diff options
| author | Andrew Tridgell <tridge@samba.org> | 1998-05-11 06:38:36 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1998-05-11 06:38:36 +0000 |
| commit | 3dfc0c847240ac7e12c39f4ed9c31a888949ade1 (patch) | |
| tree | 305f006b62ed9dcdca0f751dbf40d2a34ee054df /source3/nmbd | |
| parent | ffc88e2d26217f99c34ce24c0836bec3c809ca1a (diff) | |
| download | samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.gz samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.bz2 samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.zip | |
changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
Diffstat (limited to 'source3/nmbd')
| -rw-r--r-- | source3/nmbd/nmbd.c | 2 | ||||
| -rw-r--r-- | source3/nmbd/nmbd_serverlistdb.c | 16 |
2 files changed, 9 insertions, 9 deletions
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 512504b02d..f9519bea18 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -619,7 +619,7 @@ int main(int argc,char *argv[]) strupper(global_myname); break; case 'l': - sprintf(debugf,"%s.nmb",optarg); + slprintf(debugf,sizeof(debugf)-1, "%s.nmb",optarg); break; case 'i': pstrcpy(scope,optarg); diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c index ea1948cece..64ca49cdbc 100644 --- a/source3/nmbd/nmbd_serverlistdb.c +++ b/source3/nmbd/nmbd_serverlistdb.c @@ -365,10 +365,10 @@ void write_browse_list(time_t t, BOOL force_write) return; } - sprintf(tmp, "\"%s\"", work->work_group); + slprintf(tmp,sizeof(tmp)-1, "\"%s\"", work->work_group); fprintf(fp, "%-25s ", tmp); fprintf(fp, "%08x ", SV_TYPE_DOMAIN_ENUM|SV_TYPE_NT|SV_TYPE_LOCAL_LIST_ONLY); - sprintf(tmp, "\"%s\" ", work->local_master_browser_name); + slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", work->local_master_browser_name); fprintf(fp, "%-30s", tmp); fprintf(fp, "\"%s\"\n", work->work_group); @@ -394,10 +394,10 @@ void write_browse_list(time_t t, BOOL force_write) } /* Output server details, plus what workgroup they're in. */ - sprintf(tmp, "\"%s\"", my_netbios_names[i]); + slprintf(tmp, sizeof(tmp)-1, "\"%s\"", my_netbios_names[i]); fprintf(fp, "%-25s ", tmp); fprintf(fp, "%08x ", stype); - sprintf(tmp, "\"%s\" ", lp_serverstring()); + slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", lp_serverstring()); fprintf(fp, "%-30s", tmp); fprintf(fp, "\"%s\"\n", global_myworkgroup); } @@ -413,11 +413,11 @@ void write_browse_list(time_t t, BOOL force_write) if(wg_type) { - sprintf(tmp, "\"%s\"", work->work_group); + slprintf(tmp, sizeof(tmp)-1, "\"%s\"", work->work_group); fprintf(fp, "%-25s ", tmp); fprintf(fp, "%08x ", wg_type); - sprintf(tmp, "\"%s\" ", work->local_master_browser_name); + slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", work->local_master_browser_name); fprintf(fp, "%-30s", tmp); fprintf(fp, "\"%s\"\n", work->work_group); } @@ -437,10 +437,10 @@ void write_browse_list(time_t t, BOOL force_write) if(serv_type) { /* Output server details, plus what workgroup they're in. */ - sprintf(tmp, "\"%s\"", servrec->serv.name); + slprintf(tmp, sizeof(tmp)-1, "\"%s\"", servrec->serv.name); fprintf(fp, "%-25s ", tmp); fprintf(fp, "%08x ", serv_type); - sprintf(tmp, "\"%s\" ", servrec->serv.comment); + slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", servrec->serv.comment); fprintf(fp, "%-30s", tmp); fprintf(fp, "\"%s\"\n", work->work_group); } |