From d5ee9b2f480ddbda0b8f69409698d27c99384f9c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 18 Mar 2003 11:22:52 +0000 Subject: Jeremy merged across my string parinoia fixes, but forgot to enable them! :-) This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be) --- source3/smbd/negprot.c | 6 +++--- source3/smbd/reply.c | 2 +- source3/smbd/srvstr.c | 41 ----------------------------------------- 3 files changed, 4 insertions(+), 45 deletions(-) delete mode 100644 source3/smbd/srvstr.c (limited to 'source3/smbd') diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index c8f023514e..db0694a840 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -167,7 +167,7 @@ static int reply_lanman2(char *inbuf, char *outbuf) static int negprot_spnego(char *p) { DATA_BLOB blob; - uint8 guid[16]; + uint8 guid[17]; const char *OIDs_krb5[] = {OID_KERBEROS5, OID_KERBEROS5_OLD, OID_NTLMSSP, @@ -178,8 +178,8 @@ static int negprot_spnego(char *p) global_spnego_negotiated = True; - memset(guid, 0, 16); - safe_strcpy((char *)guid, global_myname(), 16); + ZERO_STRUCT(guid); + safe_strcpy((char *)guid, global_myname(), sizeof(guid)-1); strlower((char *)guid); #if 0 diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index a738baa9ff..775b617df5 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -161,7 +161,7 @@ int reply_tcon(connection_struct *conn, *service_buf = *password = *dev = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1; pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1; p += pwlen; p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1; diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c deleted file mode 100644 index 36fecf5bd2..0000000000 --- a/source3/smbd/srvstr.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - Unix SMB/CIFS implementation. - server specific string routines - Copyright (C) Andrew Tridgell 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -int srvstr_push(void *base_ptr, void *dest, const char *src, int dest_len, int flags) -{ - return push_string(base_ptr, dest, src, dest_len, flags); -} - -int srvstr_pull(void *base_ptr, char *dest, const void *src, int dest_len, int src_len, - int flags) -{ - return pull_string(base_ptr, dest, src, dest_len, src_len, flags); -} - -/* pull a string from the smb_buf part of a packet. In this case the - string can either be null terminated or it can be terminated by the - end of the smbbuf area -*/ -int srvstr_pull_buf(void *inbuf, char *dest, const void *src, int dest_len, int flags) -{ - return pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags); -} -- cgit