From f888868f46a5418bac9ab528497136c152895305 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 12 May 1998 00:55:32 +0000
Subject: This is a security audit change of the main source. It removed all
 ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
---
 source3/web/cgi.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source3/web/cgi.c')

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index a1aa4d753d..5958b0a419 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -296,17 +296,17 @@ char *quotedup(char *s)
 	for (i=0;i<len;i++) {
 		switch (s[i]) {
 		case '<':
-			strcpy(d, "&lt;");
+			safe_strcpy(d, "&lt;", len + n*6 - (d - ret));
 			d += 4;
 			break;
 
 		case '>':
-			strcpy(d, "&gt;");
+			safe_strcpy(d, "&gt;", len + n*6 - (d - ret));
 			d += 4;
 			break;
 
 		case '&':
-			strcpy(d, "&amp;");
+			safe_strcpy(d, "&amp;", len + n*6 - (d - ret));
 			d += 5;
 			break;
 
@@ -347,7 +347,7 @@ char *urlquote(char *s)
 
 	for (i=0;i<len;i++) {
 		if (strchr(qlist,s[i])) {
-			sprintf(d, "%%%02X", (int)s[i]);
+			slprintf(d, len + n*2 - (d - ret), "%%%02X", (int)s[i]);
 			d += 3;
 		} else {
 			*d++ = s[i];
@@ -387,7 +387,7 @@ char *quotequotes(char *s)
 	for (i=0;i<len;i++) {
 		switch (s[i]) {
 		case '"':
-			strcpy(d, "&quot;");
+			safe_strcpy(d, "&quot;", len + n*6 - (d - ret));
 			d += 6;
 			break;
 
-- 
cgit