changed to use slprintf() instead of sprintf() just about

everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.

This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)

2 files changed, 4 insertions, 4 deletions

diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 84a88e4b92..c74ace8d63 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -742,8 +742,8 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name,
 	make_unistr2(&(id->uni_user_name  ), user_name  , len_user_name  );
 	make_unistr2(&(id->uni_wksta_name ), wksta_name , len_wksta_name );
 
-	make_string2(&(id->nt_chal_resp ), nt_chal_resp , nt_chal_resp != NULL ? 24 : 0);
-	make_string2(&(id->lm_chal_resp ), lm_chal_resp , lm_chal_resp != NULL ? 24 : 0);
+	make_string2(&(id->nt_chal_resp ), (char *)nt_chal_resp , nt_chal_resp != NULL ? 24 : 0);
+	make_string2(&(id->lm_chal_resp ), (char *)lm_chal_resp , lm_chal_resp != NULL ? 24 : 0);
 }
 
 /*******************************************************************
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 0baf05597c..ad05831229 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -242,7 +242,7 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str)
 
 	ps->offset += i*2;
 
-	dump_data(5+depth, start, ps->offset);
+	dump_data(5+depth, (char *)start, ps->offset);
 
 	return True;
 }
@@ -283,7 +283,7 @@ BOOL prs_string(char *name, prs_struct *ps, int depth, char *str, uint16 len)
 
 	ps->offset += i+1;
 
-	dump_data(5+depth, start, ps->offset);
+	dump_data(5+depth, (char *)start, ps->offset);
 
 	return True;
 }