summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-05-12 00:55:32 +0000
committerJeremy Allison <jra@samba.org>1998-05-12 00:55:32 +0000
commitf888868f46a5418bac9ab528497136c152895305 (patch)
treecf72c864807b19e098a856aaec8daf334189ff84 /source3/passdb
parent9141acecdcebd9276107a500435e3d4545020056 (diff)
downloadsamba-f888868f46a5418bac9ab528497136c152895305.tar.gz
samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2
samba-f888868f46a5418bac9ab528497136c152895305.zip
This is a security audit change of the main source.
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/ldap.c12
-rw-r--r--source3/passdb/smbpass.c43
2 files changed, 28 insertions, 27 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index 7af8a1b9f1..0c9847becf 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -114,7 +114,7 @@ BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **r
in the filter expression, replace %u with the real name
so in ldap filter, %u MUST exist :-)
*/
- strcpy(filter,lp_ldap_filter());
+ pstrcpy(filter,lp_ldap_filter());
string_sub(filter,"%u",user);
if ( !ldap_search_one_user(ldap_struct, filter, result) )
@@ -152,7 +152,7 @@ void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute
if ( (valeurs=ldap_get_values(ldap_struct, entry, attribute)) != NULL)
{
- strcpy(value, valeurs[0]);
+ pstrcpy(value, valeurs[0]);
ldap_value_free(valeurs);
DEBUG(3,("get_single_attribute: [%s]=[%s]\n", attribute, value));
}
@@ -451,7 +451,7 @@ void *startldappwent(BOOL update)
int scope = LDAP_SCOPE_ONELEVEL;
int rc;
- char filter[256];
+ pstring filter;
if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */
return NULL;
@@ -464,17 +464,17 @@ void *startldappwent(BOOL update)
{
case 1:
{
- strcpy(filter, "objectclass=sambaAccount");
+ pstrcpy(filter, "objectclass=sambaAccount");
break;
}
case 2:
{
- strcpy(filter, "objectclass=sambaMachine");
+ pstrcpy(filter, "objectclass=sambaMachine");
break;
}
default:
{
- strcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
+ pstrcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
break;
}
}
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 9c0b276074..aaa4db16ee 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -534,7 +534,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
int fd;
int new_entry_length;
- char *new_entry;
+ unsigned char *new_entry;
long offpos;
unsigned char *p;
@@ -583,19 +583,19 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
return False;
}
- sprintf(new_entry, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
+ slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
p = (unsigned char *)&new_entry[strlen(new_entry)];
if(newpwd->smb_passwd != NULL) {
for( i = 0; i < 16; i++) {
- sprintf((char *)&p[i*2], "%02X", newpwd->smb_passwd[i]);
+ slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
}
} else {
i=0;
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
else
- sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
}
p += 32;
@@ -604,13 +604,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
if(newpwd->smb_nt_passwd != NULL) {
for( i = 0; i < 16; i++) {
- sprintf((char *)&p[i*2], "%02X", newpwd->smb_nt_passwd[i]);
+ slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
}
} else {
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
else
- sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
}
p += 32;
@@ -618,7 +618,8 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
*p++ = ':';
/* Add the account encoding and the last change time. */
- sprintf((char *)p, "%s:LCT-%08X:\n", encode_acct_ctrl(newpwd->acct_ctrl),
+ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
+ encode_acct_ctrl(newpwd->acct_ctrl),
(uint32)time(NULL));
#ifdef DEBUG_PASSWORD
@@ -945,13 +946,13 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
/* Create the 32 byte representation of the new p16 */
if(pwd->smb_passwd != NULL) {
for (i = 0; i < 16; i++) {
- sprintf(&ascii_p16[i*2], "%02X", (uchar) pwd->smb_passwd[i]);
+ slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
}
} else {
if(pwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
else
- sprintf(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
}
/* Add on the NT md4 hash */
@@ -959,13 +960,13 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
wr_len = 65;
if (pwd->smb_nt_passwd != NULL) {
for (i = 0; i < 16; i++) {
- sprintf(&ascii_p16[(i*2)+33], "%02X", (uchar) pwd->smb_nt_passwd[i]);
+ slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
}
} else {
if(pwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
else
- sprintf(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
}
/* Add on the account info bits and the time of last
@@ -1024,10 +1025,10 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil
return;
}
- strcat(mac_file, domain);
- strcat(mac_file, ".");
- strcat(mac_file, name);
- strcat(mac_file, ".mac");
+ pstrcat(mac_file, domain);
+ pstrcat(mac_file, ".");
+ pstrcat(mac_file, name);
+ pstrcat(mac_file, ".mac");
}
/************************************************************************
@@ -1191,9 +1192,9 @@ BOOL set_trust_account_password( unsigned char *md4_new_pwd)
}
for (i = 0; i < 16; i++)
- sprintf(&linebuf[(i*2)], "%02X", md4_new_pwd[i]);
+ slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]);
- sprintf(&linebuf[32], ":TLC-%08X\n", (unsigned)time(NULL));
+ slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL));
if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \