From 60e08bd35e78bff3a395090c1d41bb16da0252a5 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 9 Jul 1999 01:59:22 +0000 Subject: Hived off string routines into a separate file. (This used to be commit 4929513f1376d72409c1e5a39f723d1d2bd81dc0) --- source3/include/safe_string.h | 45 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 source3/include/safe_string.h (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h new file mode 100644 index 0000000000..3b2f2c32d6 --- /dev/null +++ b/source3/include/safe_string.h @@ -0,0 +1,45 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Safe string handling routines. + Copyright (C) Andrew Tridgell 1994-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _SAFE_STRING_H +#define _SAFE_STRING_H + +#ifdef strcpy +#undef strcpy +#endif /* strcpy */ +#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___; + +#ifdef strcat +#undef strcat +#endif /* strcat */ +#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___; + +#ifdef sprintf +#undef sprintf +#endif /* sprintf */ +#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; + +#define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1) +#define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1) +#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) +#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) + +#endif -- cgit From 32a965e09ce4befe971855e11e1fb5ceb51a9ed1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:35:20 +0000 Subject: 2nd phase of head branch sync with SAMBA_2_0 - this delets all the files that were in the head branch but weren't in SAMBA_2_0 (This used to be commit d7b208786590b5a28618590172b8d523627dda09) --- source3/include/safe_string.h | 45 ------------------------------------------- 1 file changed, 45 deletions(-) delete mode 100644 source3/include/safe_string.h (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h deleted file mode 100644 index 3b2f2c32d6..0000000000 --- a/source3/include/safe_string.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Safe string handling routines. - Copyright (C) Andrew Tridgell 1994-1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _SAFE_STRING_H -#define _SAFE_STRING_H - -#ifdef strcpy -#undef strcpy -#endif /* strcpy */ -#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___; - -#ifdef strcat -#undef strcat -#endif /* strcat */ -#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___; - -#ifdef sprintf -#undef sprintf -#endif /* sprintf */ -#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; - -#define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1) -#define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1) -#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) -#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) - -#endif -- cgit From 04f7d80ac358520c0d6e351f790f59208853130a Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Feb 2000 04:47:50 +0000 Subject: Busting up of source/include/smb.h into smaller pieces which can be #included by VFS modules without bringing in too much other junk. (This used to be commit 13a2cf80f65156e725a5716e62a4c44e70f5340f) --- source3/include/safe_string.h | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 source3/include/safe_string.h (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h new file mode 100644 index 0000000000..2c3d2eda01 --- /dev/null +++ b/source3/include/safe_string.h @@ -0,0 +1,50 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Safe string handling routines. + Copyright (C) Andrew Tridgell 1994-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _SAFE_STRING_H +#define _SAFE_STRING_H + +#ifdef strcpy +#undef strcpy +#endif /* strcpy */ +#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___; + +#ifdef strcat +#undef strcat +#endif /* strcat */ +#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___; + +#ifdef sprintf +#undef sprintf +#endif /* sprintf */ +#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; + +#define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1) +#define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1) +#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) +#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) + +#define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring)) +#define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring)) +#define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) +#define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) + +#endif -- cgit From fd46817f0b20c633c80dee70a29cf7478e2dfd68 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Feb 2001 19:21:18 +0000 Subject: Excise snprintf -> slprintf. srv_samr.c: duplicate gid fix. srv_spoolss_nt.c: Merge of JF's work. uid.c: Fix for returning names when a PDC. Jeremy. (This used to be commit d938ad6963a2dd4eda930d508600ec1902dc2b16) --- source3/include/safe_string.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 2c3d2eda01..815939d154 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -37,6 +37,11 @@ #endif /* sprintf */ #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; +#ifdef snprintf +#undef snprintf +#endif /* snprintf */ +#define snprintf __ERROR__XX__NEVER_USE_SNPRINTF___; + #define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1) #define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) -- cgit From d095b5249cf9e1496ad5a3d6b5acb77af2c587a7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 28 Apr 2001 13:49:34 +0000 Subject: - added test for vasprintf - cleaned up GNUC printf attribute macros - added enum handling in mkproto - removed non-vararg code - made slprintf and vslprintf just macros for snprintf and vsnprintf - don't need slprintf code any more (This used to be commit c7aeb2254dfc3cd0aa0b6c0bdd426f9323be0ddf) --- source3/include/safe_string.h | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 815939d154..2c3d2eda01 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -37,11 +37,6 @@ #endif /* sprintf */ #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; -#ifdef snprintf -#undef snprintf -#endif /* snprintf */ -#define snprintf __ERROR__XX__NEVER_USE_SNPRINTF___; - #define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1) #define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) -- cgit From 87fbb7092b8f8b2f0db0f361c3d625e19de57cd9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:15:53 +0000 Subject: The big character set handling changeover! This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a) --- source3/include/safe_string.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 2c3d2eda01..3e379c48df 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -47,4 +47,11 @@ #define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) #define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) +/* replace some standard C library string functions with multi-byte + versions */ +#define strchr(s, c) strchr_m(s, c) +#define strrchr(s, c) strrchr_m(s, c) +#define strlower(s) strlower_m(s) +#define strupper(s) strupper_m(s) + #endif -- cgit From 527e824293ee934ca5da0ef5424efe5ab7757248 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:36:09 +0000 Subject: strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf) --- source3/include/safe_string.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 3e379c48df..e609381a89 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -47,10 +47,8 @@ #define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) #define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) -/* replace some standard C library string functions with multi-byte +/* replace some string functions with multi-byte versions */ -#define strchr(s, c) strchr_m(s, c) -#define strrchr(s, c) strrchr_m(s, c) #define strlower(s) strlower_m(s) #define strupper(s) strupper_m(s) -- cgit From a276e917d89f84adadf047fedbfb52da70679138 Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Tue, 15 Jan 2002 02:10:50 +0000 Subject: Integrate with PSTRING_SANCTIFY. (This used to be commit 20a03facb6acf6329acc1645d4e9ead863a1a57c) --- source3/include/safe_string.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index e609381a89..c4f44c0a34 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -37,10 +37,10 @@ #endif /* sprintf */ #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; -#define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1) -#define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1) -#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) -#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) +#define pstrcpy(d,s) safe_strcpy(PSTR_MUTABLE(d), (s),sizeof(pstring)-1) +#define pstrcat(d,s) safe_strcat(PSTR_MUTABLE(d), (s),sizeof(pstring)-1) +#define fstrcpy(d,s) safe_strcpy(FSTR_MUTABLE(d),(s),sizeof(fstring)-1) +#define fstrcat(d,s) safe_strcat(FSTR_MUTABLE(d),(s),sizeof(fstring)-1) #define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring)) #define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring)) -- cgit From fed604bfa368a2bb1fed414e368d491e4c7d7005 Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Wed, 16 Jan 2002 02:42:07 +0000 Subject: Roll back PSTRING_SANCTIFY patch; just leave non-controversial type and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424) --- source3/include/safe_string.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index c4f44c0a34..a086d7495c 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -1,6 +1,5 @@ /* Unix SMB/Netbios implementation. - Version 1.9. Safe string handling routines. Copyright (C) Andrew Tridgell 1994-1998 @@ -37,10 +36,10 @@ #endif /* sprintf */ #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; -#define pstrcpy(d,s) safe_strcpy(PSTR_MUTABLE(d), (s),sizeof(pstring)-1) -#define pstrcat(d,s) safe_strcat(PSTR_MUTABLE(d), (s),sizeof(pstring)-1) -#define fstrcpy(d,s) safe_strcpy(FSTR_MUTABLE(d),(s),sizeof(fstring)-1) -#define fstrcat(d,s) safe_strcat(FSTR_MUTABLE(d),(s),sizeof(fstring)-1) +#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) +#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) +#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) +#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) #define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring)) #define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring)) -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/include/safe_string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index a086d7495c..9f64bc44e3 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -1,5 +1,5 @@ /* - Unix SMB/Netbios implementation. + Unix SMB/CIFS implementation. Safe string handling routines. Copyright (C) Andrew Tridgell 1994-1998 -- cgit From 1eb1433cf32d174ac411d25f2a98018163bfca6d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sat, 16 Feb 2002 19:44:18 +0000 Subject: Added some splint annotations from andreas. (This used to be commit 60e84540fd8c27975066f7c7984d30bc88f6da5f) --- source3/include/safe_string.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 9f64bc44e3..487174dec3 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -21,6 +21,11 @@ #ifndef _SAFE_STRING_H #define _SAFE_STRING_H +#ifndef _SPLINT_ /* http://www.splint.org */ + +/* Some macros to ensure people don't use buffer overflow vulnerable string + functions. */ + #ifdef strcpy #undef strcpy #endif /* strcpy */ @@ -36,6 +41,8 @@ #endif /* sprintf */ #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; +#endif /* !_SPLINT_ */ + #define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) #define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) -- cgit From 62299aa7475bad48ba3e230596f09e794c2b4ce5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Feb 2002 17:40:43 +0000 Subject: bcopy must DIE ! Stop people creeping use of bcopy back into the code (and yes I know who you are..... :-). Jeremy. (This used to be commit 330b0df960329bcf4696b8fa4a7357e6c456f74e) --- source3/include/safe_string.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 487174dec3..1ee97833c5 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -26,6 +26,11 @@ /* Some macros to ensure people don't use buffer overflow vulnerable string functions. */ +#ifdef bcopy +#undef bcopy +#endif /* bcopy */ +#define bcopy(src,dest,size) __ERROR__XX__NEVER_USE_BCOPY___; + #ifdef strcpy #undef strcpy #endif /* strcpy */ -- cgit From 5c820d063736507441921e7faf597b033095f0c7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 24 Apr 2002 01:17:40 +0000 Subject: Merged [fp]strterminate macros from HEAD to fix compile. (This used to be commit 9fe4363e15239d302c1caf58fe76614cf7a53778) --- source3/include/safe_string.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 1ee97833c5..118c2302bd 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -53,6 +53,9 @@ #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) #define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) +#define fstrterminate(d) (((d)[sizeof(fstring)-1]) = '\0') +#define pstrterminate(d) (((d)[sizeof(pstring)-1]) = '\0') + #define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring)) #define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring)) #define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) -- cgit From 27b7e51a3cc619f879655a3230611457ac43b9e7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 14 Jan 2003 08:53:59 +0000 Subject: Merge from HEAD: - fstring/pstring mixups - the detection code that found them (disabled) - a bit of whitespace - a static Andrew Bartlett (This used to be commit 9b70fa868e7d9481f584c83fc4046174e1dedfd9) --- source3/include/safe_string.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 118c2302bd..26bf6cdd6f 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -48,6 +48,25 @@ #endif /* !_SPLINT_ */ +char * __unsafe_string_function_usage_here__(void); + +#if 0 && defined __GNUC__ && __GNUC__ >= 2 && defined __OPTIMIZE__ + +#define pstrcpy(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d), (s),sizeof(pstring)-1)) +#define pstrcat(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d), (s),sizeof(pstring)-1)) +#define fstrcpy(d,s) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d),(s),sizeof(fstring)-1)) +#define fstrcat(d,s) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d),(s),sizeof(fstring)-1)) + +#define fstrterminate(d) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : (((d)[sizeof(fstring)-1]) = '\0')) +#define pstrterminate(d) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : (((d)[sizeof(pstring)-1]) = '\0')) + +#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcpy_w((d),(s),sizeof(wpstring))) +#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcat_w((d),(s),sizeof(wpstring))) +#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcpy_w((d),(s),sizeof(wfstring))) +#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcat_w((d),(s),sizeof(wfstring))) + +#else + #define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) #define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) @@ -61,6 +80,8 @@ #define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) #define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) +#endif + /* replace some string functions with multi-byte versions */ #define strlower(s) strlower_m(s) -- cgit From 8d563a985b1091b11554fb828700e57c18ac08fb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 10 Mar 2003 16:54:57 +0000 Subject: strcpy_base from HEAD and trivial fix for smbclient -L Volker (This used to be commit 54c99ee1fbaf4541fb3fa10a9b764da1367af6d3) --- source3/include/safe_string.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 26bf6cdd6f..431dc400aa 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -87,4 +87,13 @@ char * __unsafe_string_function_usage_here__(void); #define strlower(s) strlower_m(s) #define strupper(s) strupper_m(s) +/* the addition of the DEVELOPER checks in safe_strcpy means we must + * update a lot of code. To make this a little easier here are some + * functions that provide the lengths with less pain */ +#define pstrcpy_base(dest, src, pstring_base) \ + safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) + +#define push_pstring_base(dest, src, pstring_base) \ + push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) + #endif -- cgit From ad0d6509a761154c113e040a82ad78e72a3ccf30 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Mar 2003 22:56:13 +0000 Subject: Merge from HEAD: - Make ReadDirName return a const char*. - Consequential changes from that - mark our fstring/pstring assumptions in function prototypes Andrew Bartlett (This used to be commit 10b53d7c6fd77f23433dd2ef12bb14b227147a48) --- source3/include/safe_string.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 431dc400aa..95cf23df83 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -96,4 +96,7 @@ char * __unsafe_string_function_usage_here__(void); #define push_pstring_base(dest, src, pstring_base) \ push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) +#define safe_strcpy_base(dest, src, base, size) \ + safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) + #endif -- cgit From d332200c254b4bbf27461a37f9655bf42faa2b3a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Mar 2003 01:48:11 +0000 Subject: Merge in the developer string options from HEAD. We need to ensure 3.0 is as stable as possible in the string department and some pain now will help later :-). Jeremy. (This used to be commit 86e3eddac698d90f4666b8492b4603a4efbbd67b) --- source3/include/safe_string.h | 164 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 141 insertions(+), 23 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 95cf23df83..ad7b4139a3 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -48,29 +48,48 @@ #endif /* !_SPLINT_ */ +/* We need a number of different prototypes for our + non-existant fuctions */ char * __unsafe_string_function_usage_here__(void); -#if 0 && defined __GNUC__ && __GNUC__ >= 2 && defined __OPTIMIZE__ +size_t __unsafe_string_function_usage_here_size_t__(void); -#define pstrcpy(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d), (s),sizeof(pstring)-1)) -#define pstrcat(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d), (s),sizeof(pstring)-1)) -#define fstrcpy(d,s) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d),(s),sizeof(fstring)-1)) -#define fstrcat(d,s) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d),(s),sizeof(fstring)-1)) +size_t __unsafe_string_function_usage_here_char__(void); -#define fstrterminate(d) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : (((d)[sizeof(fstring)-1]) = '\0')) -#define pstrterminate(d) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : (((d)[sizeof(pstring)-1]) = '\0')) +#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS -#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcpy_w((d),(s),sizeof(wpstring))) -#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcat_w((d),(s),sizeof(wpstring))) -#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcpy_w((d),(s),sizeof(wfstring))) -#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcat_w((d),(s),sizeof(wfstring))) +/* if the compiler will optimize out function calls, then use this to tell if we are + have the correct types (this works only where sizeof() returns the size of the buffer, not + the size of the pointer). */ -#else +#define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *)) -#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) -#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) -#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) -#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) +#define fstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(fstring)) \ + ? __unsafe_string_function_usage_here_char__() \ + : (((d)[sizeof(fstring)-1]) = '\0')) +#define pstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(pstring)) \ + ? __unsafe_string_function_usage_here_char__() \ + : (((d)[sizeof(pstring)-1]) = '\0')) + +#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ + ? __unsafe_string_function_usage_here__() \ + : safe_strcpy_w((d),(s),sizeof(wpstring))) +#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ + ? __unsafe_string_function_usage_here__() \ + : safe_strcat_w((d),(s),sizeof(wpstring))) +#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ + ? __unsafe_string_function_usage_here__() \ + : safe_strcpy_w((d),(s),sizeof(wfstring))) +#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ + ? __unsafe_string_function_usage_here__() \ + : safe_strcat_w((d),(s),sizeof(wfstring))) + +#define push_pstring_base(dest, src, pstring_base) \ + (CHECK_STRING_SIZE(pstring_base, sizeof(pstring)) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE)) + +#else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ #define fstrterminate(d) (((d)[sizeof(fstring)-1]) = '\0') #define pstrterminate(d) (((d)[sizeof(pstring)-1]) = '\0') @@ -80,12 +99,10 @@ char * __unsafe_string_function_usage_here__(void); #define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) #define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) -#endif +#define push_pstring_base(dest, src, pstring_base) \ + push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) -/* replace some string functions with multi-byte - versions */ -#define strlower(s) strlower_m(s) -#define strupper(s) strupper_m(s) +#endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ /* the addition of the DEVELOPER checks in safe_strcpy means we must * update a lot of code. To make this a little easier here are some @@ -93,8 +110,109 @@ char * __unsafe_string_function_usage_here__(void); #define pstrcpy_base(dest, src, pstring_base) \ safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) -#define push_pstring_base(dest, src, pstring_base) \ - push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) +#define safe_strcpy_base(dest, src, base, size) \ + safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) + +/* String copy functions - macro hell below adds 'type checking' (limited, but the best we can + do in C) and may tag with function name/number to record the last 'clobber region' on + that string */ + +#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) +#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) +#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) +#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) + +/* the addition of the DEVELOPER checks in safe_strcpy means we must + * update a lot of code. To make this a little easier here are some + * functions that provide the lengths with less pain */ +#define pstrcpy_base(dest, src, pstring_base) \ + safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) + + +/* inside the _fn varients of these is a call to 'clobber_region' - which might + destory the stack on a buggy function. Help the debugging process by putting + the function and line it was last called from into a static buffer + + But only for developers */ + +#ifdef DEVELOPER +#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength) +#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(__FUNCTION__,__LINE__,dest,src,maxlength) +#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(__FUNCTION__,__LINE__,dest,src,maxlength) +#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, flags) +#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, src_len, flags) +#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, flags) +#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, src_len, flags) + +#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(__FUNCTION__,__LINE__,dest,src,other_safe_chars,maxlength) +#define StrnCpy(dest,src,n) StrnCpy_fn(__FUNCTION__,__LINE__,dest,src,n) + +#else + +#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(NULL,0,dest,src,maxlength) +#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(NULL,0,dest,src,maxlength) +#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(NULL,0,dest,src,maxlength) +#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, flags) +#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, src_len, flags) +#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, flags) +#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(NULL, 0, cli, dest, src, dest_len, src_len, flags) + +#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(NULL,0,dest,src,other_safe_chars,maxlength) +#define StrnCpy(dest,src,n) StrnCpy_fn(NULL,0,dest,src,n) +#endif /* DEVELOPER */ + + +#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS + +/* if the compiler will optimize out function calls, then use this to tell if we are + have the correct types (this works only where sizeof() returns the size of the buffer, not + the size of the pointer). */ + +#define safe_strcpy_fn2(fn_name, fn_line, d, s, max_len) \ + (CHECK_STRING_SIZE(d, max_len+1) \ + ? __unsafe_string_function_usage_here__() \ + : safe_strcpy_fn(fn_name, fn_line, (d), (s), (max_len))) + +#define safe_strcat_fn2(fn_name, fn_line, d, s, max_len) \ + (CHECK_STRING_SIZE(d, max_len+1) \ + ? __unsafe_string_function_usage_here__() \ + : safe_strcat_fn(fn_name, fn_line, (d), (s), (max_len))) + +#define push_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) + +#define pull_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : pull_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags)) + +#define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : clistr_push_fn(fn_name, fn_line, cli, dest, src, dest_len, flags)) + +#define clistr_pull_fn2(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags)) + +#else + +#define safe_strcpy_fn2 safe_strcpy_fn +#define safe_strcat_fn2 safe_strcat_fn +#define push_string_fn2 push_string_fn +#define pull_string_fn2 pull_string_fn +#define clistr_push_fn2 clistr_push_fn +#define clistr_pull_fn2 clistr_pull_fn + +#endif + +/* replace some string functions with multi-byte + versions */ +#define strlower(s) strlower_m(s) +#define strupper(s) strupper_m(s) #define safe_strcpy_base(dest, src, base, size) \ safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) -- cgit From d5ee9b2f480ddbda0b8f69409698d27c99384f9c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 18 Mar 2003 11:22:52 +0000 Subject: Jeremy merged across my string parinoia fixes, but forgot to enable them! :-) This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be) --- source3/include/safe_string.h | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index ad7b4139a3..61ef4bdf96 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -129,11 +129,17 @@ size_t __unsafe_string_function_usage_here_char__(void); safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) -/* inside the _fn varients of these is a call to 'clobber_region' - which might - destory the stack on a buggy function. Help the debugging process by putting - the function and line it was last called from into a static buffer - - But only for developers */ +/* Inside the _fn variants of these is a call to clobber_region(), - + * which might destroy the stack on a buggy function. We help the + * debugging process by putting the function and line who last caused + * a clobbering into a static buffer. If the program crashes at + * address 0xf1f1f1f1 then this function is probably, but not + * necessarily, to blame. */ + +/* overmalloc_safe_strcpy: DEPRECATED! Used when you know the + * destination buffer is longer than maxlength, but you don't know how + * long. This is not a good situation, because we can't do the normal + * sanity checks. Don't use in new code! */ #ifdef DEVELOPER #define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength) @@ -214,7 +220,4 @@ size_t __unsafe_string_function_usage_here_char__(void); #define strlower(s) strlower_m(s) #define strupper(s) strupper_m(s) -#define safe_strcpy_base(dest, src, base, size) \ - safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) - #endif -- cgit From 1f499a79f5468e87d26b60ffe3aa375b91cadbef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Mar 2003 13:47:42 +0000 Subject: (merge from HEAD) Small clenaup patches: - safe_string.h - don't assume that __FUNCTION__ is available - process.c - use new workaround from safe_string.h for the same - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc() - gencache.c - Keep valgrind quiet by always null terminating. - clistr.c - Add copyright - srvstr.h - move srvstr_push into a .c file again, as a real function. - srvstr.c - revive, with 'safe' checked srvstr_push - loadparm.c - set a default for the display charset. - connection.c - use safe_strcpy() Andrew Bartlett (This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac) --- source3/include/safe_string.h | 50 +++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 25 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 61ef4bdf96..f26a5785cb 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. Safe string handling routines. Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Andrew Bartlett 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -48,6 +49,14 @@ #endif /* !_SPLINT_ */ +#ifdef DEVELOPER +#define SAFE_STRING_FUNCTION_NAME FUNCTION_MACRO +#define SAFE_STRING_LINE __LINE__ +#else +#define SAFE_STRING_FUNCTION_NAME ("") +#define SAFE_STRING_LINE (0) +#endif + /* We need a number of different prototypes for our non-existant fuctions */ char * __unsafe_string_function_usage_here__(void); @@ -141,32 +150,17 @@ size_t __unsafe_string_function_usage_here_char__(void); * long. This is not a good situation, because we can't do the normal * sanity checks. Don't use in new code! */ -#ifdef DEVELOPER -#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength) -#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(__FUNCTION__,__LINE__,dest,src,maxlength) -#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(__FUNCTION__,__LINE__,dest,src,maxlength) -#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, flags) -#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, src_len, flags) -#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, flags) -#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, src_len, flags) - -#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(__FUNCTION__,__LINE__,dest,src,other_safe_chars,maxlength) -#define StrnCpy(dest,src,n) StrnCpy_fn(__FUNCTION__,__LINE__,dest,src,n) - -#else - -#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(NULL,0,dest,src,maxlength) -#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(NULL,0,dest,src,maxlength) -#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(NULL,0,dest,src,maxlength) -#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, flags) -#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, src_len, flags) -#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, flags) -#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(NULL, 0, cli, dest, src, dest_len, src_len, flags) - -#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(NULL,0,dest,src,other_safe_chars,maxlength) -#define StrnCpy(dest,src,n) StrnCpy_fn(NULL,0,dest,src,n) -#endif /* DEVELOPER */ +#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) +#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) +#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) +#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) +#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, src_len, flags) +#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) +#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) +#define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) +#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,other_safe_chars,maxlength) +#define StrnCpy(dest,src,n) StrnCpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,n) #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS @@ -204,6 +198,11 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags)) +#define srvstr_push_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : srvstr_push_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) + #else #define safe_strcpy_fn2 safe_strcpy_fn @@ -212,6 +211,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define pull_string_fn2 pull_string_fn #define clistr_push_fn2 clistr_push_fn #define clistr_pull_fn2 clistr_pull_fn +#define srvstr_push_fn2 srvstr_push_fn #endif -- cgit From 6387c98faf2e48c74059ea09f15aea1e942027e3 Mon Sep 17 00:00:00 2001 From: "Christopher R. Hertel" Date: Thu, 27 Mar 2003 05:17:28 +0000 Subject: The definition of pstrcpy_base(), and the preceeding comments, were given twice (probably a cut/paste error). (This used to be commit d9b799d8c35a7453e6ccb92b3fc4ec2ec510449a) --- source3/include/safe_string.h | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index f26a5785cb..df3633d91d 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -113,18 +113,12 @@ size_t __unsafe_string_function_usage_here_char__(void); #endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ -/* the addition of the DEVELOPER checks in safe_strcpy means we must - * update a lot of code. To make this a little easier here are some - * functions that provide the lengths with less pain */ -#define pstrcpy_base(dest, src, pstring_base) \ - safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) - #define safe_strcpy_base(dest, src, base, size) \ safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) -/* String copy functions - macro hell below adds 'type checking' (limited, but the best we can - do in C) and may tag with function name/number to record the last 'clobber region' on - that string */ +/* String copy functions - macro hell below adds 'type checking' (limited, + but the best we can do in C) and may tag with function name/number to + record the last 'clobber region' on that string */ #define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) #define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) -- cgit From 5cee22714c1fc418dc8a3e1770e9048071b892d9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 10 Jun 2003 17:30:28 +0000 Subject: Ok, I've tried being Mr. Nice Guy and people (you know who you are) still keep putting bzero BSD'ism's into our source code. Make this an error like bcopy and others to prevent it in future. Jeremy. (This used to be commit 80d043231626192db85f08ccea062b91fcf999cc) --- source3/include/safe_string.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index df3633d91d..9f908bc145 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -32,6 +32,11 @@ #endif /* bcopy */ #define bcopy(src,dest,size) __ERROR__XX__NEVER_USE_BCOPY___; +#ifdef bzero +#undef bzero +#endif /* bzero */ +#define bzero(dest,size) __ERROR__XX__NEVER_USE_BZERO_USE_MEMSET_INSTEAD___; + #ifdef strcpy #undef strcpy #endif /* strcpy */ -- cgit From d3688454185adc97bcdfd821b8c2641163aa392a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 11 Jun 2003 05:34:14 +0000 Subject: on AIX FD_ZERO() is defined in terms of bzero(), so we can't have the "don't use bzero" macros. In general I think it would be better to have a separate script that checks for deprecated functions like these using grep rather than using these cpp tricks. They just get us into trouble. (This used to be commit 2a227c880db0f233fb1f6dae5851450ea6020f3b) --- source3/include/safe_string.h | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 9f908bc145..df3633d91d 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -32,11 +32,6 @@ #endif /* bcopy */ #define bcopy(src,dest,size) __ERROR__XX__NEVER_USE_BCOPY___; -#ifdef bzero -#undef bzero -#endif /* bzero */ -#define bzero(dest,size) __ERROR__XX__NEVER_USE_BZERO_USE_MEMSET_INSTEAD___; - #ifdef strcpy #undef strcpy #endif /* strcpy */ -- cgit From ce72beb2b558d86fb49063c6b1fa00e07952ce56 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Jul 2003 19:11:31 +0000 Subject: Removed strupper/strlower macros that automatically map to strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959) --- source3/include/safe_string.h | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index df3633d91d..6656f4f6bb 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -209,9 +209,4 @@ size_t __unsafe_string_function_usage_here_char__(void); #endif -/* replace some string functions with multi-byte - versions */ -#define strlower(s) strlower_m(s) -#define strupper(s) strupper_m(s) - #endif -- cgit From dac11b890b3e81f8849340e582b7f397a612baba Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 23 Aug 2003 01:59:14 +0000 Subject: Half-way though the big conversion of all nmbd access to wire elements being converted to pull/push_ascii. This will not work right at the moment for non English codepages, but compiles - I will finish the work over the weekend. Then nmbd should be completely codepage correct. Jeremy. (This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8) --- source3/include/safe_string.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 6656f4f6bb..07578b2424 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -124,6 +124,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) #define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) +#define nstrcpy(d,s) safe_strcpy((d), (s),sizeof(nstring)-1) /* the addition of the DEVELOPER checks in safe_strcpy means we must * update a lot of code. To make this a little easier here are some -- cgit From bb0598faf58679a7ad26a1caab8eadb154a07ae2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Oct 2003 23:38:20 +0000 Subject: Put strcasecmp/strncasecmp on the banned list (except for needed calls in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace) --- source3/include/safe_string.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 07578b2424..cb3f37c484 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -47,6 +47,20 @@ #endif /* sprintf */ #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; +/* + * strcasecmp/strncasecmp aren't an error, but it means you're not thinking about + * multibyte. Don't use them. JRA. + */ +#ifdef strcasecmp +#undef strcasecmp +#endif +#define strcasecmp __ERROR__XX__NEVER_USE_STRCASECMP__; + +#ifdef strncasecmp +#undef strncasecmp +#endif +#define strncasecmp __ERROR__XX__NEVER_USE_STRCASECMP__; + #endif /* !_SPLINT_ */ #ifdef DEVELOPER -- cgit From ce0c99312c7da78679357610730ba5b60f4319b9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 15 Mar 2004 21:45:45 +0000 Subject: Use "unix netbios name" type unstring - 64 bytes long to manipulate netbios names in nmbd. Allows conversion from dos codepage mb strings (ie. SJIS) to expand to utf8 size on read. Jeremy. (This used to be commit 834d816caf9cd6318da00febde50d9233469dac2) --- source3/include/safe_string.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index cb3f37c484..b22c5efcc9 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -139,6 +139,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) #define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) #define nstrcpy(d,s) safe_strcpy((d), (s),sizeof(nstring)-1) +#define unstrcpy(d,s) safe_strcpy((d), (s),sizeof(unstring)-1) /* the addition of the DEVELOPER checks in safe_strcpy means we must * update a lot of code. To make this a little easier here are some -- cgit From e948458a79462bd99ef7c02b4d7ec22c6554a163 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 22 Jun 2004 00:48:59 +0000 Subject: r1215: Intermediate checkin of the new keytab code. I need to make sure I haven't broken krb5 ticket verification in the mainline code path, also need to check with valgrind. Everything now compiles (MIT, need to also check Heimdal) and the "net keytab" utility code will follow. Jeremy. (This used to be commit f0f2e28958cb9abfed216c71f291f19ea346d630) --- source3/include/safe_string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index b22c5efcc9..d278e29aca 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -59,7 +59,7 @@ #ifdef strncasecmp #undef strncasecmp #endif -#define strncasecmp __ERROR__XX__NEVER_USE_STRCASECMP__; +#define strncasecmp __ERROR__XX__NEVER_USE_STRNCASECMP__; #endif /* !_SPLINT_ */ -- cgit From fcda5b589633b96415890c569bf23e3e284e0916 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 5 Jul 2007 16:33:37 +0000 Subject: r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The next checkin will pull this up to srvstr_get_path. At that point we can get more independent of the inbuf, the base_ptr in pull_string will only be used to satisfy UCS2 alignment constraints. (This used to be commit 836782b07bf133e9b2598c4a089f1c810e4c7754) --- source3/include/safe_string.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index d278e29aca..3a732e11e1 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -164,7 +164,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) -#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, src_len, flags) +#define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) #define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) #define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) @@ -193,10 +193,10 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) -#define pull_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags) \ +#define pull_string_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : pull_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags)) + : pull_string_fn(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags)) #define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/include/safe_string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 3a732e11e1..2467a0ef27 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/include/safe_string.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 2467a0ef27..68be38df75 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #ifndef _SAFE_STRING_H -- cgit From e8dc2ea03d212bc4b4facc2a900f6a443365c390 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Jul 2007 01:22:09 +0000 Subject: r23858: Added srvstr_pull_buf_talloc() and srvstr_pull_talloc() calls and converted reply_tcon and reply_tconX to use them - to show the boilerplate usage (valgrind tested). In conjunction with Volker's srvstr_get_path_talloc() work this should allow us to start eliminating all pstrings/fstrings out of the main path processing code. I'll watch the build farm tonight... Jeremy. (This used to be commit b4eff3f68089f082781afcf90d43faa317949566) --- source3/include/safe_string.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 68be38df75..8c4d90c44a 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -164,6 +164,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) #define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) +#define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) pull_string_talloc_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) #define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) #define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) @@ -197,6 +198,9 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : pull_string_fn(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags)) +#define pull_string_talloc_fn2(fn_name, fn_line, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \ + pull_string_talloc_fn(fn_name, fn_line, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) + #define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ @@ -218,6 +222,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define safe_strcat_fn2 safe_strcat_fn #define push_string_fn2 push_string_fn #define pull_string_fn2 pull_string_fn +#define pull_string_talloc_fn2 pull_string_talloc_fn #define clistr_push_fn2 clistr_push_fn #define clistr_pull_fn2 clistr_pull_fn #define srvstr_push_fn2 srvstr_push_fn -- cgit From 6c6fed5e656d64df9c9c12d7909f2c2289208bf7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Aug 2007 17:37:38 +0000 Subject: r24130: Explicitly pass flags2 to srvstr_push This is in preparation of the trans2 conversion: srvstr_push should not look at inbuf directly. (This used to be commit 5fd7e6a3821bea26d352e3edc23b7a216b1200e5) --- source3/include/safe_string.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 8c4d90c44a..c0b9c411ec 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -167,7 +167,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) pull_string_talloc_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) #define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) -#define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) +#define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, flags) #define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,other_safe_chars,maxlength) #define StrnCpy(dest,src,n) StrnCpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,n) @@ -211,10 +211,10 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags)) -#define srvstr_push_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \ +#define srvstr_push_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : srvstr_push_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) + : srvstr_push_fn(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, flags)) #else -- cgit From b62bd05b93e2317f78a4aea089295cf1162d23e2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Aug 2007 18:06:45 +0000 Subject: r24133: Explicitly pass flags2 down to push_string_fn This needs a bit closer review, it also touches the client libs (This used to be commit 824eb26738d64af1798d319d339582cf047521f0) --- source3/include/safe_string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index c0b9c411ec..69a5a5eb93 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -191,7 +191,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define push_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) + : push_string_fn(fn_name, fn_line, base_ptr, 0, dest, src, dest_len, flags)) #define pull_string_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ -- cgit From 02c21aa207be1316f4fcbb5d42b851bcf9abeb50 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 11 Aug 2007 09:53:42 +0000 Subject: r24321: Attempt to fix the "hape" cc build (This used to be commit 4e819aea0b783110d3b7a27105c588403e79eac9) --- source3/include/safe_string.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 69a5a5eb93..7a60ad695e 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -162,7 +162,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) -#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) +#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, 0, dest, src, dest_len, flags) #define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) #define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) pull_string_talloc_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) @@ -188,10 +188,10 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here__() \ : safe_strcat_fn(fn_name, fn_line, (d), (s), (max_len))) -#define push_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \ +#define push_string_fn2(fn_name, fn_line, base_ptr, flags2, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : push_string_fn(fn_name, fn_line, base_ptr, 0, dest, src, dest_len, flags)) + : push_string_fn(fn_name, fn_line, base_ptr, flags2, dest, src, dest_len, flags)) #define pull_string_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ -- cgit From b9342eaaa6bf61f559e4173d7ea58acc1a0a9705 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 3 Dec 2007 15:19:22 -0800 Subject: Remove unused wpstring and macros. Stop using pstrcpy in smbd/*.c Jeremy. (This used to be commit e72bce5b62fb0a9d0ff4a3d76490219994f303cf) --- source3/include/safe_string.h | 31 ------------------------------- 1 file changed, 31 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 7a60ad695e..53ee7d312e 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -86,26 +86,6 @@ size_t __unsafe_string_function_usage_here_char__(void); #define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *)) -#define fstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(fstring)) \ - ? __unsafe_string_function_usage_here_char__() \ - : (((d)[sizeof(fstring)-1]) = '\0')) -#define pstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(pstring)) \ - ? __unsafe_string_function_usage_here_char__() \ - : (((d)[sizeof(pstring)-1]) = '\0')) - -#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ - ? __unsafe_string_function_usage_here__() \ - : safe_strcpy_w((d),(s),sizeof(wpstring))) -#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ - ? __unsafe_string_function_usage_here__() \ - : safe_strcat_w((d),(s),sizeof(wpstring))) -#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ - ? __unsafe_string_function_usage_here__() \ - : safe_strcpy_w((d),(s),sizeof(wfstring))) -#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \ - ? __unsafe_string_function_usage_here__() \ - : safe_strcat_w((d),(s),sizeof(wfstring))) - #define push_pstring_base(dest, src, pstring_base) \ (CHECK_STRING_SIZE(pstring_base, sizeof(pstring)) \ ? __unsafe_string_function_usage_here_size_t__() \ @@ -113,14 +93,6 @@ size_t __unsafe_string_function_usage_here_char__(void); #else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ -#define fstrterminate(d) (((d)[sizeof(fstring)-1]) = '\0') -#define pstrterminate(d) (((d)[sizeof(pstring)-1]) = '\0') - -#define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring)) -#define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring)) -#define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) -#define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) - #define push_pstring_base(dest, src, pstring_base) \ push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) @@ -143,9 +115,6 @@ size_t __unsafe_string_function_usage_here_char__(void); /* the addition of the DEVELOPER checks in safe_strcpy means we must * update a lot of code. To make this a little easier here are some * functions that provide the lengths with less pain */ -#define pstrcpy_base(dest, src, pstring_base) \ - safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) - /* Inside the _fn variants of these is a call to clobber_region(), - * which might destroy the stack on a buggy function. We help the -- cgit From 1b92ea5559bfa00016103508feac9a06ea4b66ae Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Dec 2007 17:16:33 -0800 Subject: Remove pstrings from client/client.c by doing a large rewrite. Mostly compiles.... Jeremy. (This used to be commit c87f3eba9aa52f4ab25d77e2167262bf5c43b1a6) --- source3/include/safe_string.h | 59 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 12 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 53ee7d312e..439a0cf760 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -128,18 +128,53 @@ size_t __unsafe_string_function_usage_here_char__(void); * long. This is not a good situation, because we can't do the normal * sanity checks. Don't use in new code! */ -#define overmalloc_safe_strcpy(dest,src,maxlength) safe_strcpy_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) -#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) -#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) -#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, 0, dest, src, dest_len, flags) -#define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) -#define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) pull_string_talloc_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, ctx, base_ptr, smb_flags2, dest, src, src_len, flags) -#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) -#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) -#define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, flags) - -#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,other_safe_chars,maxlength) -#define StrnCpy(dest,src,n) StrnCpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE,dest,src,n) +#define overmalloc_safe_strcpy(dest,src,maxlength) \ + safe_strcpy_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + dest,src,maxlength) + +#define safe_strcpy(dest,src,maxlength) \ + safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + dest,src,maxlength) + +#define safe_strcat(dest,src,maxlength) \ + safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + dest,src,maxlength) + +#define push_string(base_ptr, dest, src, dest_len, flags) \ + push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + base_ptr, 0, dest, src, dest_len, flags) + +#define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \ + pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) + +#define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \ + pull_string_talloc_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + ctx, base_ptr, smb_flags2, dest, src, src_len, flags) + +#define clistr_push(cli, dest, src, dest_len, flags) \ + clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + cli, dest, src, dest_len, flags) + +#define clistr_pull(cli, dest, src, dest_len, src_len, flags) \ + clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + cli, dest, src, dest_len, src_len, flags) + +#define clistr_pull_talloc(ctx, cli, pp_dest, src, src_len, flags) \ + clistr_pull_talloc_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + ctx, cli, pp_dest, src, src_len, flags) + +#define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) \ + srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ + base_ptr, smb_flags2, dest, src, dest_len, flags) + +#define alpha_strcpy(dest,src,other_safe_chars,maxlength) \ + alpha_strcpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE, \ + dest,src,other_safe_chars,maxlength) + +#define StrnCpy(dest,src,n) \ + StrnCpy_fn(SAFE_STRING_FUNCTION_NAME,SAFE_STRING_LINE, \ + dest,src,n) #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS -- cgit From 9e8180b9835fc100c25ef230747f7b44ef03d685 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Dec 2007 12:02:44 -0800 Subject: Remove pstrings completely except for smbctool (what does this do ?). Don't build this for now. Jeremy. (This used to be commit 46b67fd82c795d1a34a1efca9e409c0f3fa4f3a2) --- source3/include/safe_string.h | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source3/include/safe_string.h') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index 439a0cf760..c030acf8fd 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -86,16 +86,8 @@ size_t __unsafe_string_function_usage_here_char__(void); #define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *)) -#define push_pstring_base(dest, src, pstring_base) \ - (CHECK_STRING_SIZE(pstring_base, sizeof(pstring)) \ - ? __unsafe_string_function_usage_here_size_t__() \ - : push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE)) - #else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ -#define push_pstring_base(dest, src, pstring_base) \ - push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE) - #endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ #define safe_strcpy_base(dest, src, base, size) \ @@ -105,8 +97,6 @@ size_t __unsafe_string_function_usage_here_char__(void); but the best we can do in C) and may tag with function name/number to record the last 'clobber region' on that string */ -#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) -#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) #define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) #define nstrcpy(d,s) safe_strcpy((d), (s),sizeof(nstring)-1) -- cgit