diff options
| author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
| commit | f888868f46a5418bac9ab528497136c152895305 (patch) | |
| tree | cf72c864807b19e098a856aaec8daf334189ff84 /source3/rpc_parse | |
| parent | 9141acecdcebd9276107a500435e3d4545020056 (diff) | |
| download | samba-f888868f46a5418bac9ab528497136c152895305.tar.gz samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2 samba-f888868f46a5418bac9ab528497136c152895305.zip | |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/rpc_parse')
| -rw-r--r-- | source3/rpc_parse/parse_lsa.c | 8 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_misc.c | 2 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_samr.c | 14 |
3 files changed, 12 insertions, 12 deletions
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 0a49fb7b4d..202c3b6da3 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -416,14 +416,14 @@ void lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, prs_struct *ps, int depth) for (i = 0; i < sen->num_entries; i++) { fstring temp; - sprintf(temp, "ptr_sid[%d]", i); + slprintf(temp, sizeof(temp) - 1, "ptr_sid[%d]", i); prs_uint32(temp, ps, depth, &(sen->ptr_sid[i])); /* domain SID pointers to be looked up. */ } for (i = 0; i < sen->num_entries; i++) { fstring temp; - sprintf(temp, "sid[%d]", i); + slprintf(temp, sizeof(temp) - 1, "sid[%d]", i); smb_io_dom_sid2(temp, &(sen->sid[i]), ps, depth); /* domain SIDs to be looked up. */ } } @@ -470,7 +470,7 @@ void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, in for (i = 0; i < trn->num_entries; i++) { fstring temp; - sprintf(temp, "ptr_name[%d] ", i); + slprintf(temp, sizeof(temp) - 1, "ptr_name[%d] ", i); prs_uint32(temp, ps, depth, &(trn->ptr_name[i])); /* pointer to translated name */ } @@ -479,7 +479,7 @@ void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, in if (trn->ptr_name[i] != 0) { fstring temp; - sprintf(temp, "name[%d] ", i); + slprintf(temp, sizeof(temp) - 1, "name[%d] ", i); lsa_io_trans_name(temp, &(trn->name[i2]), ps, depth); /* translated name */ i2++; } diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 0343dea484..b46bcd9f89 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -190,7 +190,7 @@ void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth) for (i = 0; i < 6; i++) { fstring tmp; - sprintf(tmp, "id_auth[%d] ", i); + slprintf(tmp, sizeof(tmp) - 1, "id_auth[%d] ", i); prs_uint8 (tmp, ps, depth, &(sid->id_auth[i])); } diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index a72769d9c0..b0138ac97d 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1492,7 +1492,7 @@ void samr_io_q_lookup_ids(char *desc, SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i for (i = 0; i < q_u->num_sids2; i++) { - sprintf(tmp, "ptr[%02d]", i); + slprintf(tmp, sizeof(tmp) - 1, "ptr[%02d]", i); prs_uint32(tmp, ps, depth, &(q_u->ptr_sid[i])); } @@ -1500,7 +1500,7 @@ void samr_io_q_lookup_ids(char *desc, SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i { if (q_u->ptr_sid[i] != 0) { - sprintf(tmp, "sid[%02d]", i); + slprintf(tmp, sizeof(tmp)-1, "sid[%02d]", i); smb_io_dom_sid2(tmp, &(q_u->sid[i]), ps, depth); } } @@ -1564,7 +1564,7 @@ void samr_io_r_lookup_ids(char *desc, SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, i for (i = 0; i < r_u->num_entries2; i++) { - sprintf(tmp, "rid[%02d]", i); + slprintf(tmp, sizeof(tmp)-1, "rid[%02d]", i); prs_uint32(tmp, ps, depth, &(r_u->rid[i])); } } @@ -1723,7 +1723,7 @@ void samr_io_q_unknown_12(char *desc, SAMR_Q_UNKNOWN_12 *q_u, prs_struct *ps, i for (i = 0; i < q_u->num_gids2; i++) { - sprintf(tmp, "gid[%02d] ", i); + slprintf(tmp, sizeof(tmp) - 1, "gid[%02d] ", i); prs_uint32(tmp, ps, depth, &(q_u->gid[i])); } @@ -1797,12 +1797,12 @@ void samr_io_r_unknown_12(char *desc, SAMR_R_UNKNOWN_12 *r_u, prs_struct *ps, i { for (i = 0; i < r_u->num_aliases2; i++) { - sprintf(tmp, "als_hdr[%02d] ", i); + slprintf(tmp, sizeof(tmp) - 1, "als_hdr[%02d] ", i); smb_io_unihdr ("", &(r_u->hdr_als_name[i]), ps, depth); } for (i = 0; i < r_u->num_aliases2; i++) { - sprintf(tmp, "als_str[%02d] ", i); + slprintf(tmp, sizeof(tmp) - 1, "als_str[%02d] ", i); smb_io_unistr2("", &(r_u->uni_als_name[i]), r_u->hdr_als_name[i].buffer, ps, depth); } } @@ -1817,7 +1817,7 @@ void samr_io_r_unknown_12(char *desc, SAMR_R_UNKNOWN_12 *r_u, prs_struct *ps, i { for (i = 0; i < r_u->num_als_usrs2; i++) { - sprintf(tmp, "als_usrs[%02d] ", i); + slprintf(tmp, sizeof(tmp) - 1, "als_usrs[%02d] ", i); prs_uint32(tmp, ps, depth, &(r_u->num_als_usrs[i])); } } |