diff options
-rw-r--r-- | source3/include/mangle.h | 2 | ||||
-rw-r--r-- | source3/lib/util_str.c | 16 | ||||
-rw-r--r-- | source3/smbd/filename.c | 4 | ||||
-rw-r--r-- | source3/smbd/mangle.c | 4 | ||||
-rw-r--r-- | source3/smbd/mangle_hash.c | 10 | ||||
-rw-r--r-- | source3/smbd/mangle_hash2.c | 8 | ||||
-rw-r--r-- | source3/smbd/reply.c | 6 |
7 files changed, 28 insertions, 22 deletions
diff --git a/source3/include/mangle.h b/source3/include/mangle.h index 1d7cdf7362..08d511689d 100644 --- a/source3/include/mangle.h +++ b/source3/include/mangle.h @@ -8,7 +8,7 @@ struct mangle_fns { BOOL (*is_mangled)(const char *s); BOOL (*is_8_3)(const char *fname, BOOL check_case, BOOL allow_wildcards); void (*reset)(void); - BOOL (*check_cache)(char *s); + BOOL (*check_cache)(char *s, size_t maxlen); void (*name_map)(char *OutName, BOOL need83, BOOL cache83, int default_case); }; #endif /* _MANGLE_H_ */ diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 7c5fa11c92..1083076edd 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1949,7 +1949,9 @@ DATA_BLOB base64_decode_data_blob(const char *s) s++; i++; } - if (*s == '=') n -= 1; + if ((n > 0) && (*s == '=')) { + n -= 1; + } /* fix up length */ decoded.length = n; @@ -1962,9 +1964,15 @@ DATA_BLOB base64_decode_data_blob(const char *s) void base64_decode_inplace(char *s) { DATA_BLOB decoded = base64_decode_data_blob(s); - memcpy(s, decoded.data, decoded.length); - /* null terminate */ - s[decoded.length] = '\0'; + + if ( decoded.length != 0 ) { + memcpy(s, decoded.data, decoded.length); + + /* null terminate */ + s[decoded.length] = '\0'; + } else { + *s = '\0'; + } data_blob_free(&decoded); } diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index ab75d9c06a..cc1c0a40b6 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -326,7 +326,7 @@ BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_componen */ if (mangle_is_mangled(start)) { - mangle_check_cache( start ); + mangle_check_cache( start, sizeof(pstring) - 1 - (start - name) ); } DEBUG(5,("New file %s\n",start)); @@ -476,7 +476,7 @@ static BOOL scan_directory(const char *path, char *name, size_t maxlength, * (JRA). */ if (mangled) - mangled = !mangle_check_cache( name ); + mangled = !mangle_check_cache( name, maxlength ); /* open the directory */ if (!(cur_dir = OpenDir(conn, path, True))) { diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c index b77fe601b6..43becff69d 100644 --- a/source3/smbd/mangle.c +++ b/source3/smbd/mangle.c @@ -98,9 +98,9 @@ BOOL mangle_is_8_3_wildcards(const char *fname, BOOL check_case) looking for a matching name if it doesn't. It should succeed most of the time or there will be a huge performance penalty */ -BOOL mangle_check_cache(char *s) +BOOL mangle_check_cache(char *s, size_t maxlen) { - return mangle_fns->check_cache(s); + return mangle_fns->check_cache(s, maxlen); } /* diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index d7239b82a7..13ec99a917 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -557,7 +557,7 @@ static void cache_mangled_name( char *mangled_name, char *raw_name ) * Check for a name on the mangled name stack * * Input: s - Input *and* output string buffer. - * + * maxlen - space in i/o string buffer. * Output: True if the name was found in the cache, else False. * * Notes: If a reverse map is found, the function will overwrite the string @@ -568,7 +568,7 @@ static void cache_mangled_name( char *mangled_name, char *raw_name ) * ************************************************************************** ** */ -static BOOL check_cache( char *s ) +static BOOL check_cache( char *s, size_t maxlen ) { ubi_cacheEntryPtr FoundPtr; char *ext_start = NULL; @@ -602,7 +602,7 @@ static BOOL check_cache( char *s ) if( !FoundPtr ) { if(saved_ext) { /* Replace the saved_ext as it was truncated. */ - (void)pstrcat( s, saved_ext ); + (void)safe_strcat( s, saved_ext, maxlen ); SAFE_FREE(saved_ext); } return( False ); @@ -612,10 +612,10 @@ static BOOL check_cache( char *s ) found_name = (char *)(FoundPtr + 1); found_name += (strlen( found_name ) + 1); - (void)pstrcpy( s, found_name ); + (void)safe_strcpy( s, found_name, maxlen ); if( saved_ext ) { /* Replace the saved_ext as it was truncated. */ - (void)pstrcat( s, saved_ext ); + (void)safe_strcat( s, saved_ext, maxlen ); SAFE_FREE(saved_ext); } diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c index dcfd7663ba..f68873687b 100644 --- a/source3/smbd/mangle_hash2.c +++ b/source3/smbd/mangle_hash2.c @@ -362,10 +362,8 @@ static void mangle_reset(void) /* try to find a 8.3 name in the cache, and if found then replace the string with the original long name. - - The filename must be able to hold at least sizeof(fstring) */ -static BOOL check_cache(char *name) +static BOOL check_cache(char *name, size_t maxlen) { u32 hash, multiplier; unsigned int i; @@ -403,10 +401,10 @@ static BOOL check_cache(char *name) if (extension[0]) { M_DEBUG(10,("check_cache: %s -> %s.%s\n", name, prefix, extension)); - slprintf(name, sizeof(fstring), "%s.%s", prefix, extension); + slprintf(name, maxlen, "%s.%s", prefix, extension); } else { M_DEBUG(10,("check_cache: %s -> %s\n", name, prefix)); - fstrcpy(name, prefix); + safe_strcpy(name, prefix, maxlen); } return True; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 71efb793af..f3ab709df4 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1583,7 +1583,7 @@ NTSTATUS unlink_internals(connection_struct *conn, int dirtype, char *name) */ if (!rc && mangle_is_mangled(mask)) - mangle_check_cache( mask ); + mangle_check_cache( mask, sizeof(pstring)-1 ); if (!has_wild) { pstrcat(directory,"/"); @@ -3738,7 +3738,7 @@ NTSTATUS rename_internals(connection_struct *conn, char *name, char *newname, ui */ if (!rc && mangle_is_mangled(mask)) - mangle_check_cache( mask ); + mangle_check_cache( mask, sizeof(pstring)-1 ); has_wild = ms_has_wild(mask); @@ -4216,7 +4216,7 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, */ if (!rc && mangle_is_mangled(mask)) - mangle_check_cache( mask ); + mangle_check_cache( mask, sizeof(pstring)-1 ); has_wild = ms_has_wild(mask); |