From a25203818798f823d3a08134fa9d89118bc9adc3 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 5 Feb 2007 15:16:30 +0000 Subject: r21151: applying patches for CVE-2007-045[34] (This used to be commit 1d46b2ae3447b3521987b2ab1064a6ea314cfa07) --- source3/modules/vfs_afsacl.c | 2 +- source3/nsswitch/winbind_nss_solaris.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index e7650fe457..43fa537d73 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -901,7 +901,7 @@ static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, ZERO_STRUCT(dir_acl); ZERO_STRUCT(file_acl); - pstr_sprintf(name, fsp->fsp_name); + pstrcpy(name, fsp->fsp_name); if (!fsp->is_directory) { /* We need to get the name of the directory containing the diff --git a/source3/nsswitch/winbind_nss_solaris.c b/source3/nsswitch/winbind_nss_solaris.c index 04f464a798..3b069d339f 100644 --- a/source3/nsswitch/winbind_nss_solaris.c +++ b/source3/nsswitch/winbind_nss_solaris.c @@ -493,7 +493,8 @@ _nss_winbind_ipnodes_getbyname(nss_backend_t* be, void *args) af = AF_INET6; #endif - strncpy(request.data.winsreq, argp->key.name, strlen(argp->key.name)) ; + strncpy(request.data.winsreq, argp->key.name, sizeof(request.data.winsreq) - 1); + request.data.winsreq[sizeof(request.data.winsreq) - 1] = '\0'; if( (ret = winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response)) == NSS_STATUS_SUCCESS ) { @@ -515,7 +516,8 @@ _nss_winbind_hosts_getbyname(nss_backend_t* be, void *args) ZERO_STRUCT(response); ZERO_STRUCT(request); - strncpy(request.data.winsreq, argp->key.name, strlen(argp->key.name)); + strncpy(request.data.winsreq, argp->key.name, sizeof(request.data.winsreq) - 1); + request.data.winsreq[sizeof(request.data.winsreq) - 1] = '\0'; if( (ret = winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response)) == NSS_STATUS_SUCCESS ) { -- cgit