diff options
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/include/safe_string.h | 50 | ||||
-rw-r--r-- | source3/include/srvstr.h | 3 | ||||
-rw-r--r-- | source3/lib/gencache.c | 12 | ||||
-rw-r--r-- | source3/lib/util.c | 4 | ||||
-rw-r--r-- | source3/libsmb/clistr.c | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 3 | ||||
-rw-r--r-- | source3/smbd/connection.c | 6 | ||||
-rw-r--r-- | source3/smbd/process.c | 12 | ||||
-rw-r--r-- | source3/smbd/srvstr.c | 44 |
10 files changed, 96 insertions, 41 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 1176873088..1a2c038e19 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -316,7 +316,7 @@ SMBD_OBJ_SRV = smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/message.o smbd/nttrans.o smbd/pipes.o \ smbd/reply.o smbd/sesssetup.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o \ - smbd/blocking.o smbd/sec_ctx.o \ + smbd/blocking.o smbd/sec_ctx.o smbd/srvstr.o \ smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \ smbd/posix_acls.o lib/sysacls.o lib/server_mutex.o \ smbd/process.o smbd/service.o smbd/error.o \ diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 61ef4bdf96..f26a5785cb 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. Safe string handling routines. Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -48,6 +49,14 @@ #endif /* !_SPLINT_ */ +#ifdef DEVELOPER +#define SAFE_STRING_FUNCTION_NAME FUNCTION_MACRO +#define SAFE_STRING_LINE __LINE__ +#else +#define SAFE_STRING_FUNCTION_NAME ("") +#define SAFE_STRING_LINE (0) +#endif + /* We need a number of different prototypes for our non-existant fuctions */ char * __unsafe_string_function_usage_here__(void); @@ -141,32 +150,17 @@ size_t __unsafe_string_function_usage_here_char__(void); * long. This is not a good situation, because we can't do the normal * sanity checks. Don't use in new code! */ -#ifdef DEVELOPER -#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength) -#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(__FUNCTION__,__LINE__,dest,src,maxlength) -#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(__FUNCTION__,__LINE__,dest,src,maxlength) -#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, flags) -#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, src_len, flags) -#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, flags) -#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, src_len, flags) - -#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(__FUNCTION__,__LINE__,dest,src,other_safe_chars,maxlength) -#define StrnCpy(dest,src,n) StrnCpy_fn(__FUNCTION__,__LINE__,dest,src,n) - -#else - -#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(NULL,0,dest,src,maxlength) -#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(NULL,0,dest,src,maxlength) -#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(NULL,0,dest,src,maxlength) -#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, flags) -#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, src_len, flags) -#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, flags) -#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(NULL, 0, cli, dest, src, dest_len, src_len, flags) - -#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(NULL,0,dest,src,other_safe_chars,maxlength) -#define StrnCpy(dest,src,n) StrnCpy_fn(NULL,0,dest,src,n) -#endif /* DEVELOPER */ +#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) +#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) +#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) +#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) +#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, src_len, flags) +#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) +#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) +#define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) +#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,other_safe_chars,maxlength) +#define StrnCpy(dest,src,n) StrnCpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,n) #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS @@ -204,6 +198,11 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags)) +#define srvstr_push_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : srvstr_push_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) + #else #define safe_strcpy_fn2 safe_strcpy_fn @@ -212,6 +211,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define pull_string_fn2 pull_string_fn #define clistr_push_fn2 clistr_push_fn #define clistr_pull_fn2 clistr_pull_fn +#define srvstr_push_fn2 srvstr_push_fn #endif diff --git a/source3/include/srvstr.h b/source3/include/srvstr.h index a433e0e3f9..04db59cf01 100644 --- a/source3/include/srvstr.h +++ b/source3/include/srvstr.h @@ -20,9 +20,6 @@ #include "includes.h" -#define srvstr_push(base_ptr, dest, src, dest_len, flags) \ - push_string(base_ptr, dest, src, dest_len, flags) - #define srvstr_pull(base_ptr, dest, src, dest_len, src_len, flags) \ pull_string(base_ptr, dest, src, dest_len, src_len, flags) diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index 7260e477b8..6a66ce95b9 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -115,9 +115,9 @@ BOOL gencache_set(const char *keystr, const char *value, time_t timeout) asprintf(&valstr, CACHE_DATA_FMT, (int)timeout, value); keybuf.dptr = strdup(keystr); - keybuf.dsize = strlen(keystr); + keybuf.dsize = strlen(keystr)+1; databuf.dptr = strdup(valstr); - databuf.dsize = strlen(valstr); + databuf.dsize = strlen(valstr)+1; DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout \ = %s (%d seconds %s)\n", keybuf.dptr, value, ctime(&timeout), (int)(timeout - time(NULL)), timeout > time(NULL) ? "ahead" : "in the past")); @@ -167,9 +167,9 @@ BOOL gencache_set_only(const char *keystr, const char *valstr, time_t timeout) asprintf(&datastr, CACHE_DATA_FMT, (int)timeout, valstr); keybuf.dptr = strdup(keystr); - keybuf.dsize = strlen(keystr); + keybuf.dsize = strlen(keystr)+1; databuf.dptr = strdup(datastr); - databuf.dsize = strlen(datastr); + databuf.dsize = strlen(datastr)+1; DEBUGADD(10, ("New value = %s, new timeout = %s (%d seconds %s)", valstr, ctime(&timeout), (int)(timeout - time(NULL)), timeout > time(NULL) ? "ahead" : "in the past")); @@ -206,7 +206,7 @@ BOOL gencache_del(const char *keystr) if (!gencache_init()) return False; keybuf.dptr = strdup(keystr); - keybuf.dsize = strlen(keystr); + keybuf.dsize = strlen(keystr)+1; DEBUG(10, ("Deleting cache entry (key = %s)\n", keystr)); ret = tdb_delete(cache, keybuf); @@ -239,7 +239,7 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout) return False; keybuf.dptr = strdup(keystr); - keybuf.dsize = strlen(keystr); + keybuf.dsize = strlen(keystr)+1; databuf = tdb_fetch(cache, keybuf); if (databuf.dptr && databuf.dsize > TIMEOUT_LEN) { diff --git a/source3/lib/util.c b/source3/lib/util.c index 4216310335..4f564b332a 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2089,8 +2089,10 @@ void *smb_xmalloc(size_t size) void *p; if (size == 0) smb_panic("smb_xmalloc: called with zero size.\n"); - if ((p = malloc(size)) == NULL) + if ((p = malloc(size)) == NULL) { + DEBUG(0, ("smb_xmalloc() failed to allocate %lu bytes\n", (unsigned long)size)); smb_panic("smb_xmalloc: malloc fail.\n"); + } return p; } diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c index 97a3fa6cc9..bba9fcf15a 100644 --- a/source3/libsmb/clistr.c +++ b/source3/libsmb/clistr.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. client string routines Copyright (C) Andrew Tridgell 2001 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e91d4bdd32..85f92e81ff 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1268,6 +1268,9 @@ static void init_globals(void) /* using UTF8 by default allows us to support all chars */ string_set(&Globals.unix_charset, "UTF8"); + /* using UTF8 by default allows us to support all chars */ + string_set(&Globals.display_charset, "ASCII"); + /* Use codepage 850 as a default for the dos character set */ string_set(&Globals.dos_charset, "CP850"); diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index a7636e889e..17b5be8a7b 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -171,14 +171,14 @@ BOOL claim_connection(connection_struct *conn, const char *name,int max_connecti if (conn) { crec.uid = conn->uid; crec.gid = conn->gid; - StrnCpy(crec.name, + safe_strcpy(crec.name, lp_servicename(SNUM(conn)),sizeof(crec.name)-1); } crec.start = time(NULL); crec.bcast_msg_flags = msg_flags; - StrnCpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)-1); - StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1); + safe_strcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)-1); + safe_strcpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1); dbuf.dptr = (char *)&crec; dbuf.dsize = sizeof(crec); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 57bc236eef..16ef30c46c 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1249,12 +1249,16 @@ void smbd_process(void) extern int smb_echo_count; time_t last_timeout_processing_time = time(NULL); unsigned int num_smbs = 0; + const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN; - InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); - OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); + InBuffer = (char *)malloc(total_buffer_size); + OutBuffer = (char *)malloc(total_buffer_size); if ((InBuffer == NULL) || (OutBuffer == NULL)) return; + clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, InBuffer, total_buffer_size); + clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, OutBuffer, total_buffer_size); + max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); while (True) { @@ -1278,6 +1282,8 @@ void smbd_process(void) num_smbs = 0; /* Reset smb counter. */ } + clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, InBuffer, total_buffer_size); + while (!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout)) { if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time)) return; @@ -1295,6 +1301,8 @@ void smbd_process(void) */ num_echos = smb_echo_count; + clobber_region(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, OutBuffer, total_buffer_size); + process_smb(InBuffer, OutBuffer); if (smb_echo_count != num_echos) { diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c new file mode 100644 index 0000000000..409fd30a67 --- /dev/null +++ b/source3/smbd/srvstr.c @@ -0,0 +1,44 @@ +/* + Unix SMB/CIFS implementation. + server specific string routines + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +extern int max_send; + +/* Make sure we can't write a string past the end of the buffer */ + +size_t srvstr_push_fn(const char *function, unsigned int line, + const char *base_ptr, void *dest, + const char *src, int dest_len, int flags) +{ + size_t buf_used = PTR_DIFF(dest, base_ptr); + if (dest_len == -1) { + if (((ptrdiff_t)dest < (ptrdiff_t)base_ptr) || (buf_used > (size_t)max_send)) { +#if 0 + DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n")); +#endif + return push_string_fn(function, line, base_ptr, dest, src, -1, flags); + } + return push_string_fn(function, line, base_ptr, dest, src, max_send - buf_used, flags); + } + + /* 'normal' push into size-specified buffer */ + return push_string_fn(function, line, base_ptr, dest, src, dest_len, flags); +} |