From f888868f46a5418bac9ab528497136c152895305 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 May 1998 00:55:32 +0000 Subject: This is a security audit change of the main source. It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb) --- source3/rpc_server/srv_util.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_server/srv_util.c') diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 210a3f55e2..e842e3b9f9 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -297,22 +297,22 @@ void get_domain_user_groups(char *domain_groups, char *user) /* can only be a user or a guest. cannot be guest _and_ admin */ if (user_in_list(user, lp_domain_guest_users())) { - sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - strcat(domain_groups, tmp); + slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); + pstrcat(domain_groups, tmp); DEBUG(3,("domain guest access %s granted\n", tmp)); } else { - sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - strcat(domain_groups, tmp); + slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); + pstrcat(domain_groups, tmp); DEBUG(3,("domain user access %s granted\n", tmp)); if (user_in_list(user, lp_domain_admin_users())) { - sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - strcat(domain_groups, tmp); + slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); + pstrcat(domain_groups, tmp); DEBUG(3,("domain admin access %s granted\n", tmp)); } -- cgit