changed to use slprintf() instead of sprintf() just about

everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
author: Andrew Tridgell <tridge@samba.org> 1998-05-11 06:38:36 +0000
committer: Andrew Tridgell <tridge@samba.org> 1998-05-11 06:38:36 +0000
commit: 3dfc0c847240ac7e12c39f4ed9c31a888949ade1 (patch)
tree: 305f006b62ed9dcdca0f751dbf40d2a34ee054df /source3/rpc_parse/parse_prs.c
parent: ffc88e2d26217f99c34ce24c0836bec3c809ca1a (diff)
download: samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.gz
samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.bz2
samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 0baf05597c..ad05831229 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -242,7 +242,7 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str)
 
 	ps->offset += i*2;
 
-	dump_data(5+depth, start, ps->offset);
+	dump_data(5+depth, (char *)start, ps->offset);
 
 	return True;
 }
@@ -283,7 +283,7 @@ BOOL prs_string(char *name, prs_struct *ps, int depth, char *str, uint16 len)
 
 	ps->offset += i+1;
 
-	dump_data(5+depth, start, ps->offset);
+	dump_data(5+depth, (char *)start, ps->offset);
 
 	return True;
 }
author	Andrew Tridgell <tridge@samba.org>	1998-05-11 06:38:36 +0000
committer	Andrew Tridgell <tridge@samba.org>	1998-05-11 06:38:36 +0000
commit	3dfc0c847240ac7e12c39f4ed9c31a888949ade1 (patch)
tree	305f006b62ed9dcdca0f751dbf40d2a34ee054df /source3/rpc_parse/parse_prs.c
parent	ffc88e2d26217f99c34ce24c0836bec3c809ca1a (diff)
download	samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.gz samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.bz2 samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.zip