summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-07-02 06:34:27 +0000
committerJeremy Allison <jra@samba.org>2002-07-02 06:34:27 +0000
commit82176f4d85225c2aae15f9ce3e03730f019934f5 (patch)
tree3a5ba0496d1e49c3c9c21de5b1fa4d8c56d593c1 /source3
parent9674ec6987a002ebdcfedeac4d66a096a1007bef (diff)
downloadsamba-82176f4d85225c2aae15f9ce3e03730f019934f5.tar.gz
samba-82176f4d85225c2aae15f9ce3e03730f019934f5.tar.bz2
samba-82176f4d85225c2aae15f9ce3e03730f019934f5.zip
Address the string_sub problem by changing len = 0 to mean "no expand".
Went through and checked all string_subs I could to ensure they're being used correctly. Jeremy. (This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_domain.c2
-rw-r--r--source3/auth/auth_server.c2
-rw-r--r--source3/auth/pampass.c2
-rw-r--r--source3/lib/substitute.c86
-rw-r--r--source3/lib/util_str.c32
-rw-r--r--source3/msdfs/msdfs.c14
-rw-r--r--source3/param/loadparm.c14
-rw-r--r--source3/printing/lpq_parse.c16
-rw-r--r--source3/printing/print_generic.c2
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c2
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c8
-rw-r--r--source3/smbd/lanman.c10
-rw-r--r--source3/smbd/message.c2
-rw-r--r--source3/smbd/service.c10
14 files changed, 121 insertions, 81 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 9997507757..f9f250c26a 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -69,7 +69,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
fstrcpy(remote_machine, server);
}
- standard_sub_basic(current_user_info.smb_name, remote_machine);
+ standard_sub_basic(current_user_info.smb_name, remote_machine, sizeof(remote_machine));
strupper(remote_machine);
if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 919cc8d3d8..23faedc0ba 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -49,7 +49,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
- standard_sub_basic(current_user_info.smb_name, desthost);
+ standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost));
strupper(desthost);
if(!resolve_name( desthost, &dest_ip, 0x20)) {
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 211e8bce15..1a3e55dd44 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -186,7 +186,7 @@ static void special_char_sub(char *buf)
static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass)
{
- pstring_sub(buf, "%u", username);
+ fstring_sub(buf, "%u", username);
all_string_sub(buf, "%o", oldpass, sizeof(fstring));
all_string_sub(buf, "%n", newpass, sizeof(fstring));
}
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 439263dd23..dbd382a942 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -160,9 +160,11 @@ static char *automount_server(const char *user_name)
/****************************************************************************
Do some standard substitutions in a string.
+ len is the length in bytes of the space allowed in string str. If zero means
+ don't allow expansions.
****************************************************************************/
-void standard_sub_basic(const char *smb_name, char *str)
+void standard_sub_basic(const char *smb_name, char *str,size_t len)
{
char *p, *s;
fstring pidstr;
@@ -171,7 +173,10 @@ void standard_sub_basic(const char *smb_name, char *str)
for (s=str; (p=strchr_m(s, '%'));s=p) {
fstring tmp_str;
- int l = sizeof(pstring) - (int)(p-str);
+ int l = (int)len - (int)(p-str);
+
+ if (l < 0)
+ l = 0;
switch (*(p+1)) {
case 'U' :
@@ -192,26 +197,43 @@ void standard_sub_basic(const char *smb_name, char *str)
strupper(tmp_str);
string_sub(p,"%D", tmp_str,l);
break;
- case 'I' : string_sub(p,"%I", client_addr(),l); break;
+ case 'I' :
+ string_sub(p,"%I", client_addr(),l);
+ break;
case 'L' :
- if (*local_machine) {
+ if (*local_machine)
string_sub(p,"%L", local_machine,l);
- } else {
+ else
string_sub(p,"%L", global_myname,l);
- }
break;
- case 'M' : string_sub(p,"%M", client_name(),l); break;
- case 'R' : string_sub(p,"%R", remote_proto,l); break;
- case 'T' : string_sub(p,"%T", timestring(False),l); break;
- case 'a' : string_sub(p,"%a", remote_arch,l); break;
+ case 'M' :
+ string_sub(p,"%M", client_name(),l);
+ break;
+ case 'R' :
+ string_sub(p,"%R", remote_proto,l);
+ break;
+ case 'T' :
+ string_sub(p,"%T", timestring(False),l);
+ break;
+ case 'a' :
+ string_sub(p,"%a", remote_arch,l);
+ break;
case 'd' :
slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid());
string_sub(p,"%d", pidstr,l);
break;
- case 'h' : string_sub(p,"%h", myhostname(),l); break;
- case 'm' : string_sub(p,"%m", remote_machine,l); break;
- case 'v' : string_sub(p,"%v", VERSION,l); break;
- case '$' : p += expand_env_var(p,l); break; /* Expand environment variables */
+ case 'h' :
+ string_sub(p,"%h", myhostname(),l);
+ break;
+ case 'm' :
+ string_sub(p,"%m", remote_machine,l);
+ break;
+ case 'v' :
+ string_sub(p,"%v", VERSION,l);
+ break;
+ case '$' :
+ p += expand_env_var(p,l);
+ break; /* Expand environment variables */
case '\0':
p++;
break; /* don't run off the end of the string */
@@ -228,30 +250,32 @@ void standard_sub_basic(const char *smb_name, char *str)
static void standard_sub_advanced(int snum, const char *user,
const char *connectpath, gid_t gid,
- const char *smb_name, char *str)
+ const char *smb_name, char *str, size_t len)
{
char *p, *s, *home;
for (s=str; (p=strchr_m(s, '%'));s=p) {
- int l = sizeof(pstring) - (int)(p-str);
-
+ int l = (int)len - (int)(p-str);
+
+ if (l < 0)
+ l = 0;
+
switch (*(p+1)) {
- case 'N' : string_sub(p,"%N", automount_server(user),l); break;
+ case 'N' :
+ string_sub(p,"%N", automount_server(user),l);
+ break;
case 'H':
- if ((home = get_user_home_dir(user))) {
+ if ((home = get_user_home_dir(user)))
string_sub(p,"%H",home, l);
- } else {
+ else
p += 2;
- }
break;
case 'P':
string_sub(p,"%P", connectpath, l);
break;
-
case 'S':
string_sub(p,"%S", lp_servicename(snum), l);
break;
-
case 'g':
string_sub(p,"%g", gidtoname(gid), l);
break;
@@ -278,7 +302,7 @@ static void standard_sub_advanced(int snum, const char *user,
}
}
- standard_sub_basic(smb_name, str);
+ standard_sub_basic(smb_name, str, len);
}
const char *standard_sub_specified(TALLOC_CTX *mem_ctx, const char *input_string,
@@ -328,8 +352,7 @@ const char *standard_sub_specified(TALLOC_CTX *mem_ctx, const char *input_string
}
}
- standard_sub_basic(username, input_pstring);
-
+ standard_sub_basic(username, input_pstring, sizeof(pstring));
return talloc_strdup(mem_ctx, input_pstring);
}
@@ -337,16 +360,17 @@ const char *standard_sub_specified(TALLOC_CTX *mem_ctx, const char *input_string
Do some standard substitutions in a string.
****************************************************************************/
-void standard_sub_conn(connection_struct *conn, char *str)
+void standard_sub_conn(connection_struct *conn, char *str, size_t len)
{
- standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, current_user_info.smb_name, str);
+ standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath,
+ conn->gid, current_user_info.smb_name, str, len);
}
/****************************************************************************
Like standard_sub but by snum.
****************************************************************************/
-void standard_sub_snum(int snum, char *str)
+void standard_sub_snum(int snum, char *str, size_t len)
{
extern struct current_user current_user;
static uid_t cached_uid = -1;
@@ -359,6 +383,6 @@ void standard_sub_snum(int snum, char *str)
cached_uid = current_user.uid;
}
- standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str);
+ standard_sub_advanced(snum, cached_user, "", -1,
+ current_user_info.smb_name, str, len);
}
-
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index eac3ebe929..9b4282c6e0 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -650,23 +650,30 @@ This routine looks for pattern in s and replaces it with
insert. It may do multiple replacements.
any of " ; ' $ or ` in the insert string are replaced with _
-if len==0 then no length check is performed
+if len==0 then the string cannot be extended. This is different from the old
+use of len==0 which was for no length checks to be done.
****************************************************************************/
+
void string_sub(char *s,const char *pattern,const char *insert, size_t len)
{
char *p;
ssize_t ls,lp,li, i;
- if (!insert || !pattern || !s) return;
+ if (!insert || !pattern || !s)
+ return;
ls = (ssize_t)strlen(s);
lp = (ssize_t)strlen(pattern);
li = (ssize_t)strlen(insert);
- if (!*pattern) return;
+ if (!*pattern)
+ return;
+
+ if (len == 0)
+ len = ls;
while (lp <= ls && (p = strstr(s,pattern))) {
- if (len && (ls + (li-lp) >= len)) {
+ if (ls + (li-lp) >= len) {
DEBUG(0,("ERROR: string overflow by %d in string_sub(%.50s, %d)\n",
(int)(ls + (li-lp) - len),
pattern, (int)len));
@@ -709,23 +716,30 @@ void pstring_sub(char *s,const char *pattern,const char *insert)
/****************************************************************************
similar to string_sub() but allows for any character to be substituted.
Use with caution!
-if len==0 then no length check is performed
+if len==0 then the string cannot be extended. This is different from the old
+use of len==0 which was for no length checks to be done.
****************************************************************************/
+
void all_string_sub(char *s,const char *pattern,const char *insert, size_t len)
{
char *p;
ssize_t ls,lp,li;
- if (!insert || !pattern || !s) return;
+ if (!insert || !pattern || !s)
+ return;
ls = (ssize_t)strlen(s);
lp = (ssize_t)strlen(pattern);
li = (ssize_t)strlen(insert);
- if (!*pattern) return;
+ if (!*pattern)
+ return;
+
+ if (len == 0)
+ len = ls;
while (lp <= ls && (p = strstr(s,pattern))) {
- if (len && (ls + (li-lp) >= len)) {
+ if (ls + (li-lp) >= len) {
DEBUG(0,("ERROR: string overflow by %d in all_string_sub(%.50s, %d)\n",
(int)(ls + (li-lp) - len),
pattern, (int)len));
@@ -743,10 +757,8 @@ void all_string_sub(char *s,const char *pattern,const char *insert, size_t len)
/****************************************************************************
similar to all_string_sub but for unicode strings.
return a new allocate unicode string.
-len is the number of bytes, not chars
similar to string_sub() but allows for any character to be substituted.
Use with caution!
- if len==0 then no length check is performed
****************************************************************************/
smb_ucs2_t *all_string_sub_w(const smb_ucs2_t *s, const smb_ucs2_t *pattern,
diff --git a/source3/msdfs/msdfs.c b/source3/msdfs/msdfs.c
index 1af848b55a..3e66c1c10c 100644
--- a/source3/msdfs/msdfs.c
+++ b/source3/msdfs/msdfs.c
@@ -80,13 +80,12 @@ static BOOL parse_dfs_path(char* pathname, struct dfs_path* pdp)
Fake up a connection struct for the VFS layer.
*********************************************************/
-static BOOL create_conn_struct( connection_struct *conn, int snum,
- char *path)
+static BOOL create_conn_struct( connection_struct *conn, int snum, char *path)
{
ZERO_STRUCTP(conn);
conn->service = snum;
conn->connectpath = path;
- pstring_sub(conn->connectpath, "%S", lp_servicename(snum));
+ pstring_sub(conn->connectpath , "%S", lp_servicename(snum));
if (!smbd_vfs_init(conn)) {
DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n"));
@@ -335,6 +334,7 @@ BOOL get_referred_path(char *pathname, struct junction_map* jn,
struct connection_struct conns;
struct connection_struct* conn = &conns;
+ pstring conn_path;
int snum;
BOOL self_referral = False;
@@ -371,7 +371,8 @@ BOOL get_referred_path(char *pathname, struct junction_map* jn,
return False;
}
- if (!create_conn_struct(conn, snum, lp_pathname(snum)))
+ pstrcpy(conn_path, lp_pathname(snum));
+ if (!create_conn_struct(conn, snum, conn_path))
return False;
if (!lp_msdfs_root(SNUM(conn))) {
@@ -701,10 +702,12 @@ BOOL create_junction(char* pathname, struct junction_map* jn)
/**********************************************************************
Forms a valid Unix pathname from the junction
**********************************************************************/
+
static BOOL junction_to_local_path(struct junction_map* jn, char* path,
int max_pathlen, connection_struct *conn)
{
int snum;
+ pstring conn_path;
if(!path || !jn)
return False;
@@ -718,7 +721,8 @@ static BOOL junction_to_local_path(struct junction_map* jn, char* path,
strlower(jn->volume_name);
safe_strcat(path, jn->volume_name, max_pathlen-1);
- if (!create_conn_struct(conn, snum, lp_pathname(snum)))
+ pstrcpy(conn_path, lp_pathname(snum));
+ if (!create_conn_struct(conn, snum, conn_path))
return False;
return True;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 5051d67d34..e8f5d84d3c 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1409,7 +1409,7 @@ static char *lp_string(const char *s)
trim_string(ret, "\"", "\"");
- standard_sub_basic(current_user_info.smb_name,ret);
+ standard_sub_basic(current_user_info.smb_name,ret,len+100);
return (ret);
}
@@ -2263,7 +2263,7 @@ BOOL lp_file_list_changed(void)
time_t mod_time;
pstrcpy(n2, f->name);
- standard_sub_basic(current_user_info.smb_name, n2);
+ standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2));
DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
f->name, n2, ctime(&f->modtime)));
@@ -2296,7 +2296,7 @@ static BOOL handle_netbios_name(char *pszParmValue, char **ptr)
pstrcpy(netbios_name, pszParmValue);
- standard_sub_basic(current_user_info.smb_name, netbios_name);
+ standard_sub_basic(current_user_info.smb_name, netbios_name,sizeof(netbios_name));
strupper(netbios_name);
pstrcpy(global_myname, netbios_name);
@@ -2378,7 +2378,7 @@ static BOOL handle_source_env(char *pszParmValue, char **ptr)
pstrcpy(fname, pszParmValue);
- standard_sub_basic(current_user_info.smb_name, fname);
+ standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname));
string_set(ptr, pszParmValue);
@@ -2436,7 +2436,7 @@ static BOOL handle_include(char *pszParmValue, char **ptr)
pstring fname;
pstrcpy(fname, pszParmValue);
- standard_sub_basic(current_user_info.smb_name, fname);
+ standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname));
add_to_file_list(pszParmValue, fname);
@@ -3518,7 +3518,7 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
param_opt_struct *data, *pdata;
pstrcpy(n2, pszFname);
- standard_sub_basic(current_user_info.smb_name, n2);
+ standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2));
add_to_file_list(pszFname, n2);
@@ -3653,7 +3653,7 @@ int lp_servicenumber(const char *pszServiceName)
* service names
*/
fstrcpy(serviceName, ServicePtrs[iService]->szService);
- standard_sub_basic(current_user_info.smb_name, serviceName);
+ standard_sub_basic(current_user_info.smb_name, serviceName,sizeof(serviceName));
if (strequal(serviceName, pszServiceName))
break;
}
diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
index 9d8b1cc2aa..5deb85425e 100644
--- a/source3/printing/lpq_parse.c
+++ b/source3/printing/lpq_parse.c
@@ -314,7 +314,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
int count=0;
/* handle the case of "(standard input)" as a filename */
- pstring_sub(line,"standard input","STDIN");
+ string_sub(line,"standard input","STDIN",0);
all_string_sub(line,"(","\"",0);
all_string_sub(line,")","\"",0);
@@ -431,7 +431,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
}
if (!header_line_ok) return (False); /* incorrect header line */
/* handle the case of "(standard input)" as a filename */
- pstring_sub(line,"standard input","STDIN");
+ string_sub(line,"standard input","STDIN",0);
all_string_sub(line,"(","\"",0);
all_string_sub(line,")","\"",0);
@@ -469,7 +469,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
else if (base_prio) base_prio_reset=False;
/* handle the dash in the job id */
- pstring_sub(line,"-"," ");
+ string_sub(line,"-"," ",0);
for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
@@ -593,14 +593,14 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
DEBUG(4,("antes [%s]\n", line));
/* handle the case of "-- standard input --" as a filename */
- pstring_sub(line,"standard input","STDIN");
+ string_sub(line,"standard input","STDIN",0);
DEBUG(4,("despues [%s]\n", line));
all_string_sub(line,"-- ","\"",0);
all_string_sub(line," --","\"",0);
DEBUG(4,("despues 1 [%s]\n", line));
- pstring_sub(line,"[job #","");
- pstring_sub(line,"]","");
+ string_sub(line,"[job #","",0);
+ string_sub(line,"]","",0);
DEBUG(4,("despues 2 [%s]\n", line));
@@ -656,7 +656,7 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
int count=0;
/* handle the case of "(standard input)" as a filename */
- pstring_sub(line,"stdin","STDIN");
+ string_sub(line,"stdin","STDIN",0);
all_string_sub(line,"(","\"",0);
all_string_sub(line,")","\"",0);
@@ -726,7 +726,7 @@ static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first)
int count=0;
/* mung all the ":"s to spaces*/
- pstring_sub(line,":"," ");
+ string_sub(line,":"," ",0);
for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index e1517c5dcb..a32521c721 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -78,7 +78,7 @@ static int print_run_command(int snum,char *command, int *outfd, ...)
p = PRINTERNAME(snum);
pstring_sub(syscmd, "%p", p);
- standard_sub_snum(snum,syscmd);
+ standard_sub_snum(snum,syscmd,sizeof(syscmd));
ret = smbrun(syscmd,outfd);
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 7e793c1e1d..9b17bdb7ee 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -5051,7 +5051,7 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer)
get_called_name());
/* change \ to \\ for the shell */
all_string_sub(driverlocation,"\\","\\\\",sizeof(pstring));
- standard_sub_basic(current_user_info.smb_name, remote_machine);
+ standard_sub_basic(current_user_info.smb_name, remote_machine,sizeof(remote_machine));
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"",
cmd, printer->info_2->printername, printer->info_2->sharename,
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index e8fe603ed8..b5f6bd2f07 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -41,7 +41,7 @@ static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int sn
pstrcpy(net_name, lp_servicename(snum));
pstrcpy(remark, lp_comment(snum));
- standard_sub_conn(p->conn, remark);
+ standard_sub_conn(p->conn, remark,sizeof(remark));
len_net_name = strlen(net_name);
/* work out the share type */
@@ -73,7 +73,7 @@ static void init_srv_share_info_2(pipes_struct *p, SRV_SHARE_INFO_2 *sh2, int sn
pstrcpy(net_name, lp_servicename(snum));
pstrcpy(remark, lp_comment(snum));
- standard_sub_conn(p->conn, remark);
+ standard_sub_conn(p->conn, remark,sizeof(remark));
pstrcpy(path, "C:");
pstrcat(path, lp_pathname(snum));
@@ -357,7 +357,7 @@ static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501,
pstrcpy(net_name, lp_servicename(snum));
pstrcpy(remark, lp_comment(snum));
- standard_sub_conn(p->conn, remark);
+ standard_sub_conn(p->conn, remark, sizeof(remark));
len_net_name = strlen(net_name);
@@ -396,7 +396,7 @@ static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502,
pstrcpy(net_name, lp_servicename(snum));
pstrcpy(remark, lp_comment(snum));
- standard_sub_conn(p->conn, remark);
+ standard_sub_conn(p->conn, remark,sizeof(remark));
pstrcpy(path, "C:");
pstrcat(path, lp_pathname(snum));
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 3eca6695d2..217bb6a613 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -71,7 +71,7 @@ static int CopyExpanded(connection_struct *conn,
StrnCpy(buf,src,sizeof(buf)/2);
pstring_sub(buf,"%S",lp_servicename(snum));
- standard_sub_conn(conn,buf);
+ standard_sub_conn(conn,buf,sizeof(buf));
l = push_ascii(*dst,buf,*n-1, STR_TERMINATE);
(*dst) += l;
(*n) -= l;
@@ -94,7 +94,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char* s)
if (!s) return(0);
StrnCpy(buf,s,sizeof(buf)/2);
pstring_sub(buf,"%S",lp_servicename(snum));
- standard_sub_conn(conn,buf);
+ standard_sub_conn(conn,buf,sizeof(buf));
return strlen(buf) + 1;
}
@@ -104,7 +104,7 @@ static char* Expand(connection_struct *conn, int snum, char* s)
if (!s) return(NULL);
StrnCpy(buf,s,sizeof(buf)/2);
pstring_sub(buf,"%S",lp_servicename(snum));
- standard_sub_conn(conn,buf);
+ standard_sub_conn(conn,buf,sizeof(buf));
return &buf[0];
}
@@ -2451,7 +2451,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
SIVAL(p,6,0);
} else {
SIVAL(p,6,PTR_DIFF(p2,*rdata));
- standard_sub_conn(conn,comment);
+ standard_sub_conn(conn,comment,sizeof(comment));
StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0));
p2 = skip_string(p2,1);
}
@@ -2860,7 +2860,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
SSVALS(p,104,-1); /* num_logons */
SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */
pstrcpy(p2,"\\\\%L");
- standard_sub_conn(conn, p2);
+ standard_sub_conn(conn, p2,0);
p2 = skip_string(p2,1);
SSVAL(p,110,49); /* country_code */
SSVAL(p,112,860); /* code page */
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index c2eb16c99e..ba646f12aa 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -85,7 +85,7 @@ static void msg_deliver(void)
pstrcpy(s,lp_msg_command());
pstring_sub(s,"%f",alpha_strcpy(alpha_msgfrom,msgfrom,NULL,sizeof(alpha_msgfrom)));
pstring_sub(s,"%t",alpha_strcpy(alpha_msgto,msgto,NULL,sizeof(alpha_msgto)));
- standard_sub_basic(current_user_info.smb_name, s);
+ standard_sub_basic(current_user_info.smb_name, s, sizeof(s));
pstring_sub(s,"%s",name);
smbrun(s,NULL);
}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 590e4cedfc..0fec7b24a9 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -518,7 +518,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
{
pstring s;
pstrcpy(s,lp_pathname(snum));
- standard_sub_conn(conn,s);
+ standard_sub_conn(conn,s,sizeof(s));
string_set(&conn->connectpath,s);
DEBUG(3,("Connect path is %s\n",s));
}
@@ -584,7 +584,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
int ret;
pstring cmd;
pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
- standard_sub_conn(conn,cmd);
+ standard_sub_conn(conn,cmd,sizeof(cmd));
DEBUG(5,("cmd=%s\n",cmd));
ret = smbrun(cmd,NULL);
if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) {
@@ -613,7 +613,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
int ret;
pstring cmd;
pstrcpy(cmd,lp_preexec(SNUM(conn)));
- standard_sub_conn(conn,cmd);
+ standard_sub_conn(conn,cmd,sizeof(cmd));
ret = smbrun(cmd,NULL);
if (ret != 0 && lp_preexec_close(SNUM(conn))) {
DEBUG(1,("preexec gave %d - failing connection\n", ret));
@@ -859,7 +859,7 @@ void close_cnum(connection_struct *conn, uint16 vuid)
change_to_user(conn, vuid)) {
pstring cmd;
pstrcpy(cmd,lp_postexec(SNUM(conn)));
- standard_sub_conn(conn,cmd);
+ standard_sub_conn(conn,cmd,sizeof(cmd));
smbrun(cmd,NULL);
change_to_root_user();
}
@@ -869,7 +869,7 @@ void close_cnum(connection_struct *conn, uint16 vuid)
if (*lp_rootpostexec(SNUM(conn))) {
pstring cmd;
pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
- standard_sub_conn(conn,cmd);
+ standard_sub_conn(conn,cmd,sizeof(cmd));
smbrun(cmd,NULL);
}