From 61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 31 Aug 1998 03:11:42 +0000 Subject: bounds check next_token() to prevent possible buffer overflows (This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3) --- source3/nmbd/nmbd.c | 4 ++-- source3/nmbd/nmbd_sendannounce.c | 4 ++-- source3/nmbd/nmbd_synclists.c | 10 +++++----- source3/nmbd/nmbd_winsserver.c | 14 +++++++------- 4 files changed, 16 insertions(+), 16 deletions(-) (limited to 'source3/nmbd') diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 9210ce4dcf..feb9c2420e 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -468,7 +468,7 @@ static BOOL init_structs(void) */ /* Work out the max number of netbios aliases that we have */ ptr = lp_netbios_aliases(); - for( namecount=0; next_token(&ptr,nbname,NULL); namecount++ ) + for( namecount=0; next_token(&ptr,nbname,NULL, sizeof(nbname)); namecount++ ) ; if ( *global_myname ) namecount++; @@ -487,7 +487,7 @@ static BOOL init_structs(void) my_netbios_names[namecount++] = global_myname; ptr = lp_netbios_aliases(); - while ( next_token( &ptr, nbname, NULL ) ) + while ( next_token( &ptr, nbname, NULL, sizeof(nbname) ) ) { strupper( nbname ); /* Look for duplicates */ diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c index d43d2878e3..38c8deafe7 100644 --- a/source3/nmbd/nmbd_sendannounce.c +++ b/source3/nmbd/nmbd_sendannounce.c @@ -506,7 +506,7 @@ void announce_remote(time_t t) comment = lp_serverstring(); - for (ptr=s; next_token(&ptr,s2,NULL); ) + for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d/WORKGROUP with WORKGROUP being optional */ @@ -596,7 +596,7 @@ for workgroup %s on subnet %s.\n", global_myworkgroup, FIRST_SUBNET->subnet_name strupper(p); p = skip_string(p,1); - for (ptr=s; next_token(&ptr,s2,NULL); ) + for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d */ addr = *interpret_addr2(s2); diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c index b62d9b7569..432b6dcbe2 100644 --- a/source3/nmbd/nmbd_synclists.c +++ b/source3/nmbd/nmbd_synclists.c @@ -150,6 +150,8 @@ void sync_browse_lists(struct work_record *work, CatchChild(); if ((s->pid = fork())) return; + BlockSignals( False, SIGTERM ); + DEBUG(2,("Initiating browse sync for %s to %s(%s)\n", work->work_group, name, inet_ntoa(ip))); @@ -239,11 +241,9 @@ static void complete_sync(struct sync_record *s) ptr = line; - DEBUG(9,("sync line [%s]\n", line)); - - if (!next_token(&ptr,server,NULL) || - !next_token(&ptr,type_str,NULL) || - !next_token(&ptr,comment,NULL)) { + if (!next_token(&ptr,server,NULL,sizeof(server)) || + !next_token(&ptr,type_str,NULL, sizeof(type_str)) || + !next_token(&ptr,comment,NULL, sizeof(comment))) { continue; } diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index d891124d06..2fcc95e1d6 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -211,13 +211,13 @@ BOOL initialise_wins(void) * time to actually parse them into the ip_list array. */ - if (!next_token(&ptr,name_str,NULL)) + if (!next_token(&ptr,name_str,NULL,sizeof(name_str))) { DEBUG(0,("initialise_wins: Failed to parse name when parsing line %s\n", line )); continue; } - if (!next_token(&ptr,ttl_str,NULL)) + if (!next_token(&ptr,ttl_str,NULL,sizeof(ttl_str))) { DEBUG(0,("initialise_wins: Failed to parse time to live when parsing line %s\n", line )); continue; @@ -229,7 +229,7 @@ BOOL initialise_wins(void) num_ips = 0; do { - got_token = next_token(&ptr,ip_str,NULL); + got_token = next_token(&ptr,ip_str,NULL,sizeof(ip_str)); was_ip = False; if(got_token && strchr(ip_str, '.')) @@ -260,16 +260,16 @@ BOOL initialise_wins(void) /* Reset and re-parse the line. */ ptr = line; - next_token(&ptr,name_str,NULL); - next_token(&ptr,ttl_str,NULL); + next_token(&ptr,name_str,NULL,sizeof(name_str)); + next_token(&ptr,ttl_str,NULL,sizeof(ttl_str)); for(i = 0; i < num_ips; i++) { - next_token(&ptr, ip_str, NULL); + next_token(&ptr, ip_str, NULL, sizeof(ip_str)); ip_list[i] = *interpret_addr2(ip_str); if (ip_equal(ip_list[i], ipzero)) source = SELF_NAME; } - next_token(&ptr,nb_flags_str,NULL); + next_token(&ptr,nb_flags_str,NULL, sizeof(nb_flags_str)); /* * Deal with SELF or REGISTER name encoding. Default is REGISTER -- cgit