diff options
| author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
| commit | f888868f46a5418bac9ab528497136c152895305 (patch) | |
| tree | cf72c864807b19e098a856aaec8daf334189ff84 /source3/rpc_server | |
| parent | 9141acecdcebd9276107a500435e3d4545020056 (diff) | |
| download | samba-f888868f46a5418bac9ab528497136c152895305.tar.gz samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2 samba-f888868f46a5418bac9ab528497136c152895305.zip | |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_netlog.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr.c | 6 | ||||
| -rw-r--r-- | source3/rpc_server/srv_util.c | 12 |
3 files changed, 10 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 28c44a57b7..958f0bf14d 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -279,7 +279,7 @@ static void api_net_req_chal( int uid, fstrcpy(mach_name, mach_acct); strlower(mach_name); - strcat(mach_acct, "$"); + fstrcat(mach_acct, "$"); if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct)) { diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 20cdc30bab..6f834e454a 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -231,9 +231,9 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, if (status == 0x0) { - strcpy(user_sid, lp_domain_sid()); - sprintf(user_rid, "-%x", rid); - strcat(user_sid, user_rid); + fstrcpy(user_sid, lp_domain_sid()); + slprintf(user_rid, sizeof(user_rid) - 1, "-%x", rid); + fstrcat(user_sid, user_rid); /* maybe need another 1 or 2 (S-1-5-20-0x220 and S-1-5-20-0x224) */ /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 210a3f55e2..e842e3b9f9 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -297,22 +297,22 @@ void get_domain_user_groups(char *domain_groups, char *user) /* can only be a user or a guest. cannot be guest _and_ admin */ if (user_in_list(user, lp_domain_guest_users())) { - sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - strcat(domain_groups, tmp); + slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); + pstrcat(domain_groups, tmp); DEBUG(3,("domain guest access %s granted\n", tmp)); } else { - sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - strcat(domain_groups, tmp); + slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); + pstrcat(domain_groups, tmp); DEBUG(3,("domain user access %s granted\n", tmp)); if (user_in_list(user, lp_domain_admin_users())) { - sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - strcat(domain_groups, tmp); + slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); + pstrcat(domain_groups, tmp); DEBUG(3,("domain admin access %s granted\n", tmp)); } |