summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/mangle.h2
-rw-r--r--source3/lib/util_str.c16
-rw-r--r--source3/smbd/filename.c4
-rw-r--r--source3/smbd/mangle.c4
-rw-r--r--source3/smbd/mangle_hash.c10
-rw-r--r--source3/smbd/mangle_hash2.c8
-rw-r--r--source3/smbd/reply.c6
7 files changed, 28 insertions, 22 deletions
diff --git a/source3/include/mangle.h b/source3/include/mangle.h
index 1d7cdf7362..08d511689d 100644
--- a/source3/include/mangle.h
+++ b/source3/include/mangle.h
@@ -8,7 +8,7 @@ struct mangle_fns {
BOOL (*is_mangled)(const char *s);
BOOL (*is_8_3)(const char *fname, BOOL check_case, BOOL allow_wildcards);
void (*reset)(void);
- BOOL (*check_cache)(char *s);
+ BOOL (*check_cache)(char *s, size_t maxlen);
void (*name_map)(char *OutName, BOOL need83, BOOL cache83, int default_case);
};
#endif /* _MANGLE_H_ */
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 7c5fa11c92..1083076edd 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1949,7 +1949,9 @@ DATA_BLOB base64_decode_data_blob(const char *s)
s++; i++;
}
- if (*s == '=') n -= 1;
+ if ((n > 0) && (*s == '=')) {
+ n -= 1;
+ }
/* fix up length */
decoded.length = n;
@@ -1962,9 +1964,15 @@ DATA_BLOB base64_decode_data_blob(const char *s)
void base64_decode_inplace(char *s)
{
DATA_BLOB decoded = base64_decode_data_blob(s);
- memcpy(s, decoded.data, decoded.length);
- /* null terminate */
- s[decoded.length] = '\0';
+
+ if ( decoded.length != 0 ) {
+ memcpy(s, decoded.data, decoded.length);
+
+ /* null terminate */
+ s[decoded.length] = '\0';
+ } else {
+ *s = '\0';
+ }
data_blob_free(&decoded);
}
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index ab75d9c06a..cc1c0a40b6 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -326,7 +326,7 @@ BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_componen
*/
if (mangle_is_mangled(start)) {
- mangle_check_cache( start );
+ mangle_check_cache( start, sizeof(pstring) - 1 - (start - name) );
}
DEBUG(5,("New file %s\n",start));
@@ -476,7 +476,7 @@ static BOOL scan_directory(const char *path, char *name, size_t maxlength,
* (JRA).
*/
if (mangled)
- mangled = !mangle_check_cache( name );
+ mangled = !mangle_check_cache( name, maxlength );
/* open the directory */
if (!(cur_dir = OpenDir(conn, path, True))) {
diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c
index b77fe601b6..43becff69d 100644
--- a/source3/smbd/mangle.c
+++ b/source3/smbd/mangle.c
@@ -98,9 +98,9 @@ BOOL mangle_is_8_3_wildcards(const char *fname, BOOL check_case)
looking for a matching name if it doesn't. It should succeed most of the time
or there will be a huge performance penalty
*/
-BOOL mangle_check_cache(char *s)
+BOOL mangle_check_cache(char *s, size_t maxlen)
{
- return mangle_fns->check_cache(s);
+ return mangle_fns->check_cache(s, maxlen);
}
/*
diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c
index d7239b82a7..13ec99a917 100644
--- a/source3/smbd/mangle_hash.c
+++ b/source3/smbd/mangle_hash.c
@@ -557,7 +557,7 @@ static void cache_mangled_name( char *mangled_name, char *raw_name )
* Check for a name on the mangled name stack
*
* Input: s - Input *and* output string buffer.
- *
+ * maxlen - space in i/o string buffer.
* Output: True if the name was found in the cache, else False.
*
* Notes: If a reverse map is found, the function will overwrite the string
@@ -568,7 +568,7 @@ static void cache_mangled_name( char *mangled_name, char *raw_name )
* ************************************************************************** **
*/
-static BOOL check_cache( char *s )
+static BOOL check_cache( char *s, size_t maxlen )
{
ubi_cacheEntryPtr FoundPtr;
char *ext_start = NULL;
@@ -602,7 +602,7 @@ static BOOL check_cache( char *s )
if( !FoundPtr ) {
if(saved_ext) {
/* Replace the saved_ext as it was truncated. */
- (void)pstrcat( s, saved_ext );
+ (void)safe_strcat( s, saved_ext, maxlen );
SAFE_FREE(saved_ext);
}
return( False );
@@ -612,10 +612,10 @@ static BOOL check_cache( char *s )
found_name = (char *)(FoundPtr + 1);
found_name += (strlen( found_name ) + 1);
- (void)pstrcpy( s, found_name );
+ (void)safe_strcpy( s, found_name, maxlen );
if( saved_ext ) {
/* Replace the saved_ext as it was truncated. */
- (void)pstrcat( s, saved_ext );
+ (void)safe_strcat( s, saved_ext, maxlen );
SAFE_FREE(saved_ext);
}
diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c
index dcfd7663ba..f68873687b 100644
--- a/source3/smbd/mangle_hash2.c
+++ b/source3/smbd/mangle_hash2.c
@@ -362,10 +362,8 @@ static void mangle_reset(void)
/*
try to find a 8.3 name in the cache, and if found then
replace the string with the original long name.
-
- The filename must be able to hold at least sizeof(fstring)
*/
-static BOOL check_cache(char *name)
+static BOOL check_cache(char *name, size_t maxlen)
{
u32 hash, multiplier;
unsigned int i;
@@ -403,10 +401,10 @@ static BOOL check_cache(char *name)
if (extension[0]) {
M_DEBUG(10,("check_cache: %s -> %s.%s\n", name, prefix, extension));
- slprintf(name, sizeof(fstring), "%s.%s", prefix, extension);
+ slprintf(name, maxlen, "%s.%s", prefix, extension);
} else {
M_DEBUG(10,("check_cache: %s -> %s\n", name, prefix));
- fstrcpy(name, prefix);
+ safe_strcpy(name, prefix, maxlen);
}
return True;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 71efb793af..f3ab709df4 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1583,7 +1583,7 @@ NTSTATUS unlink_internals(connection_struct *conn, int dirtype, char *name)
*/
if (!rc && mangle_is_mangled(mask))
- mangle_check_cache( mask );
+ mangle_check_cache( mask, sizeof(pstring)-1 );
if (!has_wild) {
pstrcat(directory,"/");
@@ -3738,7 +3738,7 @@ NTSTATUS rename_internals(connection_struct *conn, char *name, char *newname, ui
*/
if (!rc && mangle_is_mangled(mask))
- mangle_check_cache( mask );
+ mangle_check_cache( mask, sizeof(pstring)-1 );
has_wild = ms_has_wild(mask);
@@ -4216,7 +4216,7 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
*/
if (!rc && mangle_is_mangled(mask))
- mangle_check_cache( mask );
+ mangle_check_cache( mask, sizeof(pstring)-1 );
has_wild = ms_has_wild(mask);