From 959516d61bc6ee7cdd12409dde0ec00044208f1b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 29 Mar 2012 17:13:07 -0700 Subject: More strlcat/strlcpy truncate checks. --- source3/modules/vfs_afsacl.c | 12 +++++++++--- source3/modules/vfs_recycle.c | 12 +++++++++--- source3/modules/vfs_scannedonly.c | 5 +++-- 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index e965e4c8b1..61a31458cf 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -316,16 +316,22 @@ static bool unparse_afs_acl(struct afs_acl *acl, char *acl_str) } fstr_sprintf(line, "%d\n", positives); - strlcat(acl_str, line, MAXSIZE); + if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) { + return false; + } fstr_sprintf(line, "%d\n", negatives); - strlcat(acl_str, line, MAXSIZE); + if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) { + return false; + } ace = acl->acelist; while (ace != NULL) { fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights); - strlcat(acl_str, line, MAXSIZE); + if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) { + return false; + } ace = ace->next; } return true; diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index c735dccd31..80332523ed 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -280,13 +280,17 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname) *new_dir = '\0'; if (dname[0] == '/') { /* Absolute path. */ - strlcat(new_dir,"/",len+1); + if (strlcat(new_dir,"/",len+1) >= len+1) { + goto done; + } } /* Create directory tree if neccessary */ for(token = strtok_r(tok_str, "/", &saveptr); token; token = strtok_r(NULL, "/", &saveptr)) { - strlcat(new_dir, token, len+1); + if (strlcat(new_dir, token, len+1) >= len+1) { + goto done; + } if (recycle_directory_exist(handle, new_dir)) DEBUG(10, ("recycle: dir %s already exists\n", new_dir)); else { @@ -297,7 +301,9 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname) goto done; } } - strlcat(new_dir, "/", len+1); + if (strlcat(new_dir, "/", len+1) >= len+1) { + goto done; + } mode = recycle_subdir_mode(handle); } diff --git a/source3/modules/vfs_scannedonly.c b/source3/modules/vfs_scannedonly.c index 1b35388b85..fcd2ed0a1c 100644 --- a/source3/modules/vfs_scannedonly.c +++ b/source3/modules/vfs_scannedonly.c @@ -327,8 +327,9 @@ static void notify_scanner(vfs_handle_struct * handle, const char *scanfile) if (gsendlen + tmplen >= SENDBUFFERSIZE) { flush_sendbuffer(handle); } - strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1); - strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1); + /* FIXME ! Truncate checks... JRA. */ + (void)strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1); + (void)strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1); } static bool is_scannedonly_file(struct Tscannedonly *so, const char *shortname) -- cgit