summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-03-22 13:47:42 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-03-22 13:47:42 +0000
commit1f499a79f5468e87d26b60ffe3aa375b91cadbef (patch)
tree095f7f163807060eadd42bf84a876aac1724b062 /source3/smbd
parentb33cee92ed7e6729291616778963037f0d2f2f30 (diff)
downloadsamba-1f499a79f5468e87d26b60ffe3aa375b91cadbef.tar.gz
samba-1f499a79f5468e87d26b60ffe3aa375b91cadbef.tar.bz2
samba-1f499a79f5468e87d26b60ffe3aa375b91cadbef.zip
(merge from HEAD)
Small clenaup patches: - safe_string.h - don't assume that __FUNCTION__ is available - process.c - use new workaround from safe_string.h for the same - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc() - gencache.c - Keep valgrind quiet by always null terminating. - clistr.c - Add copyright - srvstr.h - move srvstr_push into a .c file again, as a real function. - srvstr.c - revive, with 'safe' checked srvstr_push - loadparm.c - set a default for the display charset. - connection.c - use safe_strcpy() Andrew Bartlett (This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/connection.c6
-rw-r--r--source3/smbd/process.c12
-rw-r--r--source3/smbd/srvstr.c44
3 files changed, 57 insertions, 5 deletions
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index a7636e889e..17b5be8a7b 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -171,14 +171,14 @@ BOOL claim_connection(connection_struct *conn, const char *name,int max_connecti
if (conn) {
crec.uid = conn->uid;
crec.gid = conn->gid;
- StrnCpy(crec.name,
+ safe_strcpy(crec.name,
lp_servicename(SNUM(conn)),sizeof(crec.name)-1);
}
crec.start = time(NULL);
crec.bcast_msg_flags = msg_flags;
- StrnCpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)-1);
- StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1);
+ safe_strcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)-1);
+ safe_strcpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1);
dbuf.dptr = (char *)&crec;
dbuf.dsize = sizeof(crec);
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 57bc236eef..16ef30c46c 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1249,12 +1249,16 @@ void smbd_process(void)
extern int smb_echo_count;
time_t last_timeout_processing_time = time(NULL);
unsigned int num_smbs = 0;
+ const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN;
- InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
- OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
+ InBuffer = (char *)malloc(total_buffer_size);
+ OutBuffer = (char *)malloc(total_buffer_size);
if ((InBuffer == NULL) || (OutBuffer == NULL))
return;
+ clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, InBuffer, total_buffer_size);
+ clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, OutBuffer, total_buffer_size);
+
max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
while (True) {
@@ -1278,6 +1282,8 @@ void smbd_process(void)
num_smbs = 0; /* Reset smb counter. */
}
+ clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, InBuffer, total_buffer_size);
+
while (!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout)) {
if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
return;
@@ -1295,6 +1301,8 @@ void smbd_process(void)
*/
num_echos = smb_echo_count;
+ clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, OutBuffer, total_buffer_size);
+
process_smb(InBuffer, OutBuffer);
if (smb_echo_count != num_echos) {
diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c
new file mode 100644
index 0000000000..409fd30a67
--- /dev/null
+++ b/source3/smbd/srvstr.c
@@ -0,0 +1,44 @@
+/*
+ Unix SMB/CIFS implementation.
+ server specific string routines
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+extern int max_send;
+
+/* Make sure we can't write a string past the end of the buffer */
+
+size_t srvstr_push_fn(const char *function, unsigned int line,
+ const char *base_ptr, void *dest,
+ const char *src, int dest_len, int flags)
+{
+ size_t buf_used = PTR_DIFF(dest, base_ptr);
+ if (dest_len == -1) {
+ if (((ptrdiff_t)dest < (ptrdiff_t)base_ptr) || (buf_used > (size_t)max_send)) {
+#if 0
+ DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n"));
+#endif
+ return push_string_fn(function, line, base_ptr, dest, src, -1, flags);
+ }
+ return push_string_fn(function, line, base_ptr, dest, src, max_send - buf_used, flags);
+ }
+
+ /* 'normal' push into size-specified buffer */
+ return push_string_fn(function, line, base_ptr, dest, src, dest_len, flags);
+}