From 3dfc0c847240ac7e12c39f4ed9c31a888949ade1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 May 1998 06:38:36 +0000 Subject: changed to use slprintf() instead of sprintf() just about everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6) --- source3/rpc_client/cli_login.c | 8 ++++---- source3/rpc_client/cli_netlogon.c | 2 +- source3/rpc_client/cli_pipe.c | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/rpc_client') diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index b4cdf3ae50..42363e4ca5 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -52,7 +52,7 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) /**************** Long-term Session key **************/ /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, mach_pwd, cli->sess_key); + cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key); bzero(cli->sess_key+8, 8); /******************* Authenticate 2 ********************/ @@ -113,7 +113,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); + nt_lm_owf_gen(password, (char *)nt_owf_user_pwd, (char *)lm_owf_user_pwd); #ifdef DEBUG_PASSWORD @@ -134,7 +134,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam make_id_info1(&ctr->auth.id1, domain, 0, smb_userid_low, 0, username, cli->clnt_name_slash, - cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); + (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); /* Ensure we overwrite all the plaintext password equivalents. */ @@ -170,7 +170,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, make_id_info2(&ctr->auth.id2, domain, 0, smb_userid_low, 0, username, cli->clnt_name_slash, - lm_chal, lm_chal_resp, nt_chal_resp); + (uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp); /* Send client sam-logon request - update credentials on success. */ return cli_net_sam_logon(cli, ctr, user_info3); diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index da74bc6bc6..6f96f392fb 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -270,7 +270,7 @@ BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]) /* store the parameters */ make_q_srv_pwset(&q_s, cli->srv_name_slash, cli->mach_acct, sec_chan_type, - global_myname, &new_clnt_cred, hashed_mach_pwd); + global_myname, &new_clnt_cred, (char *)hashed_mach_pwd); /* turn parameters into data stream */ net_io_q_srv_pwset("", &q_s, &buf, 0); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 3076df3bb7..c458aa102a 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -95,7 +95,7 @@ static BOOL rpc_read(struct cli_state *cli, file_offset += num_read; data += num_read; - cli_error(cli, &errclass, &err); + cli_error(cli, (int *)&errclass, (int *)&err); if (errclass != 0) return False; @@ -264,7 +264,7 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_mem_free(&hps); - cli_error(cli, &errclass, &err); + cli_error(cli, (int *)&errclass, (int *)&err); if (errclass != 0) return False; @@ -492,10 +492,10 @@ static BOOL valid_pipe_name(char *pipe_name, RPC_IFACE *abstract, RPC_IFACE *tra if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe )) { DEBUG(5,("Bind Abstract Syntax: ")); - dump_data(5, (uchar*)&(pipe_names[pipe_idx].abstr_syntax), + dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax), sizeof(pipe_names[pipe_idx].abstr_syntax)); DEBUG(5,("Bind Transfer Syntax: ")); - dump_data(5, (uchar*)&(pipe_names[pipe_idx].trans_syntax), + dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax), sizeof(pipe_names[pipe_idx].trans_syntax)); /* copy the required syntaxes out so we can do the right bind */ -- cgit