From f888868f46a5418bac9ab528497136c152895305 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 12 May 1998 00:55:32 +0000
Subject: This is a security audit change of the main source. It removed all
 ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
---
 source3/nmbd/nmbd.c                  |  8 ++++----
 source3/nmbd/nmbd_become_lmb.c       |  4 ++--
 source3/nmbd/nmbd_browsesync.c       |  2 +-
 source3/nmbd/nmbd_incomingrequests.c |  2 +-
 source3/nmbd/nmbd_namelistdb.c       |  6 +++---
 source3/nmbd/nmbd_packets.c          |  6 +++---
 source3/nmbd/nmbd_processlogon.c     | 18 +++++++++---------
 source3/nmbd/nmbd_serverlistdb.c     |  6 +++---
 source3/nmbd/nmbd_winsserver.c       | 18 +++++++++---------
 9 files changed, 35 insertions(+), 35 deletions(-)

(limited to 'source3/nmbd')

diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index f9519bea18..39f5087497 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -133,7 +133,7 @@ static BOOL dump_core(void)
   pstrcpy( dname, debugf );
   if ((p=strrchr(dname,'/')))
     *p=0;
-  strcat( dname, "/corefiles" );
+  pstrcat( dname, "/corefiles" );
   mkdir( dname, 0700 );
   sys_chown( dname, getuid(), getgid() );
   chmod( dname, 0700 );
@@ -209,7 +209,7 @@ BOOL reload_services(BOOL test)
   BOOL ret;
   extern fstring remote_machine;
 
-  strcpy( remote_machine, "nmb" );
+  fstrcpy( remote_machine, "nmb" );
 
   if ( lp_loaded() )
   {
@@ -560,14 +560,14 @@ int main(int argc,char *argv[])
 
   TimeInit();
 
-  strcpy( debugf, NMBLOGFILE );
+  pstrcpy( debugf, NMBLOGFILE );
 
   setup_logging( argv[0], False );
 
   charset_initialise();
 
 #ifdef LMHOSTSFILE
-  strcpy( host_file, LMHOSTSFILE );
+  pstrcpy( host_file, LMHOSTSFILE );
 #endif
 
   /* this is for people who can't start the program correctly */
diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c
index c602789fb8..ffa3b38cba 100644
--- a/source3/nmbd/nmbd_become_lmb.c
+++ b/source3/nmbd/nmbd_become_lmb.c
@@ -276,7 +276,7 @@ in workgroup %s on subnet %s\n",
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  strcpy(userdata->data, work->work_group);
+  pstrcpy(userdata->data, work->work_group);
 
   /* Deregister any browser names we may have. */
   make_nmb_name(&nmbname, MSBROWSE, 0x1, scope);
@@ -528,7 +528,7 @@ in workgroup %s on subnet %s\n",
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  strcpy(userdata->data, work->work_group);
+  pstrcpy(userdata->data, work->work_group);
 
   /* Register the special browser group name. */
   register_name(subrec, MSBROWSE, 0x01, samba_nb_type|NB_GROUP,
diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
index c78fdfc514..c1f6aa5a6c 100644
--- a/source3/nmbd/nmbd_browsesync.c
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -420,7 +420,7 @@ workgroup %s\n", q_name->name ));
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  strcpy(userdata->data, work->work_group);
+  pstrcpy(userdata->data, work->work_group);
 
   node_status( subrec, &nmbname, answer_ip, 
                domain_master_node_status_success,
diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c
index e1c56f591f..02b511a363 100644
--- a/source3/nmbd/nmbd_incomingrequests.c
+++ b/source3/nmbd/nmbd_incomingrequests.c
@@ -362,7 +362,7 @@ subnet %s - name not found.\n", namestr(&nmb->question.question_name),
       {
         /* Start with the name. */
         bzero(buf,18);
-        sprintf(buf,"%-15.15s",namerec->name.name);
+        slprintf(buf, 17, "%-15.15s",namerec->name.name);
         strupper(buf);
         
         /* Put the name type and netbios flags in the buffer. */
diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c
index b37cac10dc..07d026e051 100644
--- a/source3/nmbd/nmbd_namelistdb.c
+++ b/source3/nmbd/nmbd_namelistdb.c
@@ -553,14 +553,14 @@ static void dump_subnet_namelist( struct subnet_record *subrec, FILE *fp)
 
 void dump_all_namelists(void)
 {
-  fstring fname;
+  pstring fname;
   FILE *fp; 
   struct subnet_record *subrec;
 
   pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/"); 
-  strcat(fname,"namelist.debug");
+  pstrcat(fname,"/"); 
+  pstrcat(fname,"namelist.debug");
 
   fp = fopen(fname,"w");
      
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index 54f4f3a2cb..b62f0aff62 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -335,9 +335,9 @@ static BOOL initiate_multihomed_name_register_packet( struct packet_struct *pack
                                     uint16 nb_flags, struct in_addr *register_ip)
 {
   struct nmb_packet *nmb = &packet->packet.nmb;
-  char second_ip_buf[25];
+  fstring second_ip_buf;
 
-  strcpy(second_ip_buf, inet_ntoa(packet->ip));
+  fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
 
   nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
   nmb->header.arcount = 1;
@@ -1914,7 +1914,7 @@ BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len,
   SSVAL(ptr,smb_vwv15,1);
   SSVAL(ptr,smb_vwv16,2);
   p2 = smb_buf(ptr);
-  strcpy(p2,mailslot);
+  pstrcpy(p2,mailslot);
   p2 = skip_string(p2,1);
 
   memcpy(p2,buf,len);
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index 50b6052c67..631b8ff01f 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -68,7 +68,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
     return;
   }
 
-  strcpy(my_name, global_myname);
+  pstrcpy(my_name, global_myname);
   strupper(my_name);
 
   code = SVAL(buf,0);
@@ -89,7 +89,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       token = SVAL(q,3);
 
       reply_code = 0x6;
-      strcpy(reply_name,my_name); 
+      fstrcpy(reply_name,my_name); 
       add_slashes = True;
 
       DEBUG(3,("process_logon_packet: Domain login request from %s at IP %s user=%s token=%x\n",
@@ -98,9 +98,9 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       q = outbuf;
       SSVAL(q, 0, 6); q += 2;
 
-      strcpy(reply_name, "\\\\");
-      strcat(reply_name, my_name);
-      strcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
+      fstrcpy(reply_name, "\\\\");
+      fstrcat(reply_name, my_name);
+      fstrcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
 
       SSVAL(q, 0, token); q += 2;
 
@@ -137,8 +137,8 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       q = outbuf;
       SSVAL(q, 0, QUERYFORPDC_R); q += 2;
 
-      strcpy(reply_name,my_name);
-      strcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
+      fstrcpy(reply_name,my_name);
+      fstrcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
 
       if (strcmp(mailslot, NT_LOGON_MAILSLOT)==0) {
         q = align2(q, buf);
@@ -198,8 +198,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
       pstrcpy(ascuser, unistr(uniuser));
       DEBUG(3,("process_logon_packet: SAMLOGON user %s\n", ascuser));
 
-      strcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
-      strcpy(reply_name+2,my_name); 
+      fstrcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
+      fstrcpy(reply_name+2,my_name); 
 
       smb_pass = getsampwnam(ascuser);
 
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index 64ca49cdbc..6ff6ad5c5d 100644
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -338,10 +338,10 @@ void write_browse_list(time_t t, BOOL force_write)
     
   pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,SERVER_LIST);
+  pstrcat(fname,"/");
+  pstrcat(fname,SERVER_LIST);
   pstrcpy(fnamenew,fname);
-  strcat(fnamenew,".");
+  pstrcat(fnamenew,".");
  
   fp = fopen(fnamenew,"w");
  
diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
index d089686917..acab815926 100644
--- a/source3/nmbd/nmbd_winsserver.c
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -116,7 +116,7 @@ Load or create the WINS database.
 
 BOOL initialise_wins(void)
 {
-  fstring fname;
+  pstring fname;
   time_t time_now = time(NULL);
   FILE *fp;
   pstring line;
@@ -131,10 +131,10 @@ BOOL initialise_wins(void)
   start_async_dns();
 #endif
 
-  fstrcpy(fname,lp_lockdir());
+  pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,WINS_LIST);
+  pstrcat(fname,"/");
+  pstrcat(fname,WINS_LIST);
 
   if((fp = fopen(fname,"r")) == NULL)
   {
@@ -1515,7 +1515,7 @@ void initiate_wins_processing(time_t t)
 void wins_write_database(void)
 {
   struct name_record *namerec;
-  fstring fname, fnamenew;
+  pstring fname, fnamenew;
    
   FILE *fp;
    
@@ -1524,10 +1524,10 @@ void wins_write_database(void)
 
   fstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,WINS_LIST);
-  fstrcpy(fnamenew,fname);
-  strcat(fnamenew,".");
+  pstrcat(fname,"/");
+  pstrcat(fname,WINS_LIST);
+  pstrcpy(fnamenew,fname);
+  pstrcat(fnamenew,".");
 
   if((fp = fopen(fnamenew,"w")) == NULL)
   {
-- 
cgit