From f888868f46a5418bac9ab528497136c152895305 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 12 May 1998 00:55:32 +0000
Subject: This is a security audit change of the main source. It removed all
 ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
---
 source3/rpc_server/srv_netlog.c |  2 +-
 source3/rpc_server/srv_samr.c   |  6 +++---
 source3/rpc_server/srv_util.c   | 12 ++++++------
 3 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 28c44a57b7..958f0bf14d 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -279,7 +279,7 @@ static void api_net_req_chal( int uid,
 	fstrcpy(mach_name, mach_acct);
 	strlower(mach_name);
 
-	strcat(mach_acct, "$");
+	fstrcat(mach_acct, "$");
 
 	if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct))
 	{
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 20cdc30bab..6f834e454a 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -231,9 +231,9 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
 
 	if (status == 0x0)
 	{
-		strcpy(user_sid, lp_domain_sid());
-		sprintf(user_rid, "-%x", rid);
-		strcat(user_sid, user_rid);
+		fstrcpy(user_sid, lp_domain_sid());
+		slprintf(user_rid, sizeof(user_rid) - 1, "-%x", rid);
+		fstrcat(user_sid, user_rid);
 
 		/* maybe need another 1 or 2 (S-1-5-20-0x220 and S-1-5-20-0x224) */
 		/* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 210a3f55e2..e842e3b9f9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -297,22 +297,22 @@ void get_domain_user_groups(char *domain_groups, char *user)
 	/* can only be a user or a guest.  cannot be guest _and_ admin */
 	if (user_in_list(user, lp_domain_guest_users()))
 	{
-		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-		strcat(domain_groups, tmp);
+		slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
+		pstrcat(domain_groups, tmp);
 
 		DEBUG(3,("domain guest access %s granted\n", tmp));
 	}
 	else
 	{
-		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-		strcat(domain_groups, tmp);
+		slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
+		pstrcat(domain_groups, tmp);
 
 		DEBUG(3,("domain user access %s granted\n", tmp));
 
 		if (user_in_list(user, lp_domain_admin_users()))
 		{
-			sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-			strcat(domain_groups, tmp);
+			slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
+			pstrcat(domain_groups, tmp);
 
 			DEBUG(3,("domain admin access %s granted\n", tmp));
 		}
-- 
cgit