err_msg(CVAL(inbuf,smb_rcls), SVAL(inbuf,smb_err), + msg, len); +} + /**************************************************************************** return a SMB error string from a SMB buffer ****************************************************************************/ char *smb_errstr(char *inbuf) { - return smb_err_msg(CVAL(inbuf,smb_rcls), SVAL(inbuf,smb_err)); + static fstring errmsg; + (void)smb_safe_errstr(inbuf, errmsg, sizeof(errmsg)); + return errmsg; } |