summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-06-24 18:58:08 +0000
committerLuke Leighton <lkcl@samba.org>1999-06-24 18:58:08 +0000
commitcae3620b2e8abbe35f0369a82d5461cb596475a3 (patch)
tree1f0e36b2a99fd2bb9cce280a0b35f4d3c17f9802 /source3/libsmb
parent07afc549e2cde45e1c5b536cc03903fe8765902f (diff)
downloadsamba-cae3620b2e8abbe35f0369a82d5461cb596475a3.tar.gz
samba-cae3620b2e8abbe35f0369a82d5461cb596475a3.tar.bz2
samba-cae3620b2e8abbe35f0369a82d5461cb596475a3.zip
safe string error reporting functions (found a potential buffer overflow
of a pstrcpy into an fstring). (This used to be commit ac0060443de800fec9042b69b299ff2e9128a31c)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clientgen.c97
-rw-r--r--source3/libsmb/nterr.c19
-rw-r--r--source3/libsmb/smberr.c39
3 files changed, 93 insertions, 62 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index bd5d58e4de..cb0f2e5c74 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -90,6 +90,26 @@ static BOOL cli_send_smb(struct cli_state *cli, BOOL show)
return True;
}
+/******************************************************
+ Return an error message - either an SMB error or a RAP
+ error.
+*******************************************************/
+
+char *cli_errstr(struct cli_state *cli)
+{
+ static fstring error_message;
+ cli_safe_errstr(cli, error_message, sizeof(error_message));
+ return error_message;
+}
+
+/****************************************************************************
+ return a description of an SMB error
+****************************************************************************/
+void cli_safe_smb_errstr(struct cli_state *cli, char *msg, size_t len)
+{
+ smb_safe_errstr(cli->inbuf, msg, len);
+}
+
/*****************************************************
RAP error codes - a small start but will be extended.
*******************************************************/
@@ -112,24 +132,32 @@ struct
};
/****************************************************************************
- return a description of an SMB error
+ return a description of a RAP error
****************************************************************************/
-static char *cli_smb_errstr(struct cli_state *cli)
+BOOL get_safe_rap_errstr(int rap_error, char *err_msg, size_t msglen)
{
- return smb_errstr(cli->inbuf);
+ int i;
+
+ slprintf(err_msg, msglen - 1, "RAP code %d", rap_error);
+
+ for (i = 0; rap_errmap[i].message != NULL; i++)
+ {
+ if (rap_errmap[i].err == rap_error)
+ {
+ safe_strcpy( err_msg, rap_errmap[i].message, msglen);
+ return True;
+ }
+ }
+ return False;
}
-/******************************************************
- Return an error message - either an SMB error or a RAP
- error.
-*******************************************************/
-
-char *cli_errstr(struct cli_state *cli)
+/****************************************************************************
+ return a description of an SMB error
+****************************************************************************/
+void cli_safe_errstr(struct cli_state *cli, char *err_msg, size_t msglen)
{
- static fstring error_message;
uint8 errclass;
uint32 errnum;
- int i;
/*
* Errors are of three kinds - smb errors,
@@ -142,47 +170,24 @@ char *cli_errstr(struct cli_state *cli)
if (errclass != 0)
{
- return cli_smb_errstr(cli);
+ cli_safe_smb_errstr(cli, err_msg, msglen);
}
-
- /*
- * Was it an NT error ?
- */
-
- if (cli->nt_error)
+ else if (cli->nt_error)
{
- char *nt_msg = get_nt_error_msg(cli->nt_error);
-
- if (nt_msg == NULL)
- {
- slprintf(error_message, sizeof(fstring) - 1, "NT code %d", cli->nt_error);
- }
- else
- {
- fstrcpy(error_message, nt_msg);
- }
+ /*
+ * Was it an NT error ?
+ */
- return error_message;
+ (void)get_safe_nt_error_msg(cli->nt_error, err_msg, msglen);
}
-
- /*
- * Must have been a rap error.
- */
-
- slprintf(error_message, sizeof(error_message) - 1, "code %d", cli->rap_error);
-
- for (i = 0; rap_errmap[i].message != NULL; i++)
+ else
{
- if (rap_errmap[i].err == cli->rap_error)
- {
- fstrcpy( error_message, rap_errmap[i].message);
- break;
- }
- }
-
- return error_message;
+ /*
+ * Must have been a rap error.
+ */
+ (void)get_safe_rap_errstr(cli->rap_error, err_msg, msglen);
+ }
}
-
/****************************************************************************
setup basics in a outgoing packet
****************************************************************************/
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index b094050a33..9cf1fb8214 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -521,12 +521,11 @@ nt_err_code_struct nt_errs[] =
/*****************************************************************************
returns an NT error message. not amazingly helpful, but better than a number.
*****************************************************************************/
-char *get_nt_error_msg(uint32 nt_code)
+void get_safe_nt_error_msg(uint32 nt_code, char *msg, size_t len)
{
- static pstring msg;
int idx = 0;
- snprintf(msg, sizeof(msg), "%08x", nt_code);
+ snprintf(msg, len, "NT code %08x", nt_code);
nt_code &= 0xFFFF;
@@ -534,11 +533,19 @@ char *get_nt_error_msg(uint32 nt_code)
{
if (nt_errs[idx].nt_errcode == nt_code)
{
- pstrcpy(msg, nt_errs[idx].nt_errstr);
- return msg;
+ safe_strcpy(msg, nt_errs[idx].nt_errstr, len);
+ return;
}
idx++;
}
- return msg;
}
+/*****************************************************************************
+ returns an NT error message. not amazingly helpful, but better than a number.
+ *****************************************************************************/
+char *get_nt_error_msg(uint32 nt_code)
+{
+ static pstring msg;
+ get_safe_nt_error_msg(nt_code, msg, sizeof(msg));
+ return msg;
+}
diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c
index 85827dde28..228eee5892 100644
--- a/source3/libsmb/smberr.c
+++ b/source3/libsmb/smberr.c
@@ -143,13 +143,19 @@ struct
{0xFF,"ERRCMD",NULL},
{-1,NULL,NULL}};
+char *smb_err_msg(uint8 class, uint32 num)
+{
+ static pstring ret;
+ smb_safe_err_msg(class, num, ret, sizeof(ret));
+ return ret;
+}
+
/****************************************************************************
return a SMB error string from a SMB buffer
****************************************************************************/
-char *smb_err_msg(uint8 class, uint32 num)
+BOOL smb_safe_err_msg(uint8 class, uint32 num, char *ret, size_t len)
{
- static pstring ret;
int i,j;
for (i=0;err_classes[i].class;i++)
@@ -165,29 +171,42 @@ char *smb_err_msg(uint8 class, uint32 num)
{
if (DEBUGLEVEL > 0)
{
- slprintf(ret, sizeof(ret) - 1, "%s - %s (%s)",err_classes[i].class,
+ slprintf(ret, len - 1, "%s - %s (%s)",err_classes[i].class,
err[j].name,err[j].message);
}
else
{
- slprintf(ret, sizeof(ret) - 1, "%s - %s",err_classes[i].class,err[j].name);
+ slprintf(ret, len - 1, "%s - %s",err_classes[i].class,err[j].name);
}
- return ret;
+ return True;
}
}
}
- slprintf(ret, sizeof(ret) - 1, "%s - %d",err_classes[i].class, num);
- return ret;
+ slprintf(ret, len - 1, "%s - %d",err_classes[i].class, num);
+ return True;
}
}
- slprintf(ret, sizeof(ret) - 1, "Error: Unknown error (%d,%d)",class,num);
- return(ret);
+
+ slprintf(ret, len - 1, "Error: Unknown error (%d,%d)",class,num);
+ return False;
}
+
+/****************************************************************************
+return a SMB error string from a SMB buffer
+****************************************************************************/
+BOOL smb_safe_errstr(char *inbuf, char *msg, size_t len)
+{
+ return smb_safe_err_msg(CVAL(inbuf,smb_rcls), SVAL(inbuf,smb_err),
+ msg, len);
+}
+
/****************************************************************************
return a SMB error string from a SMB buffer
****************************************************************************/
char *smb_errstr(char *inbuf)
{
- return smb_err_msg(CVAL(inbuf,smb_rcls), SVAL(inbuf,smb_err));
+ static fstring errmsg;
+ (void)smb_safe_errstr(inbuf, errmsg, sizeof(errmsg));
+ return errmsg;
}