This is a security audit change of the main source.

It removed all ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)

1 files changed, 2 insertions, 2 deletions

diff --git a/source3/rpc_client/ntclienttrust.c b/source3/rpc_client/ntclienttrust.c
index 38cbedae78..0486017181 100644
--- a/source3/rpc_client/ntclienttrust.c
+++ b/source3/rpc_client/ntclienttrust.c
@@ -56,7 +56,7 @@ BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
 	fstrcpy(mach_pwd, myhostname);
 	strlower(mach_pwd);
 
-	sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
+	slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
 				mach_acct, mach_pwd);
 
 	start_mach_pwd = (char*)getpass(tmp);
@@ -66,7 +66,7 @@ BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
 		fstrcpy(mach_pwd, start_mach_pwd);
 	}
 
-	sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
+	slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
 				mach_acct);
 
 	change_mach_pwd = (char*)getpass(tmp);