Fix the %m security bug again - and try to make it harder to reintroduce in

future.

This moves us from fstrcpy() and global variables to 'get' and 'set' functions.

In particular, the 'set' function sainity-checks the input, in the same way as
we always have.

Andrew Bartlett
(This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)

3 files changed, 13 insertions, 20 deletions

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index ba0e15bd4e..a4ed770f31 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -53,7 +53,6 @@ int reply_special(char *inbuf,char *outbuf)
 	int msg_flags = CVAL(inbuf,1);
 	pstring name1,name2;
 
-	extern fstring local_machine;
 	int len;
 	char name_type = 0;
 	
@@ -84,24 +83,19 @@ int reply_special(char *inbuf,char *outbuf)
 		DEBUG(2,("netbios connect: name1=%s name2=%s\n",
 			 name1,name2));      
 
-		fstrcpy(remote_machine,name2);
-		remote_machine[15] = 0;
-		trim_string(remote_machine," "," ");
-		strlower(remote_machine);
-		alpha_strcpy(remote_machine,remote_machine,SAFE_NETBIOS_CHARS,sizeof(remote_machine)-1);
+		name1[15] = 0;
 
-		fstrcpy(local_machine,name1);
-		len = strlen(local_machine);
+		len = strlen(name2);
 		if (len == 16) {
-			name_type = local_machine[15];
-			local_machine[15] = 0;
+			name_type = name2[15];
+			name2[15] = 0;
 		}
-		trim_string(local_machine," "," ");
-		strlower(local_machine);
-		alpha_strcpy(local_machine,local_machine,SAFE_NETBIOS_CHARS,sizeof(local_machine)-1);
+
+		set_local_machine_name(name1);
+		set_remote_machine_name(name2);
 
 		DEBUG(2,("netbios connect: local=%s remote=%s\n",
-			local_machine, remote_machine ));
+			get_local_machine_name(), get_remote_machine_name() ));
 
 		if (name_type == 'R') {
 			/* We are being asked for a pathworks session --- 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d173fec00e..45295896e8 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -38,8 +38,6 @@ extern pstring user_socket_options;
 extern int dcelogin_atmost_once;
 #endif /* WITH_DFS */
 
-extern fstring remote_machine;
-
 /* really we should have a top level context structure that has the
    client file descriptor as an element. That would require a major rewrite :(
 
@@ -366,7 +364,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon,const char *smb_ports)
 				
 				/* this is needed so that we get decent entries
 				   in smbstatus for port 445 connects */
-				fstrcpy(remote_machine, get_socket_addr(smbd_server_fd()));
+				set_remote_machine_name(get_socket_addr(smbd_server_fd()));
 				
 				/* Reset global variables in util.c so
 				   that client substitutions will be
@@ -742,7 +740,7 @@ static void usage(char *pname)
 		lp_set_logfile(logfile);
 	}
 
-	fstrcpy(remote_machine, "smbd");
+	set_remote_machine_name("smbd");
 
 	setup_logging(argv[0],interactive);
 
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 2e9e54b8d9..f6d536f301 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -385,7 +385,6 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 	uint32 auth_flags = AUTH_FLAG_NONE;
 	auth_usersupplied_info *user_info = NULL;
 	auth_serversupplied_info *server_info = NULL;
-	extern fstring remote_machine;
 
 	/* we must have setup the auth context by now */
 	if (!ntlmssp_auth_context) {
@@ -422,7 +421,9 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 
 	/* the client has given us its machine name (which we otherwise would not get on port 445).
 	   we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
-	fstrcpy(remote_machine, machine);
+
+	set_remote_machine_name(machine);
+
 	reload_services(True);
 
 #if 0