diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-03-22 15:30:43 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-03-23 12:49:39 +1100 |
commit | 1923b78209aaa2aa926dedd19e6c97fb449c48c8 (patch) | |
tree | 534acb7efe0910616511dd645b86a4b7cd5422a7 /source3 | |
parent | cd4306b01e4097b76777a9a85cc226e8b0e8f613 (diff) | |
download | samba-1923b78209aaa2aa926dedd19e6c97fb449c48c8.tar.gz samba-1923b78209aaa2aa926dedd19e6c97fb449c48c8.tar.bz2 samba-1923b78209aaa2aa926dedd19e6c97fb449c48c8.zip |
s3-lib Remove the clobber_region() code.
This code wrote to the full buffer in fstrcpy(), pstrcpy() and other
fixed-length string manipulation functions.
The hope of this code was to find out at run time if we were mixing up
pstring and fstring etc, and to record where this came from. It has a
runtime performance impact (particularly if compiled with
--enable-developer).
It is being removed because of the complexity it adds, and the
distinct lack of bugs that this complexity has been credited in
finding.
The macro-based compile-time checking of string sizes remains.
Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/include/proto.h | 47 | ||||
-rw-r--r-- | source3/include/safe_string.h | 79 | ||||
-rw-r--r-- | source3/lib/charcnv.c | 90 | ||||
-rw-r--r-- | source3/lib/clobber.c | 63 | ||||
-rw-r--r-- | source3/lib/util.c | 14 | ||||
-rw-r--r-- | source3/lib/util_sock.c | 4 | ||||
-rw-r--r-- | source3/lib/util_str.c | 63 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 7 | ||||
-rw-r--r-- | source3/libsmb/clistr.c | 27 | ||||
-rw-r--r-- | source3/smbd/srvstr.c | 5 | ||||
-rwxr-xr-x | source3/wscript_build | 2 |
12 files changed, 87 insertions, 316 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 065f0cbad7..01245c1c12 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -450,7 +450,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/access.o lib/smbrun.o \ lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ lib/wins_srv.o \ - lib/util_str.o lib/clobber.o lib/util_sid.o \ + lib/util_str.o lib/util_sid.o \ lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \ lib/util.o lib/util_names.o \ lib/util_sock.o lib/sock_exec.o lib/util_sec.o \ diff --git a/source3/include/proto.h b/source3/include/proto.h index bb9241c893..d806b36dd2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -449,25 +449,19 @@ bool pull_ucs2_talloc(TALLOC_CTX *ctx, char **dest, const smb_ucs2_t *src, size_t *converted_size); bool pull_ascii_talloc(TALLOC_CTX *ctx, char **dest, const char *src, size_t *converted_size); -size_t push_string_check_fn(const char *function, unsigned int line, - void *dest, const char *src, +size_t push_string_check_fn(void *dest, const char *src, size_t dest_len, int flags); -size_t push_string_base(const char *function, unsigned int line, - const char *base, uint16 flags2, +size_t push_string_base(const char *base, uint16 flags2, void *dest, const char *src, size_t dest_len, int flags); -size_t pull_string_fn(const char *function, - unsigned int line, - const void *base_ptr, +size_t pull_string_fn(const void *base_ptr, uint16 smb_flags2, char *dest, const void *src, size_t dest_len, size_t src_len, int flags); -size_t pull_string_talloc_fn(const char *function, - unsigned int line, - TALLOC_CTX *ctx, +size_t pull_string_talloc_fn(TALLOC_CTX *ctx, const void *base_ptr, uint16 smb_flags2, char **ppdest, @@ -479,10 +473,6 @@ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset, size_t *bytes_consumed); codepoint_t next_codepoint(const char *str, size_t *size); -/* The following definitions come from lib/clobber.c */ - -void clobber_region(const char *fn, unsigned int line, char *dest, size_t len); - /* The following definitions come from lib/conn_tdb.c */ struct db_record *connections_fetch_entry(TALLOC_CTX *mem_ctx, @@ -1356,23 +1346,17 @@ size_t str_ascii_charnum(const char *s); bool trim_char(char *s,char cfront,char cback); bool strhasupper(const char *s); bool strhaslower(const char *s); -char *safe_strcpy_fn(const char *fn, - int line, - char *dest, +char *safe_strcpy_fn(char *dest, const char *src, size_t maxlength); -char *safe_strcat_fn(const char *fn, - int line, - char *dest, +char *safe_strcat_fn(char *dest, const char *src, size_t maxlength); -char *alpha_strcpy_fn(const char *fn, - int line, - char *dest, +char *alpha_strcpy_fn(char *dest, const char *src, const char *other_safe_chars, size_t maxlength); -char *StrnCpy_fn(const char *fn, int line,char *dest,const char *src,size_t n); +char *StrnCpy_fn(char *dest,const char *src,size_t n); bool in_list(const char *s, const char *list, bool casesensitive); void string_free(char **s); bool string_set(char **dest,const char *src); @@ -2333,24 +2317,18 @@ bool spnego_mech_list_blob(TALLOC_CTX *mem_ctx, /* The following definitions come from libsmb/clistr.c */ -size_t clistr_push_fn(const char *function, - unsigned int line, - struct cli_state *cli, +size_t clistr_push_fn(struct cli_state *cli, void *dest, const char *src, int dest_len, int flags); -size_t clistr_pull_fn(const char *function, - unsigned int line, - const char *inbuf, +size_t clistr_pull_fn(const char *inbuf, char *dest, const void *src, int dest_len, int src_len, int flags); -size_t clistr_pull_talloc_fn(const char *function, - unsigned int line, - TALLOC_CTX *ctx, +size_t clistr_pull_talloc_fn(TALLOC_CTX *ctx, const char *base, uint16_t flags2, char **pp_dest, @@ -5024,8 +5002,7 @@ bool is_share_read_only_for_token(const char *username, /* The following definitions come from smbd/srvstr.c */ -size_t srvstr_push_fn(const char *function, unsigned int line, - const char *base_ptr, uint16 smb_flags2, void *dest, +size_t srvstr_push_fn(const char *base_ptr, uint16 smb_flags2, void *dest, const char *src, int dest_len, int flags); ssize_t message_push_string(uint8 **outbuf, const char *str, int flags); diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 56e3b67aa6..f54464e9c0 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -62,14 +62,6 @@ #endif /* !_SPLINT_ */ -#ifdef DEVELOPER -#define SAFE_STRING_FUNCTION_NAME __FUNCTION__ -#define SAFE_STRING_LINE __LINE__ -#else -#define SAFE_STRING_FUNCTION_NAME ("") -#define SAFE_STRING_LINE (0) -#endif - /* We need a number of different prototypes for our non-existant fuctions */ char * __unsafe_string_function_usage_here__(void); @@ -94,8 +86,7 @@ size_t __unsafe_string_function_usage_here_char__(void); safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) /* String copy functions - macro hell below adds 'type checking' (limited, - but the best we can do in C) and may tag with function name/number to - record the last 'clobber region' on that string */ + but the best we can do in C) */ #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) #define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) @@ -106,61 +97,43 @@ size_t __unsafe_string_function_usage_here_char__(void); * update a lot of code. To make this a little easier here are some * functions that provide the lengths with less pain */ -/* Inside the _fn variants of these is a call to clobber_region(), - - * which might destroy the stack on a buggy function. We help the - * debugging process by putting the function and line who last caused - * a clobbering into a static buffer. If the program crashes at - * address 0xf1f1f1f1 then this function is probably, but not - * necessarily, to blame. */ - /* overmalloc_safe_strcpy: DEPRECATED! Used when you know the * destination buffer is longer than maxlength, but you don't know how * long. This is not a good situation, because we can't do the normal * sanity checks. Don't use in new code! */ #define overmalloc_safe_strcpy(dest,src,maxlength) \ - safe_strcpy_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - dest,src,maxlength) + safe_strcpy_fn(dest,src,maxlength) #define safe_strcpy(dest,src,maxlength) \ - safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - dest,src,maxlength) + safe_strcpy_fn2(dest,src,maxlength) #define safe_strcat(dest,src,maxlength) \ - safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - dest,src,maxlength) + safe_strcat_fn2(dest,src,maxlength) #define push_string_check(dest, src, dest_len, flags) \ - push_string_check_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - dest, src, dest_len, flags) + push_string_check_fn2(dest, src, dest_len, flags) #define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \ - pull_string_talloc_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - ctx, base_ptr, smb_flags2, dest, src, src_len, flags) + pull_string_talloc_fn2(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) \ - clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - cli, dest, src, dest_len, flags) + clistr_push_fn2(cli, dest, src, dest_len, flags) #define clistr_pull(inbuf, dest, src, dest_len, src_len, flags) \ - clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - inbuf, dest, src, dest_len, src_len, flags) + clistr_pull_fn2(inbuf, dest, src, dest_len, src_len, flags) #define clistr_pull_talloc(ctx, base, flags2, pp_dest, src, src_len, flags) \ - clistr_pull_talloc_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - ctx, base, flags2, pp_dest, src, src_len, flags) + clistr_pull_talloc_fn(ctx, base, flags2, pp_dest, src, src_len, flags) #define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) \ - srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - base_ptr, smb_flags2, dest, src, dest_len, flags) + srvstr_push_fn2(base_ptr, smb_flags2, dest, src, dest_len, flags) #define alpha_strcpy(dest,src,other_safe_chars,maxlength) \ - alpha_strcpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE, \ - dest,src,other_safe_chars,maxlength) + alpha_strcpy_fn(dest,src,other_safe_chars,maxlength) #define StrnCpy(dest,src,n) \ - StrnCpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE, \ - dest,src,n) + StrnCpy_fn(dest,src,n) #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS @@ -168,38 +141,38 @@ size_t __unsafe_string_function_usage_here_char__(void); have the correct types (this works only where sizeof() returns the size of the buffer, not the size of the pointer). */ -#define safe_strcpy_fn2(fn_name, fn_line, d, s, max_len) \ +#define safe_strcpy_fn2(d, s, max_len) \ (CHECK_STRING_SIZE(d, max_len+1) \ ? __unsafe_string_function_usage_here__() \ - : safe_strcpy_fn(fn_name, fn_line, (d), (s), (max_len))) + : safe_strcpy_fn((d), (s), (max_len))) -#define safe_strcat_fn2(fn_name, fn_line, d, s, max_len) \ +#define safe_strcat_fn2(d, s, max_len) \ (CHECK_STRING_SIZE(d, max_len+1) \ ? __unsafe_string_function_usage_here__() \ - : safe_strcat_fn(fn_name, fn_line, (d), (s), (max_len))) + : safe_strcat_fn((d), (s), (max_len))) -#define push_string_check_fn2(fn_name, fn_line, dest, src, dest_len, flags) \ +#define push_string_check_fn2(dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : push_string_check_fn(fn_name, fn_line, dest, src, dest_len, flags)) + : push_string_check_fn(dest, src, dest_len, flags)) -#define pull_string_talloc_fn2(fn_name, fn_line, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \ - pull_string_talloc_fn(fn_name, fn_line, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) +#define pull_string_talloc_fn2(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \ + pull_string_talloc_fn(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) -#define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \ +#define clistr_push_fn2(cli, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : clistr_push_fn(fn_name, fn_line, cli, dest, src, dest_len, flags)) + : clistr_push_fn(cli, dest, src, dest_len, flags)) -#define clistr_pull_fn2(fn_name, fn_line, inbuf, dest, src, dest_len, srclen, flags) \ +#define clistr_pull_fn2(inbuf, dest, src, dest_len, srclen, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : clistr_pull_fn(fn_name, fn_line, inbuf, dest, src, dest_len, srclen, flags)) + : clistr_pull_fn(inbuf, dest, src, dest_len, srclen, flags)) -#define srvstr_push_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, flags) \ +#define srvstr_push_fn2(base_ptr, smb_flags2, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : srvstr_push_fn(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, flags)) + : srvstr_push_fn(base_ptr, smb_flags2, dest, src, dest_len, flags)) #else diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index 5b2149b9c1..1779c4fbf7 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -1297,11 +1297,11 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_ **/ size_t pull_ucs2_base_talloc(TALLOC_CTX *ctx, - const void *base_ptr, - char **ppdest, - const void *src, - size_t src_len, - int flags) + const void *base_ptr, + char **ppdest, + const void *src, + size_t src_len, + int flags) { char *dest; size_t dest_len; @@ -1476,24 +1476,9 @@ bool pull_ascii_talloc(TALLOC_CTX *ctx, char **dest, const char *src, is -1 then no maxiumum is used. **/ -size_t push_string_check_fn(const char *function, unsigned int line, - void *dest, const char *src, - size_t dest_len, int flags) +size_t push_string_check_fn(void *dest, const char *src, + size_t dest_len, int flags) { -#ifdef DEVELOPER - /* We really need to zero fill here, not clobber - * region, as we want to ensure that valgrind thinks - * all of the outgoing buffer has been written to - * so a send() or write() won't trap an error. - * JRA. - */ -#if 0 - clobber_region(function, line, dest, dest_len); -#else - memset(dest, '\0', dest_len); -#endif -#endif - if (!(flags & STR_ASCII) && (flags & STR_UNICODE)) { return push_ucs2(NULL, dest, src, dest_len, flags); } @@ -1515,24 +1500,10 @@ size_t push_string_check_fn(const char *function, unsigned int line, is -1 then no maxiumum is used. **/ -size_t push_string_base(const char *function, unsigned int line, - const char *base, uint16 flags2, +size_t push_string_base(const char *base, uint16 flags2, void *dest, const char *src, size_t dest_len, int flags) { -#ifdef DEVELOPER - /* We really need to zero fill here, not clobber - * region, as we want to ensure that valgrind thinks - * all of the outgoing buffer has been written to - * so a send() or write() won't trap an error. - * JRA. - */ -#if 0 - clobber_region(function, line, dest, dest_len); -#else - memset(dest, '\0', dest_len); -#endif -#endif if (!(flags & STR_ASCII) && \ ((flags & STR_UNICODE || \ @@ -1559,15 +1530,6 @@ size_t push_string_base(const char *function, unsigned int line, ssize_t push_string(void *dest, const char *src, size_t dest_len, int flags) { size_t ret; -#ifdef DEVELOPER - /* We really need to zero fill here, not clobber - * region, as we want to ensure that valgrind thinks - * all of the outgoing buffer has been written to - * so a send() or write() won't trap an error. - * JRA. - */ - memset(dest, '\0', dest_len); -#endif if (!(flags & STR_ASCII) && \ (flags & STR_UNICODE)) { @@ -1595,20 +1557,14 @@ ssize_t push_string(void *dest, const char *src, size_t dest_len, int flags) The resulting string in "dest" is always null terminated. **/ -size_t pull_string_fn(const char *function, - unsigned int line, - const void *base_ptr, - uint16 smb_flags2, - char *dest, - const void *src, - size_t dest_len, - size_t src_len, - int flags) +size_t pull_string_fn(const void *base_ptr, + uint16 smb_flags2, + char *dest, + const void *src, + size_t dest_len, + size_t src_len, + int flags) { -#ifdef DEVELOPER - clobber_region(function, line, dest, dest_len); -#endif - if ((base_ptr == NULL) && ((flags & (STR_ASCII|STR_UNICODE)) == 0)) { smb_panic("No base ptr to get flg2 and neither ASCII nor " "UNICODE defined"); @@ -1637,15 +1593,13 @@ size_t pull_string_fn(const char *function, The resulting string in "dest" is always null terminated. **/ -size_t pull_string_talloc_fn(const char *function, - unsigned int line, - TALLOC_CTX *ctx, - const void *base_ptr, - uint16 smb_flags2, - char **ppdest, - const void *src, - size_t src_len, - int flags) +size_t pull_string_talloc(TALLOC_CTX *ctx, + const void *base_ptr, + uint16 smb_flags2, + char **ppdest, + const void *src, + size_t src_len, + int flags) { if ((base_ptr == NULL) && ((flags & (STR_ASCII|STR_UNICODE)) == 0)) { smb_panic("No base ptr to get flg2 and neither ASCII nor " diff --git a/source3/lib/clobber.c b/source3/lib/clobber.c deleted file mode 100644 index e77e786fb5..0000000000 --- a/source3/lib/clobber.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba utility functions - Copyright (C) Martin Pool 2003 - Copyright (C) Andrew Bartlett 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -#ifdef DEVELOPER -const char *global_clobber_region_function; -unsigned int global_clobber_region_line; -#endif - -/** - * In developer builds, clobber a region of memory. - * - * If we think a string buffer is longer than it really is, this ought - * to make the failure obvious, by segfaulting (if in the heap) or by - * killing the return address (on the stack), or by trapping under a - * memory debugger. - * - * This is meant to catch possible string overflows, even if the - * actual string copied is not big enough to cause an overflow. - * - * In addition, under Valgrind the buffer is marked as uninitialized. - **/ -void clobber_region(const char *fn, unsigned int line, char *dest, size_t len) -{ -#ifdef DEVELOPER - global_clobber_region_function = fn; - global_clobber_region_line = line; - - /* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */ - memset(dest, 0xF1, len); -#ifdef VALGRIND - /* Even though we just wrote to this, from the application's - * point of view it is not initialized. - * - * (This is not redundant with the clobbering above. The - * marking might not actually take effect if we're not running - * under valgrind.) */ -#if defined(VALGRIND_MAKE_MEM_UNDEFINED) - VALGRIND_MAKE_MEM_UNDEFINED(dest, len); -#elif defined(VALGRIND_MAKE_WRITABLE) - VALGRIND_MAKE_WRITABLE(dest, len); -#endif -#endif /* VALGRIND */ -#endif /* DEVELOPER */ -} diff --git a/source3/lib/util.c b/source3/lib/util.c index 79b10fda5e..b99d9d42a8 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -26,9 +26,6 @@ #include "secrets.h" #include "ctdbd_conn.h" -extern char *global_clobber_region_function; -extern unsigned int global_clobber_region_line; - /* Max allowable allococation - 256mb - 0x10000000 */ #define MAX_ALLOC_SIZE (1024*1024*256) @@ -1349,17 +1346,6 @@ void smb_panic_s3(const char *why) char *cmd; int result; -#ifdef DEVELOPER - { - - if (global_clobber_region_function) { - DEBUG(0,("smb_panic: clobber_region() last called from [%s(%u)]\n", - global_clobber_region_function, - global_clobber_region_line)); - } - } -#endif - DEBUG(0,("PANIC (pid %llu): %s\n", (unsigned long long)sys_getpid(), why)); log_stack_trace(); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 3c97495099..eea153ad91 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1380,10 +1380,6 @@ const char *get_peer_name(int fd, bool force_lookup) } } - /* can't pass the same source and dest strings in when you - use --enable-developer or the clobber_region() call will - get you */ - strlcpy(tmp_name, name_buf, sizeof(tmp_name)); alpha_strcpy(name_buf, tmp_name, "_-.", sizeof(name_buf)); if (strstr(name_buf,"..")) { diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 6a17297231..a1dfc70707 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -500,24 +500,16 @@ bool strhaslower(const char *s) include the terminating zero. **/ -char *safe_strcpy_fn(const char *fn, - int line, - char *dest, - const char *src, - size_t maxlength) +char *safe_strcpy_fn(char *dest, + const char *src, + size_t maxlength) { size_t len; if (!dest) { - DEBUG(0,("ERROR: NULL dest in safe_strcpy, " - "called from [%s][%d]\n", fn, line)); - return NULL; + smb_panic("ERROR: NULL dest in safe_strcpy"); } -#ifdef DEVELOPER - clobber_region(fn,line,dest, maxlength+1); -#endif - if (!src) { *dest = 0; return dest; @@ -542,18 +534,14 @@ char *safe_strcpy_fn(const char *fn, Safe string cat into a string. maxlength does not include the terminating zero. **/ -char *safe_strcat_fn(const char *fn, - int line, - char *dest, - const char *src, - size_t maxlength) +char *safe_strcat_fn(char *dest, + const char *src, + size_t maxlength) { size_t src_len, dest_len; if (!dest) { - DEBUG(0,("ERROR: NULL dest in safe_strcat, " - "called from [%s][%d]\n", fn, line)); - return NULL; + smb_panic("ERROR: NULL dest in safe_strcat"); } if (!src) @@ -562,10 +550,6 @@ char *safe_strcat_fn(const char *fn, src_len = strnlen(src, maxlength + 1); dest_len = strnlen(dest, maxlength + 1); -#ifdef DEVELOPER - clobber_region(fn, line, dest + dest_len, maxlength + 1 - dest_len); -#endif - if (src_len + dest_len > maxlength) { DEBUG(0,("ERROR: string overflow by %d " "in safe_strcat [%.50s]\n", @@ -589,23 +573,15 @@ char *safe_strcat_fn(const char *fn, characters. Don't change it ! **/ -char *alpha_strcpy_fn(const char *fn, - int line, - char *dest, - const char *src, - const char *other_safe_chars, - size_t maxlength) +char *alpha_strcpy_fn(char *dest, + const char *src, + const char *other_safe_chars, + size_t maxlength) { size_t len, i; -#ifdef DEVELOPER - clobber_region(fn, line, dest, maxlength); -#endif - if (!dest) { - DEBUG(0,("ERROR: NULL dest in alpha_strcpy, " - "called from [%s][%d]\n", fn, line)); - return NULL; + smb_panic("ERROR: NULL dest in alpha_strcpy"); } if (!src) { @@ -638,18 +614,12 @@ char *alpha_strcpy_fn(const char *fn, Like strncpy but always null terminates. Make sure there is room! The variable n should always be one less than the available size. **/ -char *StrnCpy_fn(const char *fn, int line,char *dest,const char *src,size_t n) +char *StrnCpy_fn(char *dest,const char *src,size_t n) { char *d = dest; -#ifdef DEVELOPER - clobber_region(fn, line, dest, n+1); -#endif - if (!dest) { - DEBUG(0,("ERROR: NULL dest in StrnCpy, " - "called from [%s][%d]\n", fn, line)); - return(NULL); + smb_panic("ERROR: NULL dest in StrnCpy"); } if (!src) { @@ -677,9 +647,6 @@ static char *strncpyn(char *dest, const char *src, size_t n, char c) char *p; size_t str_len; -#ifdef DEVELOPER - clobber_region(dest, n+1); -#endif p = strchr_m(src, c); if (p == NULL) { DEBUG(5, ("strncpyn: separator character (%c) not found\n", c)); diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 096dd2f3fd..7eb10c4f1d 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -615,13 +615,6 @@ struct cli_state *cli_initialise_ex(int signing_state) memset(cli->outbuf, 0, cli->bufsize); memset(cli->inbuf, 0, cli->bufsize); - -#if defined(DEVELOPER) - /* just because we over-allocate, doesn't mean it's right to use it */ - clobber_region(__FUNCTION__, __LINE__, cli->outbuf+cli->bufsize, SAFETY_MARGIN); - clobber_region(__FUNCTION__, __LINE__, cli->inbuf+cli->bufsize, SAFETY_MARGIN); -#endif - /* initialise signing */ cli->signing_state = smb_signing_init(cli, allow_smb_signing, diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c index aeb0bc64c8..8856e03dd0 100644 --- a/source3/libsmb/clistr.c +++ b/source3/libsmb/clistr.c @@ -20,9 +20,7 @@ #include "includes.h" -size_t clistr_push_fn(const char *function, - unsigned int line, - struct cli_state *cli, +size_t clistr_push_fn(struct cli_state *cli, void *dest, const char *src, int dest_len, @@ -32,42 +30,35 @@ size_t clistr_push_fn(const char *function, if (dest_len == -1) { if (((ptrdiff_t)dest < (ptrdiff_t)cli->outbuf) || (buf_used > cli->bufsize)) { DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n")); - return push_string_base(function, line, - cli->outbuf, + return push_string_base(cli->outbuf, (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0), dest, src, -1, flags); } - return push_string_base(function, line, - cli->outbuf, + return push_string_base(cli->outbuf, (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0), dest, src, cli->bufsize - buf_used, flags); } /* 'normal' push into size-specified buffer */ - return push_string_base(function, line, - cli->outbuf, + return push_string_base(cli->outbuf, (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0), dest, src, dest_len, flags); } -size_t clistr_pull_fn(const char *function, - unsigned int line, - const char *inbuf, +size_t clistr_pull_fn(const char *inbuf, char *dest, const void *src, int dest_len, int src_len, int flags) { - return pull_string_fn(function, line, inbuf, + return pull_string_fn(inbuf, SVAL(inbuf, smb_flg2), dest, src, dest_len, src_len, flags); } -size_t clistr_pull_talloc_fn(const char *function, - unsigned int line, - TALLOC_CTX *ctx, +size_t clistr_pull_talloc_fn(TALLOC_CTX *ctx, const char *base, uint16_t flags2, char **pp_dest, @@ -75,9 +66,7 @@ size_t clistr_pull_talloc_fn(const char *function, int src_len, int flags) { - return pull_string_talloc_fn(function, - line, - ctx, + return pull_string_talloc_fn(ctx, base, flags2, pp_dest, diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c index d3f341138c..4fd533fcaf 100644 --- a/source3/smbd/srvstr.c +++ b/source3/smbd/srvstr.c @@ -23,8 +23,7 @@ /* Make sure we can't write a string past the end of the buffer */ -size_t srvstr_push_fn(const char *function, unsigned int line, - const char *base_ptr, uint16 smb_flags2, void *dest, +size_t srvstr_push_fn(const char *base_ptr, uint16 smb_flags2, void *dest, const char *src, int dest_len, int flags) { if (dest_len < 0) { @@ -32,7 +31,7 @@ size_t srvstr_push_fn(const char *function, unsigned int line, } /* 'normal' push into size-specified buffer */ - return push_string_base(function, line, base_ptr, smb_flags2, dest, src, + return push_string_base(base_ptr, smb_flags2, dest, src, dest_len, flags); } diff --git a/source3/wscript_build b/source3/wscript_build index cb3bbc29be..fa8c18edaa 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -77,7 +77,7 @@ LIB_SRC = ''' lib/access.c lib/smbrun.c lib/bitmap.c lib/dprintf.c lib/wins_srv.c - lib/clobber.c lib/util_sid.c + lib/util_sid.c lib/util_file.c lib/util.c lib/util_names.c lib/util_sock.c lib/sock_exec.c lib/util_sec.c |