diff options
| author | Andrew Tridgell <tridge@samba.org> | 1998-05-11 06:38:36 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1998-05-11 06:38:36 +0000 |
| commit | 3dfc0c847240ac7e12c39f4ed9c31a888949ade1 (patch) | |
| tree | 305f006b62ed9dcdca0f751dbf40d2a34ee054df /source3/rpc_server | |
| parent | ffc88e2d26217f99c34ce24c0836bec3c809ca1a (diff) | |
| download | samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.gz samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.tar.bz2 samba-3dfc0c847240ac7e12c39f4ed9c31a888949ade1.zip | |
changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_lsa_hnd.c | 6 | ||||
| -rw-r--r-- | source3/rpc_server/srv_netlog.c | 12 |
2 files changed, 9 insertions, 9 deletions
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index c8eabf35b4..1d1341d16e 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -115,7 +115,7 @@ BOOL open_lsa_policy_hnd(POLICY_HND *hnd) memcpy(&(Policy[i].pol_hnd), hnd, sizeof(*hnd)); DEBUG(4,("Opened policy hnd[%x] ", i)); - dump_data(4, hnd->data, sizeof(hnd->data)); + dump_data(4, (char *)hnd->data, sizeof(hnd->data)); return True; } @@ -143,14 +143,14 @@ int find_lsa_policy_by_hnd(POLICY_HND *hnd) if (memcmp(&(Policy[i].pol_hnd), hnd, sizeof(*hnd)) == 0) { DEBUG(4,("Found policy hnd[%x] ", i)); - dump_data(4, hnd->data, sizeof(hnd->data)); + dump_data(4, (char *)hnd->data, sizeof(hnd->data)); return i; } } DEBUG(4,("Policy not found: ")); - dump_data(4, hnd->data, sizeof(hnd->data)); + dump_data(4, (char *)hnd->data, sizeof(hnd->data)); return -1; } diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 76dd5dd74d..28c44a57b7 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -281,7 +281,7 @@ static void api_net_req_chal( int uid, strcat(mach_acct, "$"); - if (get_md4pw(vuser->dc.md4pw, mach_name, mach_acct)) + if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct)) { /* copy the client credentials */ memcpy(vuser->dc.clnt_chal.data , q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data)); @@ -297,7 +297,7 @@ static void api_net_req_chal( int uid, /* from client / server challenges and md4 password, generate sess key */ cred_session_key(&(vuser->dc.clnt_chal), &(vuser->dc.srv_chal), - vuser->dc.md4pw, vuser->dc.sess_key); + (char *)vuser->dc.md4pw, vuser->dc.sess_key); } else { @@ -489,8 +489,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, memcpy(lm_pwd, id1->lm_owf.data, 16); memcpy(nt_pwd, id1->nt_owf.data, 16); - SamOEMhash(lm_pwd, key, False); - SamOEMhash(nt_pwd, key, False); + SamOEMhash((uchar *)lm_pwd, key, False); + SamOEMhash((uchar *)nt_pwd, key, False); #ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); @@ -526,7 +526,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, if (id2->hdr_nt_chal_resp.str_str_len == 24 && smb_pass->smb_nt_passwd != NULL) { - if(smb_password_check(id2->nt_chal_resp.buffer, + if(smb_password_check((char *)id2->nt_chal_resp.buffer, smb_pass->smb_nt_passwd, id2->lm_chal)) return 0x0; @@ -543,7 +543,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, */ if (id2->hdr_lm_chal_resp.str_str_len == 24 && - smb_password_check(id2->lm_chal_resp.buffer, + smb_password_check((char *)id2->lm_chal_resp.buffer, smb_pass->smb_passwd, id2->lm_chal)) { |