summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-03-29 17:13:07 -0700
committerJeremy Allison <jra@samba.org>2012-03-30 21:26:07 +0200
commit959516d61bc6ee7cdd12409dde0ec00044208f1b (patch)
tree7639ccf8ba796ca775ff89b6e329d37f53a3ff9a /source3
parent60eb1621d2c3224a2c7e8bec947741446ecbc4b1 (diff)
downloadsamba-959516d61bc6ee7cdd12409dde0ec00044208f1b.tar.gz
samba-959516d61bc6ee7cdd12409dde0ec00044208f1b.tar.bz2
samba-959516d61bc6ee7cdd12409dde0ec00044208f1b.zip
More strlcat/strlcpy truncate checks.
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_script.c55
-rw-r--r--source3/libads/ads_struct.c11
-rw-r--r--source3/modules/vfs_afsacl.c12
-rw-r--r--source3/modules/vfs_recycle.c12
-rw-r--r--source3/modules/vfs_scannedonly.c5
-rw-r--r--source3/torture/torture.c10
-rw-r--r--source3/utils/net_rpc.c12
-rw-r--r--source3/web/swat.c3
8 files changed, 94 insertions, 26 deletions
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c
index 4432ff4aec..dc8794bf16 100644
--- a/source3/auth/auth_script.c
+++ b/source3/auth/auth_script.c
@@ -74,32 +74,62 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
return NT_STATUS_NO_MEMORY;
}
- strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len);
- strlcat( secret_str, "\n", secret_str_len);
- strlcat( secret_str, user_info->client.account_name, secret_str_len);
- strlcat( secret_str, "\n", secret_str_len);
+ if (strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
+ if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
+ if (strlcat( secret_str, user_info->client.account_name, secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
+ if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
for (i = 0; i < 8; i++) {
slprintf(&hex_str[i*2], 3, "%02X", auth_context->challenge.data[i]);
}
- strlcat( secret_str, hex_str, secret_str_len);
- strlcat( secret_str, "\n", secret_str_len);
+ if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
+ if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
if (user_info->password.response.lanman.data) {
for (i = 0; i < 24; i++) {
slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.lanman.data[i]);
}
- strlcat( secret_str, hex_str, secret_str_len);
+ if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
+ }
+ if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
}
- strlcat( secret_str, "\n", secret_str_len);
if (user_info->password.response.nt.data) {
for (i = 0; i < 24; i++) {
slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.nt.data[i]);
}
- strlcat( secret_str, hex_str, secret_str_len);
+ if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
+ }
+ }
+ if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
+ /* Truncate. */
+ goto cat_out;
}
- strlcat( secret_str, "\n", secret_str_len);
DEBUG(10,("script_check_user_credentials: running %s with parameters:\n%s\n",
script, secret_str ));
@@ -117,6 +147,11 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
/* Cause the auth system to keep going.... */
return NT_STATUS_NOT_IMPLEMENTED;
+
+ cat_out:
+
+ SAFE_FREE(secret_str);
+ return NT_STATUS_NO_MEMORY;
}
/* module initialisation */
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index b6c8e995ed..e6220fd320 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -52,10 +52,17 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int
return NULL;
}
- strlcpy(ret,field, len);
+ if (strlcpy(ret,field, len) >= len) {
+ /* Truncate ! */
+ free(r);
+ return NULL;
+ }
p=strtok_r(r, sep, &saveptr);
if (p) {
- strlcat(ret, p, len);
+ if (strlcat(ret, p, len) >= len) {
+ free(r);
+ return NULL;
+ }
while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) {
int retval;
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index e965e4c8b1..61a31458cf 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -316,16 +316,22 @@ static bool unparse_afs_acl(struct afs_acl *acl, char *acl_str)
}
fstr_sprintf(line, "%d\n", positives);
- strlcat(acl_str, line, MAXSIZE);
+ if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) {
+ return false;
+ }
fstr_sprintf(line, "%d\n", negatives);
- strlcat(acl_str, line, MAXSIZE);
+ if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) {
+ return false;
+ }
ace = acl->acelist;
while (ace != NULL) {
fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights);
- strlcat(acl_str, line, MAXSIZE);
+ if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) {
+ return false;
+ }
ace = ace->next;
}
return true;
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index c735dccd31..80332523ed 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -280,13 +280,17 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname)
*new_dir = '\0';
if (dname[0] == '/') {
/* Absolute path. */
- strlcat(new_dir,"/",len+1);
+ if (strlcat(new_dir,"/",len+1) >= len+1) {
+ goto done;
+ }
}
/* Create directory tree if neccessary */
for(token = strtok_r(tok_str, "/", &saveptr); token;
token = strtok_r(NULL, "/", &saveptr)) {
- strlcat(new_dir, token, len+1);
+ if (strlcat(new_dir, token, len+1) >= len+1) {
+ goto done;
+ }
if (recycle_directory_exist(handle, new_dir))
DEBUG(10, ("recycle: dir %s already exists\n", new_dir));
else {
@@ -297,7 +301,9 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname)
goto done;
}
}
- strlcat(new_dir, "/", len+1);
+ if (strlcat(new_dir, "/", len+1) >= len+1) {
+ goto done;
+ }
mode = recycle_subdir_mode(handle);
}
diff --git a/source3/modules/vfs_scannedonly.c b/source3/modules/vfs_scannedonly.c
index 1b35388b85..fcd2ed0a1c 100644
--- a/source3/modules/vfs_scannedonly.c
+++ b/source3/modules/vfs_scannedonly.c
@@ -327,8 +327,9 @@ static void notify_scanner(vfs_handle_struct * handle, const char *scanfile)
if (gsendlen + tmplen >= SENDBUFFERSIZE) {
flush_sendbuffer(handle);
}
- strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1);
- strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1);
+ /* FIXME ! Truncate checks... JRA. */
+ (void)strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1);
+ (void)strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1);
}
static bool is_scannedonly_file(struct Tscannedonly *so, const char *shortname)
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index e2a2744dae..b0c74e2f37 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -7338,8 +7338,14 @@ static bool run_shortname_test(int dummy)
goto out;
}
- strlcpy(fname, "\\shortname\\", sizeof(fname));
- strlcat(fname, "test .txt", sizeof(fname));
+ if (strlcpy(fname, "\\shortname\\", sizeof(fname)) >= sizeof(fname)) {
+ correct = false;
+ goto out;
+ }
+ if (strlcat(fname, "test .txt", sizeof(fname)) >= sizeof(fname)) {
+ correct = false;
+ goto out;
+ }
s.val = false;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 4aaf365a88..ad3f448c5e 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -3765,8 +3765,12 @@ static NTSTATUS copy_fn(const char *mnt, struct file_info *f,
}
/* search below that directory */
- strlcpy(new_mask, dir, sizeof(new_mask));
- strlcat(new_mask, "\\*", sizeof(new_mask));
+ if (strlcpy(new_mask, dir, sizeof(new_mask)) >= sizeof(new_mask)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (strlcat(new_mask, "\\*", sizeof(new_mask)) >= sizeof(new_mask)) {
+ return NT_STATUS_NO_MEMORY;
+ }
old_dir = local_state->cwd;
local_state->cwd = dir;
@@ -4807,7 +4811,9 @@ static bool get_user_tokens_from_file(FILE *f,
token = &((*tokens)[*num_tokens-1]);
- strlcpy(token->name, line, sizeof(token->name));
+ if (strlcpy(token->name, line, sizeof(token->name)) >= sizeof(token->name)) {
+ return false;
+ }
token->token.num_sids = 0;
token->token.sids = NULL;
continue;
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 34974b400f..0e17b015e9 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -176,7 +176,8 @@ void get_xsrf_token(const char *username, const char *pass,
char tmp[3];
snprintf(tmp, sizeof(tmp), "%02x", token[i]);
- strlcat(token_str, tmp, sizeof(tmp));
+ /* FIXME ! Truncate check. JRA. */
+ (void)strlcat(token_str, tmp, sizeof(tmp));
}
}