From 82176f4d85225c2aae15f9ce3e03730f019934f5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 Jul 2002 06:34:27 +0000 Subject: Address the string_sub problem by changing len = 0 to mean "no expand". Went through and checked all string_subs I could to ensure they're being used correctly. Jeremy. (This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87) --- source3/auth/auth_domain.c | 2 +- source3/auth/auth_server.c | 2 +- source3/auth/pampass.c | 2 +- source3/lib/substitute.c | 86 ++++++++++++++++++++++++------------- source3/lib/util_str.c | 32 +++++++++----- source3/msdfs/msdfs.c | 14 +++--- source3/param/loadparm.c | 14 +++--- source3/printing/lpq_parse.c | 16 +++---- source3/printing/print_generic.c | 2 +- source3/rpc_server/srv_spoolss_nt.c | 2 +- source3/rpc_server/srv_srvsvc_nt.c | 8 ++-- source3/smbd/lanman.c | 10 ++--- source3/smbd/message.c | 2 +- source3/smbd/service.c | 10 ++--- 14 files changed, 121 insertions(+), 81 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 9997507757..f9f250c26a 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -69,7 +69,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, fstrcpy(remote_machine, server); } - standard_sub_basic(current_user_info.smb_name, remote_machine); + standard_sub_basic(current_user_info.smb_name, remote_machine, sizeof(remote_machine)); strupper(remote_machine); if(!resolve_name( remote_machine, &dest_ip, 0x20)) { diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 919cc8d3d8..23faedc0ba 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -49,7 +49,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { - standard_sub_basic(current_user_info.smb_name, desthost); + standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost)); strupper(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 211e8bce15..1a3e55dd44 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -186,7 +186,7 @@ static void special_char_sub(char *buf) static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass) { - pstring_sub(buf, "%u", username); + fstring_sub(buf, "%u", username); all_string_sub(buf, "%o", oldpass, sizeof(fstring)); all_string_sub(buf, "%n", newpass, sizeof(fstring)); } diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 439263dd23..dbd382a942 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -160,9 +160,11 @@ static char *automount_server(const char *user_name) /**************************************************************************** Do some standard substitutions in a string. + len is the length in bytes of the space allowed in string str. If zero means + don't allow expansions. ****************************************************************************/ -void standard_sub_basic(const char *smb_name, char *str) +void standard_sub_basic(const char *smb_name, char *str,size_t len) { char *p, *s; fstring pidstr; @@ -171,7 +173,10 @@ void standard_sub_basic(const char *smb_name, char *str) for (s=str; (p=strchr_m(s, '%'));s=p) { fstring tmp_str; - int l = sizeof(pstring) - (int)(p-str); + int l = (int)len - (int)(p-str); + + if (l < 0) + l = 0; switch (*(p+1)) { case 'U' : @@ -192,26 +197,43 @@ void standard_sub_basic(const char *smb_name, char *str) strupper(tmp_str); string_sub(p,"%D", tmp_str,l); break; - case 'I' : string_sub(p,"%I", client_addr(),l); break; + case 'I' : + string_sub(p,"%I", client_addr(),l); + break; case 'L' : - if (*local_machine) { + if (*local_machine) string_sub(p,"%L", local_machine,l); - } else { + else string_sub(p,"%L", global_myname,l); - } break; - case 'M' : string_sub(p,"%M", client_name(),l); break; - case 'R' : string_sub(p,"%R", remote_proto,l); break; - case 'T' : string_sub(p,"%T", timestring(False),l); break; - case 'a' : string_sub(p,"%a", remote_arch,l); break; + case 'M' : + string_sub(p,"%M", client_name(),l); + break; + case 'R' : + string_sub(p,"%R", remote_proto,l); + break; + case 'T' : + string_sub(p,"%T", timestring(False),l); + break; + case 'a' : + string_sub(p,"%a", remote_arch,l); + break; case 'd' : slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid()); string_sub(p,"%d", pidstr,l); break; - case 'h' : string_sub(p,"%h", myhostname(),l); break; - case 'm' : string_sub(p,"%m", remote_machine,l); break; - case 'v' : string_sub(p,"%v", VERSION,l); break; - case '$' : p += expand_env_var(p,l); break; /* Expand environment variables */ + case 'h' : + string_sub(p,"%h", myhostname(),l); + break; + case 'm' : + string_sub(p,"%m", remote_machine,l); + break; + case 'v' : + string_sub(p,"%v", VERSION,l); + break; + case '$' : + p += expand_env_var(p,l); + break; /* Expand environment variables */ case '\0': p++; break; /* don't run off the end of the string */ @@ -228,30 +250,32 @@ void standard_sub_basic(const char *smb_name, char *str) static void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, - const char *smb_name, char *str) + const char *smb_name, char *str, size_t len) { char *p, *s, *home; for (s=str; (p=strchr_m(s, '%'));s=p) { - int l = sizeof(pstring) - (int)(p-str); - + int l = (int)len - (int)(p-str); + + if (l < 0) + l = 0; + switch (*(p+1)) { - case 'N' : string_sub(p,"%N", automount_server(user),l); break; + case 'N' : + string_sub(p,"%N", automount_server(user),l); + break; case 'H': - if ((home = get_user_home_dir(user))) { + if ((home = get_user_home_dir(user))) string_sub(p,"%H",home, l); - } else { + else p += 2; - } break; case 'P': string_sub(p,"%P", connectpath, l); break; - case 'S': string_sub(p,"%S", lp_servicename(snum), l); break; - case 'g': string_sub(p,"%g", gidtoname(gid), l); break; @@ -278,7 +302,7 @@ static void standard_sub_advanced(int snum, const char *user, } } - standard_sub_basic(smb_name, str); + standard_sub_basic(smb_name, str, len); } const char *standard_sub_specified(TALLOC_CTX *mem_ctx, const char *input_string, @@ -328,8 +352,7 @@ const char *standard_sub_specified(TALLOC_CTX *mem_ctx, const char *input_string } } - standard_sub_basic(username, input_pstring); - + standard_sub_basic(username, input_pstring, sizeof(pstring)); return talloc_strdup(mem_ctx, input_pstring); } @@ -337,16 +360,17 @@ const char *standard_sub_specified(TALLOC_CTX *mem_ctx, const char *input_string Do some standard substitutions in a string. ****************************************************************************/ -void standard_sub_conn(connection_struct *conn, char *str) +void standard_sub_conn(connection_struct *conn, char *str, size_t len) { - standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, current_user_info.smb_name, str); + standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, + conn->gid, current_user_info.smb_name, str, len); } /**************************************************************************** Like standard_sub but by snum. ****************************************************************************/ -void standard_sub_snum(int snum, char *str) +void standard_sub_snum(int snum, char *str, size_t len) { extern struct current_user current_user; static uid_t cached_uid = -1; @@ -359,6 +383,6 @@ void standard_sub_snum(int snum, char *str) cached_uid = current_user.uid; } - standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str); + standard_sub_advanced(snum, cached_user, "", -1, + current_user_info.smb_name, str, len); } - diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index eac3ebe929..9b4282c6e0 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -650,23 +650,30 @@ This routine looks for pattern in s and replaces it with insert. It may do multiple replacements. any of " ; ' $ or ` in the insert string are replaced with _ -if len==0 then no length check is performed +if len==0 then the string cannot be extended. This is different from the old +use of len==0 which was for no length checks to be done. ****************************************************************************/ + void string_sub(char *s,const char *pattern,const char *insert, size_t len) { char *p; ssize_t ls,lp,li, i; - if (!insert || !pattern || !s) return; + if (!insert || !pattern || !s) + return; ls = (ssize_t)strlen(s); lp = (ssize_t)strlen(pattern); li = (ssize_t)strlen(insert); - if (!*pattern) return; + if (!*pattern) + return; + + if (len == 0) + len = ls; while (lp <= ls && (p = strstr(s,pattern))) { - if (len && (ls + (li-lp) >= len)) { + if (ls + (li-lp) >= len) { DEBUG(0,("ERROR: string overflow by %d in string_sub(%.50s, %d)\n", (int)(ls + (li-lp) - len), pattern, (int)len)); @@ -709,23 +716,30 @@ void pstring_sub(char *s,const char *pattern,const char *insert) /**************************************************************************** similar to string_sub() but allows for any character to be substituted. Use with caution! -if len==0 then no length check is performed +if len==0 then the string cannot be extended. This is different from the old +use of len==0 which was for no length checks to be done. ****************************************************************************/ + void all_string_sub(char *s,const char *pattern,const char *insert, size_t len) { char *p; ssize_t ls,lp,li; - if (!insert || !pattern || !s) return; + if (!insert || !pattern || !s) + return; ls = (ssize_t)strlen(s); lp = (ssize_t)strlen(pattern); li = (ssize_t)strlen(insert); - if (!*pattern) return; + if (!*pattern) + return; + + if (len == 0) + len = ls; while (lp <= ls && (p = strstr(s,pattern))) { - if (len && (ls + (li-lp) >= len)) { + if (ls + (li-lp) >= len) { DEBUG(0,("ERROR: string overflow by %d in all_string_sub(%.50s, %d)\n", (int)(ls + (li-lp) - len), pattern, (int)len)); @@ -743,10 +757,8 @@ void all_string_sub(char *s,const char *pattern,const char *insert, size_t len) /**************************************************************************** similar to all_string_sub but for unicode strings. return a new allocate unicode string. -len is the number of bytes, not chars similar to string_sub() but allows for any character to be substituted. Use with caution! - if len==0 then no length check is performed ****************************************************************************/ smb_ucs2_t *all_string_sub_w(const smb_ucs2_t *s, const smb_ucs2_t *pattern, diff --git a/source3/msdfs/msdfs.c b/source3/msdfs/msdfs.c index 1af848b55a..3e66c1c10c 100644 --- a/source3/msdfs/msdfs.c +++ b/source3/msdfs/msdfs.c @@ -80,13 +80,12 @@ static BOOL parse_dfs_path(char* pathname, struct dfs_path* pdp) Fake up a connection struct for the VFS layer. *********************************************************/ -static BOOL create_conn_struct( connection_struct *conn, int snum, - char *path) +static BOOL create_conn_struct( connection_struct *conn, int snum, char *path) { ZERO_STRUCTP(conn); conn->service = snum; conn->connectpath = path; - pstring_sub(conn->connectpath, "%S", lp_servicename(snum)); + pstring_sub(conn->connectpath , "%S", lp_servicename(snum)); if (!smbd_vfs_init(conn)) { DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n")); @@ -335,6 +334,7 @@ BOOL get_referred_path(char *pathname, struct junction_map* jn, struct connection_struct conns; struct connection_struct* conn = &conns; + pstring conn_path; int snum; BOOL self_referral = False; @@ -371,7 +371,8 @@ BOOL get_referred_path(char *pathname, struct junction_map* jn, return False; } - if (!create_conn_struct(conn, snum, lp_pathname(snum))) + pstrcpy(conn_path, lp_pathname(snum)); + if (!create_conn_struct(conn, snum, conn_path)) return False; if (!lp_msdfs_root(SNUM(conn))) { @@ -701,10 +702,12 @@ BOOL create_junction(char* pathname, struct junction_map* jn) /********************************************************************** Forms a valid Unix pathname from the junction **********************************************************************/ + static BOOL junction_to_local_path(struct junction_map* jn, char* path, int max_pathlen, connection_struct *conn) { int snum; + pstring conn_path; if(!path || !jn) return False; @@ -718,7 +721,8 @@ static BOOL junction_to_local_path(struct junction_map* jn, char* path, strlower(jn->volume_name); safe_strcat(path, jn->volume_name, max_pathlen-1); - if (!create_conn_struct(conn, snum, lp_pathname(snum))) + pstrcpy(conn_path, lp_pathname(snum)); + if (!create_conn_struct(conn, snum, conn_path)) return False; return True; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 5051d67d34..e8f5d84d3c 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1409,7 +1409,7 @@ static char *lp_string(const char *s) trim_string(ret, "\"", "\""); - standard_sub_basic(current_user_info.smb_name,ret); + standard_sub_basic(current_user_info.smb_name,ret,len+100); return (ret); } @@ -2263,7 +2263,7 @@ BOOL lp_file_list_changed(void) time_t mod_time; pstrcpy(n2, f->name); - standard_sub_basic(current_user_info.smb_name, n2); + standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2)); DEBUGADD(6, ("file %s -> %s last mod_time: %s\n", f->name, n2, ctime(&f->modtime))); @@ -2296,7 +2296,7 @@ static BOOL handle_netbios_name(char *pszParmValue, char **ptr) pstrcpy(netbios_name, pszParmValue); - standard_sub_basic(current_user_info.smb_name, netbios_name); + standard_sub_basic(current_user_info.smb_name, netbios_name,sizeof(netbios_name)); strupper(netbios_name); pstrcpy(global_myname, netbios_name); @@ -2378,7 +2378,7 @@ static BOOL handle_source_env(char *pszParmValue, char **ptr) pstrcpy(fname, pszParmValue); - standard_sub_basic(current_user_info.smb_name, fname); + standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname)); string_set(ptr, pszParmValue); @@ -2436,7 +2436,7 @@ static BOOL handle_include(char *pszParmValue, char **ptr) pstring fname; pstrcpy(fname, pszParmValue); - standard_sub_basic(current_user_info.smb_name, fname); + standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname)); add_to_file_list(pszParmValue, fname); @@ -3518,7 +3518,7 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, param_opt_struct *data, *pdata; pstrcpy(n2, pszFname); - standard_sub_basic(current_user_info.smb_name, n2); + standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2)); add_to_file_list(pszFname, n2); @@ -3653,7 +3653,7 @@ int lp_servicenumber(const char *pszServiceName) * service names */ fstrcpy(serviceName, ServicePtrs[iService]->szService); - standard_sub_basic(current_user_info.smb_name, serviceName); + standard_sub_basic(current_user_info.smb_name, serviceName,sizeof(serviceName)); if (strequal(serviceName, pszServiceName)) break; } diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c index 9d8b1cc2aa..5deb85425e 100644 --- a/source3/printing/lpq_parse.c +++ b/source3/printing/lpq_parse.c @@ -314,7 +314,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) int count=0; /* handle the case of "(standard input)" as a filename */ - pstring_sub(line,"standard input","STDIN"); + string_sub(line,"standard input","STDIN",0); all_string_sub(line,"(","\"",0); all_string_sub(line,")","\"",0); @@ -431,7 +431,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first) } if (!header_line_ok) return (False); /* incorrect header line */ /* handle the case of "(standard input)" as a filename */ - pstring_sub(line,"standard input","STDIN"); + string_sub(line,"standard input","STDIN",0); all_string_sub(line,"(","\"",0); all_string_sub(line,")","\"",0); @@ -469,7 +469,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first) else if (base_prio) base_prio_reset=False; /* handle the dash in the job id */ - pstring_sub(line,"-"," "); + string_sub(line,"-"," ",0); for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; @@ -593,14 +593,14 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first) DEBUG(4,("antes [%s]\n", line)); /* handle the case of "-- standard input --" as a filename */ - pstring_sub(line,"standard input","STDIN"); + string_sub(line,"standard input","STDIN",0); DEBUG(4,("despues [%s]\n", line)); all_string_sub(line,"-- ","\"",0); all_string_sub(line," --","\"",0); DEBUG(4,("despues 1 [%s]\n", line)); - pstring_sub(line,"[job #",""); - pstring_sub(line,"]",""); + string_sub(line,"[job #","",0); + string_sub(line,"]","",0); DEBUG(4,("despues 2 [%s]\n", line)); @@ -656,7 +656,7 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first) int count=0; /* handle the case of "(standard input)" as a filename */ - pstring_sub(line,"stdin","STDIN"); + string_sub(line,"stdin","STDIN",0); all_string_sub(line,"(","\"",0); all_string_sub(line,")","\"",0); @@ -726,7 +726,7 @@ static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first) int count=0; /* mung all the ":"s to spaces*/ - pstring_sub(line,":"," "); + string_sub(line,":"," ",0); for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c index e1517c5dcb..a32521c721 100644 --- a/source3/printing/print_generic.c +++ b/source3/printing/print_generic.c @@ -78,7 +78,7 @@ static int print_run_command(int snum,char *command, int *outfd, ...) p = PRINTERNAME(snum); pstring_sub(syscmd, "%p", p); - standard_sub_snum(snum,syscmd); + standard_sub_snum(snum,syscmd,sizeof(syscmd)); ret = smbrun(syscmd,outfd); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 7e793c1e1d..9b17bdb7ee 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -5051,7 +5051,7 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer) get_called_name()); /* change \ to \\ for the shell */ all_string_sub(driverlocation,"\\","\\\\",sizeof(pstring)); - standard_sub_basic(current_user_info.smb_name, remote_machine); + standard_sub_basic(current_user_info.smb_name, remote_machine,sizeof(remote_machine)); slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"", cmd, printer->info_2->printername, printer->info_2->sharename, diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index e8fe603ed8..b5f6bd2f07 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -41,7 +41,7 @@ static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int sn pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark,sizeof(remark)); len_net_name = strlen(net_name); /* work out the share type */ @@ -73,7 +73,7 @@ static void init_srv_share_info_2(pipes_struct *p, SRV_SHARE_INFO_2 *sh2, int sn pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark,sizeof(remark)); pstrcpy(path, "C:"); pstrcat(path, lp_pathname(snum)); @@ -357,7 +357,7 @@ static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark, sizeof(remark)); len_net_name = strlen(net_name); @@ -396,7 +396,7 @@ static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, pstrcpy(net_name, lp_servicename(snum)); pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark); + standard_sub_conn(p->conn, remark,sizeof(remark)); pstrcpy(path, "C:"); pstrcat(path, lp_pathname(snum)); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 3eca6695d2..217bb6a613 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -71,7 +71,7 @@ static int CopyExpanded(connection_struct *conn, StrnCpy(buf,src,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); + standard_sub_conn(conn,buf,sizeof(buf)); l = push_ascii(*dst,buf,*n-1, STR_TERMINATE); (*dst) += l; (*n) -= l; @@ -94,7 +94,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char* s) if (!s) return(0); StrnCpy(buf,s,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); + standard_sub_conn(conn,buf,sizeof(buf)); return strlen(buf) + 1; } @@ -104,7 +104,7 @@ static char* Expand(connection_struct *conn, int snum, char* s) if (!s) return(NULL); StrnCpy(buf,s,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); + standard_sub_conn(conn,buf,sizeof(buf)); return &buf[0]; } @@ -2451,7 +2451,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par SIVAL(p,6,0); } else { SIVAL(p,6,PTR_DIFF(p2,*rdata)); - standard_sub_conn(conn,comment); + standard_sub_conn(conn,comment,sizeof(comment)); StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0)); p2 = skip_string(p2,1); } @@ -2860,7 +2860,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SSVALS(p,104,-1); /* num_logons */ SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ pstrcpy(p2,"\\\\%L"); - standard_sub_conn(conn, p2); + standard_sub_conn(conn, p2,0); p2 = skip_string(p2,1); SSVAL(p,110,49); /* country_code */ SSVAL(p,112,860); /* code page */ diff --git a/source3/smbd/message.c b/source3/smbd/message.c index c2eb16c99e..ba646f12aa 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -85,7 +85,7 @@ static void msg_deliver(void) pstrcpy(s,lp_msg_command()); pstring_sub(s,"%f",alpha_strcpy(alpha_msgfrom,msgfrom,NULL,sizeof(alpha_msgfrom))); pstring_sub(s,"%t",alpha_strcpy(alpha_msgto,msgto,NULL,sizeof(alpha_msgto))); - standard_sub_basic(current_user_info.smb_name, s); + standard_sub_basic(current_user_info.smb_name, s, sizeof(s)); pstring_sub(s,"%s",name); smbrun(s,NULL); } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 590e4cedfc..0fec7b24a9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -518,7 +518,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, { pstring s; pstrcpy(s,lp_pathname(snum)); - standard_sub_conn(conn,s); + standard_sub_conn(conn,s,sizeof(s)); string_set(&conn->connectpath,s); DEBUG(3,("Connect path is %s\n",s)); } @@ -584,7 +584,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, int ret; pstring cmd; pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { @@ -613,7 +613,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, int ret; pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); @@ -859,7 +859,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); smbrun(cmd,NULL); change_to_root_user(); } @@ -869,7 +869,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); smbrun(cmd,NULL); } -- cgit