diff options
| author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
| commit | f888868f46a5418bac9ab528497136c152895305 (patch) | |
| tree | cf72c864807b19e098a856aaec8daf334189ff84 /source3/rpc_client | |
| parent | 9141acecdcebd9276107a500435e3d4545020056 (diff) | |
| download | samba-f888868f46a5418bac9ab528497136c152895305.tar.gz samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2 samba-f888868f46a5418bac9ab528497136c152895305.zip | |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 9 | ||||
| -rw-r--r-- | source3/rpc_client/ntclienttrust.c | 4 |
2 files changed, 8 insertions, 5 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index c458aa102a..899c0437e6 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -675,13 +675,16 @@ Error was %s\n", pipe_name, cli->desthost, cli_errstr(cli))); * Setup the remote server name prefixed by \ and the machine account name. */ - sprintf(cli->srv_name_slash, "\\\\%s", cli->desthost); + fstrcpy(cli->srv_name_slash, "\\\\"); + fstrcat(cli->srv_name_slash, cli->desthost); strupper(cli->srv_name_slash); - sprintf(cli->clnt_name_slash, "\\\\%s", global_myname); + fstrcpy(cli->clnt_name_slash, "\\\\"); + fstrcat(cli->clnt_name_slash, global_myname); strupper(cli->clnt_name_slash); - sprintf(cli->mach_acct, "%s$", global_myname); + fstrcpy(cli->mach_acct, global_myname); + fstrcat(cli->mach_acct, "$"); strupper(cli->mach_acct); return True; diff --git a/source3/rpc_client/ntclienttrust.c b/source3/rpc_client/ntclienttrust.c index 38cbedae78..0486017181 100644 --- a/source3/rpc_client/ntclienttrust.c +++ b/source3/rpc_client/ntclienttrust.c @@ -56,7 +56,7 @@ BOOL trust_account_check(struct in_addr dest_ip, char *dest_host, fstrcpy(mach_pwd, myhostname); strlower(mach_pwd); - sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:", + slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:", mach_acct, mach_pwd); start_mach_pwd = (char*)getpass(tmp); @@ -66,7 +66,7 @@ BOOL trust_account_check(struct in_addr dest_ip, char *dest_host, fstrcpy(mach_pwd, start_mach_pwd); } - sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:", + slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:", mach_acct); change_mach_pwd = (char*)getpass(tmp); |