From ffc88e2d26217f99c34ce24c0836bec3c809ca1a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 May 1998 06:35:45 +0000 Subject: changed to use slprintf() instead of sprintf() just about everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit 6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f) --- source3/web/swat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/web') diff --git a/source3/web/swat.c b/source3/web/swat.c index b96c7d0ec7..78c1fa4f19 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -329,7 +329,7 @@ static void commit_parameters(int snum) char *v; while ((parm = lp_next_parameter(snum, &i, 1))) { - sprintf(label, "parm_%s", make_parm_name(parm->label)); + slprintf(label, sizeof(label)-1, "parm_%s", make_parm_name(parm->label)); if ((v = cgi_variable(label))) { if (parm->flags & FLAG_HIDE) continue; commit_parameter(snum, parm, v); -- cgit