This is a security audit change of the main source.

It removed all ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)

1 files changed, 5 insertions, 5 deletions

diff --git a/source3/utils/torture.c b/source3/utils/torture.c
index ede801afe9..1abfee0541 100644
--- a/source3/utils/torture.c
+++ b/source3/utils/torture.c
@@ -134,7 +134,7 @@ static BOOL rw_torture(struct cli_state *c, int numops)
 		if (i % 10 == 0) {
 			printf("%d\r", i); fflush(stdout);
 		}
-		sprintf(fname,"\\torture.%u", n);
+		slprintf(fname, sizeof(fstring) - 1, "\\torture.%u", n);
 
 		if (!wait_lock(c, fnum2, n*sizeof(int), sizeof(int))) {
 			return False;
@@ -860,7 +860,7 @@ static void create_procs(int nprocs, int numops)
 	get_myname(myname,NULL);
 
 	if (*username == 0 && getenv("LOGNAME")) {
-	  strcpy(username,getenv("LOGNAME"));
+	  pstrcpy(username,getenv("LOGNAME"));
 	}
 
 	argc--;
@@ -888,11 +888,11 @@ static void create_procs(int nprocs, int numops)
 			fstrcpy(myname, optarg);
 			break;
 		case 'U':
-			strcpy(username,optarg);
+			pstrcpy(username,optarg);
 			p = strchr(username,'%');
 			if (p) {
 				*p = 0;
-				strcpy(password, p+1);
+				pstrcpy(password, p+1);
 				gotpass = 1;
 			}
 			break;
@@ -906,7 +906,7 @@ static void create_procs(int nprocs, int numops)
 	while (!gotpass) {
 		p = getpass("Password:");
 		if (p) {
-			strcpy(password, p);
+			pstrcpy(password, p);
 			gotpass = 1;
 		}
 	}