From cef59090bb2fd3f8a9efd1a453cb90264b891d58 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 1997 18:55:29 +0000 Subject: Adding Andrews buffer overflow fixes into the main branch. Jeremy (jallison@whistle.com) (This used to be commit e7eb1f044d3101679dc7a118820ea5efe0cd837c) --- source3/lib/system.c | 4 +- source3/lib/time.c | 4 +- source3/lib/username.c | 4 +- source3/lib/util.c | 114 ++++++++++++++++++++++++++++++++++++------------- 4 files changed, 91 insertions(+), 35 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/system.c b/source3/lib/system.c index c539b25883..fe8e8004d0 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -310,8 +310,8 @@ int sys_rename(char *from, char *to) int rcode; pstring zfrom, zto; - strcpy (zfrom, dos_to_unix (from, False)); - strcpy (zto, dos_to_unix (to, False)); + pstrcpy (zfrom, dos_to_unix (from, False)); + pstrcpy (zto, dos_to_unix (to, False)); rcode = rename (zfrom, zto); if (errno == EXDEV) diff --git a/source3/lib/time.c b/source3/lib/time.c index d16552b61e..4f688d2214 100644 --- a/source3/lib/time.c +++ b/source3/lib/time.c @@ -469,12 +469,12 @@ BOOL set_filetime(char *fname,time_t mtime) ****************************************************************************/ char *timestring(void ) { - static char TimeBuf[100]; + static fstring TimeBuf; time_t t = time(NULL); struct tm *tm = LocalTime(&t); #ifdef NO_STRFTIME - strcpy(TimeBuf, asctime(tm)); + fstrcpy(TimeBuf, asctime(tm)); #elif defined(CLIX) || defined(CONVEX) strftime(TimeBuf,100,"%m/%d/%y %I:%M:%S %p",tm); #elif defined(AMPM) diff --git a/source3/lib/username.c b/source3/lib/username.c index a78a344eb8..a9f6425991 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -65,7 +65,7 @@ void map_username(char *user) if (strequal(user,last_from)) { DEBUG(3,("Mapped user %s to %s\n",user,last_to)); - strcpy(user,last_to); + fstrcpy(user,last_to); return; } @@ -191,7 +191,7 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change) if (ret) return(ret); if (allow_change) - strcpy(user,user2); + fstrcpy(user,user2); return(NULL); } diff --git a/source3/lib/util.c b/source3/lib/util.c index 812e59769e..8ffc11068a 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1117,7 +1117,7 @@ void unix_format(char *fname) if (*fname == '/') { - strcpy(namecopy,fname); + pstrcpy(namecopy,fname); strcpy(fname,"."); strcat(fname,namecopy); } @@ -1328,7 +1328,7 @@ void dos_clean_name(char *s) pstring s1; *p = 0; - strcpy(s1,p+3); + pstrcpy(s1,p+3); if ((p=strrchr(s,'\\')) != NULL) *p = 0; @@ -1366,7 +1366,7 @@ void unix_clean_name(char *s) pstring s1; *p = 0; - strcpy(s1,p+3); + pstrcpy(s1,p+3); if ((p=strrchr(s,'/')) != NULL) *p = 0; @@ -1393,7 +1393,7 @@ int ChDir(char *path) DEBUG(3,("chdir to %s\n",path)); res = sys_chdir(path); if (!res) - strcpy(LastDir,path); + pstrcpy(LastDir,path); return(res); } @@ -1553,7 +1553,7 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks) /* remove any double slashes */ string_sub(s,"//","/"); - strcpy(basename,s); + pstrcpy(basename,s); p = strrchr(basename,'/'); if (!p) @@ -1623,12 +1623,12 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks) if (relative) { if (newname[l] == '/') - strcpy(s,newname + l + 1); + pstrcpy(s,newname + l + 1); else - strcpy(s,newname+l); + pstrcpy(s,newname+l); } else - strcpy(s,newname); + pstrcpy(s,newname); } ChDir(wd); @@ -1652,10 +1652,10 @@ static void expand_one(char *Mask,int len) int lfill = (len+1) - strlen(Mask); int l1= (p1 - Mask); pstring tmp; - strcpy(tmp,Mask); + pstrcpy(tmp,Mask); memset(tmp+l1,'?',lfill); - strcpy(tmp + l1 + lfill,Mask + l1 + 1); - strcpy(Mask,tmp); + pstrcpy(tmp + l1 + lfill,Mask + l1 + 1); + pstrcpy(Mask,tmp); } } @@ -1679,20 +1679,20 @@ void expand_mask(char *Mask,BOOL doext) filename_dos(Mask,filepart); - strcpy(mbeg,filepart); + pstrcpy(mbeg,filepart); if ((p1 = strchr(mbeg,'.')) != NULL) { hasdot = True; *p1 = 0; p1++; - strcpy(mext,p1); + pstrcpy(mext,p1); } else { strcpy(mext,""); if (strlen(mbeg) > 8) { - strcpy(mext,mbeg + 8); + pstrcpy(mext,mbeg + 8); mbeg[8] = 0; } } @@ -1710,7 +1710,7 @@ void expand_mask(char *Mask,BOOL doext) if (*mext) expand_one(mext,3); - strcpy(Mask,dirpart); + pstrcpy(Mask,dirpart); if (*dirpart || absolute) strcat(Mask,"\\"); strcat(Mask,mbeg); strcat(Mask,"."); @@ -1839,7 +1839,7 @@ void make_dir_struct(char *buf,char *mask,char *fname,unsigned int size,int mode char *p; pstring mask2; - strcpy(mask2,mask); + pstrcpy(mask2,mask); if ((mode & aDIR) != 0) size = 0; @@ -2569,7 +2569,12 @@ BOOL string_init(char **dest,char *src) } else { - *dest = (char *)malloc(l+1); + (*dest) = (char *)malloc(l+1); + if ((*dest) == NULL) { + DEBUG(0,("Out of memory in string_init\n")); + return False; + } + strcpy(*dest,src); } return(True); @@ -2741,25 +2746,25 @@ BOOL mask_match(char *str, char *regexp, int case_sig,BOOL trans2) DEBUG(5,("mask_match str=<%s> regexp=<%s>, case_sig = %d\n", p2, p1, case_sig)); if (trans2) { - strcpy(ebase,p1); - strcpy(sbase,p2); + fstrcpy(ebase,p1); + fstrcpy(sbase,p2); } else { if ((p=strrchr(p1,'.'))) { *p = 0; - strcpy(ebase,p1); - strcpy(eext,p+1); + fstrcpy(ebase,p1); + fstrcpy(eext,p+1); } else { - strcpy(ebase,p1); + fstrcpy(ebase,p1); eext[0] = 0; } if (!strequal(p2,".") && !strequal(p2,"..") && (p=strrchr(p2,'.'))) { *p = 0; - strcpy(sbase,p2); - strcpy(sext,p+1); + fstrcpy(sbase,p2); + fstrcpy(sext,p+1); } else { - strcpy(sbase,p2); - strcpy(sext,""); + fstrcpy(sbase,p2); + fstrcpy(sext,""); } } @@ -3075,7 +3080,7 @@ BOOL get_myname(char *my_name,struct in_addr *ip) char *p = strchr(hostname,'.'); if (p) *p = 0; - strcpy(my_name,hostname); + fstrcpy(my_name,hostname); } if (ip) @@ -3443,7 +3448,7 @@ char *client_addr(void) return addr_buf; } - strcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr)); + fstrcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr)); global_client_addr_done = True; return addr_buf; @@ -3700,7 +3705,7 @@ char *readdirname(void *p) { static pstring buf; - strcpy(buf, dname); + pstrcpy(buf, dname); unix_to_dos(buf, True); dname = buf; } @@ -4055,3 +4060,54 @@ enum remote_arch_types get_remote_arch() { return ra_type; } + + +/******************************************************************* +safe string copy into a fstring +********************************************************************/ +void fstrcpy(char *dest, char *src) +{ + int maxlength = sizeof(fstring) - 1; + if (!dest) { + DEBUG(0,("ERROR: NULL dest in fstrcpy\n")); + return; + } + + if (!src) { + *dest = 0; + return; + } + + while (maxlength-- && *src) + *dest++ = *src++; + *dest = 0; + if (*src) { + DEBUG(0,("ERROR: string overflow by %d in fstrcpy\n", + strlen(src))); + } +} + +/******************************************************************* +safe string copy into a pstring +********************************************************************/ +void pstrcpy(char *dest, char *src) +{ + int maxlength = sizeof(pstring) - 1; + if (!dest) { + DEBUG(0,("ERROR: NULL dest in pstrcpy\n")); + return; + } + + if (!src) { + *dest = 0; + return; + } + + while (maxlength-- && *src) + *dest++ = *src++; + *dest = 0; + if (*src) { + DEBUG(0,("ERROR: string overflow by %d in pstrcpy\n", + strlen(src))); + } +} -- cgit