summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/messages.c6
-rw-r--r--source3/smbd/connection.c3
-rw-r--r--source3/utils/status.c6
-rw-r--r--source3/web/statuspage.c22
4 files changed, 30 insertions, 7 deletions
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 3b45a9c305..b18cebf6cf 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -361,9 +361,13 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
struct connections_data crec;
struct msg_all *msg_all = (struct msg_all *)state;
+ if (dbuf.dsize != sizeof(crec))
+ return 0;
+
memcpy(&crec, dbuf.dptr, sizeof(crec));
- if (crec.cnum != -1) return 0;
+ if (crec.cnum != -1)
+ return 0;
/* if the msg send fails because the pid was not found (i.e. smbd died),
* the msg has already been deleted from the messages.tdb.*/
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 47579fa5f7..5a3fcc2975 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -79,6 +79,9 @@ static int count_fn( TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *u
struct connections_data crec;
struct count_stat *cs = (struct count_stat *)udp;
+ if (dbuf.dsize != sizeof(crec))
+ return 0;
+
memcpy(&crec, dbuf.dptr, sizeof(crec));
if (crec.cnum == -1)
diff --git a/source3/utils/status.c b/source3/utils/status.c
index 243ccdd755..55c3c1bad1 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -186,9 +186,13 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *st
struct session_record *ptr;
struct connections_data crec;
+ if (dbuf.dsize != sizeof(crec))
+ return 0;
+
memcpy(&crec, dbuf.dptr, sizeof(crec));
- if (crec.cnum == -1) return 0;
+ if (crec.cnum == -1)
+ return 0;
if (!process_exists(crec.pid) || !Ucrit_checkUsername(uidtoname(crec.uid))) {
return 0;
diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c
index 27a40d1695..51f2e8f00e 100644
--- a/source3/web/statuspage.c
+++ b/source3/web/statuspage.c
@@ -1,6 +1,6 @@
/*
Unix SMB/Netbios implementation.
- Version 1.9.
+ Version 2.2.
web status page
Copyright (C) Andrew Tridgell 1997-1998
@@ -76,6 +76,10 @@ static void print_share_mode(share_mode_entry *e, char *fname)
static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
{
struct connections_data crec;
+
+ if (dbuf.dsize != sizeof(crec))
+ return 0;
+
memcpy(&crec, dbuf.dptr, sizeof(crec));
if (crec.cnum == -1 && process_exists(crec.pid)) {
@@ -92,10 +96,14 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* st
static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
{
struct connections_data crec;
+
+ if (dbuf.dsize != sizeof(crec))
+ return 0;
+
memcpy(&crec, dbuf.dptr, sizeof(crec));
- if (crec.cnum != -1 || !process_exists(crec.pid) ||
- (crec.pid == smbd_pid)) return 0;
+ if (crec.cnum != -1 || !process_exists(crec.pid) || (crec.pid == smbd_pid))
+ return 0;
printf("<tr><td>%d</td><td>%s</td><td>%s</td><td>%s</td>\n",
(int)crec.pid,
@@ -114,9 +122,14 @@ static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* st
static int traverse_fn3(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
{
struct connections_data crec;
+
+ if (dbuf.dsize != sizeof(crec))
+ return 0;
+
memcpy(&crec, dbuf.dptr, sizeof(crec));
- if (crec.cnum == -1 || !process_exists(crec.pid)) return 0;
+ if (crec.cnum == -1 || !process_exists(crec.pid))
+ return 0;
printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%d</td><td>%s</td><td>%s</td></tr>\n",
crec.name,uidtoname(crec.uid),
@@ -278,4 +291,3 @@ void status_page(void)
printf("//-->\n</script>\n");
}
}
-