From 3dfc0c847240ac7e12c39f4ed9c31a888949ade1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 May 1998 06:38:36 +0000 Subject: changed to use slprintf() instead of sprintf() just about everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6) --- source3/lib/util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/lib/util.c') diff --git a/source3/lib/util.c b/source3/lib/util.c index 2f637e1495..ee87d48388 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -226,7 +226,7 @@ static void check_log_size(void) if (dbf && file_size(debugf) > maxlog) { pstring name; fclose(dbf); dbf = NULL; - sprintf(name,"%s.old",debugf); + slprintf(name,sizeof(name)-1,"%s.old",debugf); sys_rename(debugf,name); reopen_logs(); } @@ -313,7 +313,7 @@ va_dcl va_start(ap); format_str = va_arg(ap,char *); #endif - vsprintf(msgbuf, format_str, ap); + vslprintf(msgbuf, sizeof(msgbuf)-1,format_str, ap); va_end(ap); msgbuf[255] = '\0'; @@ -3839,7 +3839,7 @@ static char *automount_lookup(char *user_name) if (strcmp(user_name, last_key)) { - sprintf(buffer, "[%s=%s]%s.%s", "key", user_name, nis_map, nis_domain); + slprintf(buffer, sizeof(buffer)-1, "[%s=%s]%s.%s", "key", user_name, nis_map, nis_domain); DEBUG(5, ("NIS+ querystring: %s\n", buffer)); if (result = nis_list(buffer, RETURN_RESULT, NULL, NULL)) -- cgit