diff options
author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
commit | f888868f46a5418bac9ab528497136c152895305 (patch) | |
tree | cf72c864807b19e098a856aaec8daf334189ff84 /source3/smbd/mangle.c | |
parent | 9141acecdcebd9276107a500435e3d4545020056 (diff) | |
download | samba-f888868f46a5418bac9ab528497136c152895305.tar.gz samba-f888868f46a5418bac9ab528497136c152895305.tar.bz2 samba-f888868f46a5418bac9ab528497136c152895305.zip |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/smbd/mangle.c')
-rw-r--r-- | source3/smbd/mangle.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c index eb267faab3..e822894600 100644 --- a/source3/smbd/mangle.c +++ b/source3/smbd/mangle.c @@ -648,9 +648,9 @@ BOOL check_mangled_cache( char *s ) DEBUG( 3, ("Found %s on mangled stack ", s) ); - (void)strcpy( s, found_name ); + (void)pstrcpy( s, found_name ); if( ext_start ) - (void)strcat( s, ext_start ); + (void)pstrcat( s, ext_start ); DEBUG( 3, ("as %s\n", s) ); @@ -830,7 +830,7 @@ static void do_fwd_mangled_map(char *s, char *MangledMap) * * ************************************************************************** ** */ -void mangle_name_83( char *s ) +void mangle_name_83( char *s, int s_len ) { int csum = str_checksum(s); char *p; @@ -863,7 +863,7 @@ void mangle_name_83( char *s ) if( p ) { if( p == s ) - strcpy( extension, "___" ); + safe_strcpy( extension, "___", 3 ); else { *p++ = 0; @@ -933,13 +933,13 @@ void mangle_name_83( char *s ) csum = csum % (36*36); - (void)sprintf( s, "%s%c%c%c", + (void)slprintf( s, s_len - 1, "%s%c%c%c", base, magic_char, base36( csum/36 ), base36( csum ) ); if( *extension ) { - (void)strcat( s, "." ); - (void)strcat( s, extension ); + (void)pstrcat( s, "." ); + (void)pstrcat( s, extension ); } DEBUG( 5, ( "%s\n", s ) ); @@ -996,7 +996,7 @@ BOOL name_map_mangle( char *OutName, BOOL need83, int snum ) /* mangle it into 8.3 */ tmp = strdup( OutName ); - mangle_name_83( OutName ); + mangle_name_83( OutName, strlen(tmp) ); if( tmp ) { cache_mangled_name( OutName, tmp ); |