diff options
-rw-r--r-- | source3/include/safe_string.h | 3 | ||||
-rw-r--r-- | source3/lib/util.c | 2 | ||||
-rw-r--r-- | source3/smbd/chgpasswd.c | 2 | ||||
-rw-r--r-- | source3/smbd/dir.c | 12 | ||||
-rw-r--r-- | source3/smbd/filename.c | 6 | ||||
-rw-r--r-- | source3/smbd/mangle.c | 2 | ||||
-rw-r--r-- | source3/smbd/mangle_hash2.c | 2 | ||||
-rw-r--r-- | source3/smbd/mangle_map.c | 2 | ||||
-rw-r--r-- | source3/smbd/reply.c | 10 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 27 |
10 files changed, 39 insertions, 29 deletions
diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 431dc400aa..95cf23df83 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -96,4 +96,7 @@ char * __unsafe_string_function_usage_here__(void); #define push_pstring_base(dest, src, pstring_base) \ push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) +#define safe_strcpy_base(dest, src, base, size) \ + safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) + #endif diff --git a/source3/lib/util.c b/source3/lib/util.c index 77ffa70a47..bdf67a515a 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1421,7 +1421,7 @@ void smb_panic(const char *why) A readdir wrapper which just returns the file name. ********************************************************************/ -char *readdirname(DIR *p) +const char *readdirname(DIR *p) { SMB_STRUCT_DIRENT *ptr; char *dname; diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 401ab131ad..31c4fa7cc9 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -64,7 +64,7 @@ static int findpty(char **slave) int master; static fstring line; DIR *dirp; - char *dpname; + const char *dpname; #if defined(HAVE_GRANTPT) /* Try to open /dev/ptmx. If that fails, fall through to old method. */ diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 95acf4a262..3f29ac892c 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -578,7 +578,7 @@ BOOL dir_check_ftype(connection_struct *conn,int mode,SMB_STRUCT_STAT *st,int di return True; } -static BOOL mangle_mask_match(connection_struct *conn, char *filename, char *mask) +static BOOL mangle_mask_match(connection_struct *conn, fstring filename, char *mask) { mangle_map(filename,True,False,SNUM(conn)); return mask_match(filename,mask,False); @@ -588,10 +588,10 @@ static BOOL mangle_mask_match(connection_struct *conn, char *filename, char *mas Get an 8.3 directory entry. ****************************************************************************/ -BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname, +BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype, pstring fname, SMB_OFF_T *size,int *mode,time_t *date,BOOL check_descend) { - char *dname; + const char *dname; BOOL found = False; SMB_STRUCT_STAT sbuf; pstring path; @@ -907,7 +907,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto) dirp->current = dirp->data; } - safe_strcpy(dirp->data+used,n, dirp->mallocsize - used - 1); + safe_strcpy_base(dirp->data+used,n, dirp->data, dirp->mallocsize); used += l; dirp->numentries++; } @@ -933,7 +933,7 @@ void CloseDir(void *p) Read from a directory. ********************************************************************/ -char *ReadDirName(void *p) +const char *ReadDirName(void *p) { char *ret; Dir *dirp = (Dir *)p; @@ -1008,7 +1008,7 @@ static ubi_dlNewList( dir_cache ); Output: None. *****************************************************************************/ -void DirCacheAdd( const char *path, char *name, char *dname, int snum ) +void DirCacheAdd( const char *path, const char *name, const char *dname, int snum ) { int pathlen; int namelen; diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 7d3527402e..ad707a2b9d 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -39,7 +39,7 @@ static BOOL scan_directory(const char *path, char *name,size_t maxlength, This needs to be careful about whether we are case sensitive. ****************************************************************************/ -static BOOL fname_equal(char *name1, char *name2) +static BOOL fname_equal(const char *name1, const char *name2) { /* Normal filename handling */ if (case_sensitive) @@ -52,7 +52,7 @@ static BOOL fname_equal(char *name1, char *name2) Mangle the 2nd name and check if it is then equal to the first name. ****************************************************************************/ -static BOOL mangled_equal(char *name1, const char *name2, int snum) +static BOOL mangled_equal(const char *name1, const char *name2, int snum) { pstring tmpname; @@ -439,7 +439,7 @@ static BOOL scan_directory(const char *path, char *name, size_t maxlength, connection_struct *conn,BOOL docache) { void *cur_dir; - char *dname; + const char *dname; BOOL mangled; mangled = mangle_is_mangled(name); diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c index f5c703a5bf..c5d7582c03 100644 --- a/source3/smbd/mangle.c +++ b/source3/smbd/mangle.c @@ -107,7 +107,7 @@ BOOL mangle_check_cache(char *s) map a long filename to a 8.3 name. */ -void mangle_map(char *OutName, BOOL need83, BOOL cache83, int snum) +void mangle_map(pstring OutName, BOOL need83, BOOL cache83, int snum) { /* name mangling can be disabled for speed, in which case we just truncate the string */ diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c index eda509214d..cdce28e1bd 100644 --- a/source3/smbd/mangle_hash2.c +++ b/source3/smbd/mangle_hash2.c @@ -484,7 +484,7 @@ static BOOL is_legal_name(const char *name) the name parameter must be able to hold 13 bytes */ -static void name_map(char *name, BOOL need83, BOOL cache83) +static void name_map(fstring name, BOOL need83, BOOL cache83) { char *dot_p; char lead_chars[7]; diff --git a/source3/smbd/mangle_map.c b/source3/smbd/mangle_map.c index 5ae3ebd174..9e798fd41b 100644 --- a/source3/smbd/mangle_map.c +++ b/source3/smbd/mangle_map.c @@ -201,7 +201,7 @@ static void mangled_map(char *s, const char *MangledMap) front end routine to the mangled map code personally I think that the whole idea of "mangled map" is completely bogus */ -void mangle_map_filename(char *fname, int snum) +void mangle_map_filename(fstring fname, int snum) { char *map; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 71e880476c..ff1c0e5a52 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1305,7 +1305,7 @@ NTSTATUS unlink_internals(connection_struct *conn, int dirtype, char *name) } } else { void *dirptr = NULL; - char *dname; + const char *dname; if (check_name(directory,conn)) dirptr = OpenDir(conn, directory, True); @@ -2861,7 +2861,7 @@ int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, static BOOL recursive_rmdir(connection_struct *conn, char *directory) { - char *dname = NULL; + const char *dname = NULL; BOOL ret = False; void *dirptr = OpenDir(conn, directory, False); @@ -2926,7 +2926,7 @@ BOOL rmdir_internals(connection_struct *conn, char *directory) * do a recursive delete) then fail the rmdir. */ BOOL all_veto_files = True; - char *dname; + const char *dname; void *dirptr = OpenDir(conn, directory, False); if(dirptr != NULL) { @@ -3285,7 +3285,7 @@ directory = %s, newname = %s, newname_last_component = %s, is_8_3 = %d\n", * Wildcards - process each file that matches. */ void *dirptr = NULL; - char *dname; + const char *dname; pstring destname; if (check_name(directory,conn)) @@ -3574,7 +3574,7 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, } } else { void *dirptr = NULL; - char *dname; + const char *dname; pstring destname; if (check_name(directory,conn)) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index bea09e9e37..5d85cae907 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -460,7 +460,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, BOOL *out_of_space, BOOL *got_exact_match, int *last_name_off) { - char *dname; + const char *dname; BOOL found = False; SMB_STRUCT_STAT sbuf; pstring mask; @@ -1173,7 +1173,8 @@ resume_key = %d resume name = %s continue=%d level = %d\n", */ int current_pos, start_pos; - char *dname = NULL; + const char *dname = NULL; + pstring dname_pstring; void *dirptr = conn->dirptr; start_pos = TellDir(dirptr); for(current_pos = start_pos; current_pos >= 0; current_pos--) { @@ -1181,7 +1182,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n", SeekDir(dirptr, current_pos); dname = ReadDirName(dirptr); - + if (dname) { /* * Remember, mangle_map is called by * get_lanman2_dir_entry(), so the resume name @@ -1189,15 +1190,18 @@ resume_key = %d resume name = %s continue=%d level = %d\n", * here. */ - if(dname != NULL) - mangle_map( dname, False, True, SNUM(conn)); + /* make sure we get a copy that mangle_map can modify */ + + pstrcpy(dname_pstring, dname); + mangle_map( dname_pstring, False, True, SNUM(conn)); - if(dname && strcsequal( resume_name, dname)) { + if(strcsequal( resume_name, dname_pstring)) { SeekDir(dirptr, current_pos+1); DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 )); break; } } + } /* * Scan forward from start if not found going backwards. @@ -1215,14 +1219,18 @@ resume_key = %d resume name = %s continue=%d level = %d\n", * here. */ - if(dname != NULL) - mangle_map( dname, False, True, SNUM(conn)); + if(dname) { + /* make sure we get a copy that mangle_map can modify */ - if(dname && strcsequal( resume_name, dname)) { + pstrcpy(dname_pstring, dname); + mangle_map(dname_pstring, False, True, SNUM(conn)); + + if(strcsequal( resume_name, dname_pstring)) { SeekDir(dirptr, current_pos+1); DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 )); break; } + } } /* end for */ } /* end if current_pos */ } /* end if requires_resume_key && !continue_bit */ @@ -1269,7 +1277,6 @@ resume_key = %d resume name = %s continue=%d level = %d\n", dptr_close(&dptr_num); /* This frees up the saved mask */ } - /* Set up the return parameter block */ SSVAL(params,0,numentries); SSVAL(params,2,finished); |