From 2737f26ad64ee32d6ef7365dcce0a3eb881f99db Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Mon, 15 Feb 1999 05:33:30 +0000 Subject: Always null-terminate strings. Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486) --- source3/lsarpcd/srv_lsa.c | 4 +-- source3/nmbd/nmbd_processlogon.c | 14 ++++----- source3/rpc_client/cli_lsarpc.c | 8 ++--- source3/rpc_client/cli_reg.c | 8 ++--- source3/rpc_client/cli_samr.c | 10 +++--- source3/rpc_parse/parse_misc.c | 2 +- source3/rpc_parse/parse_reg.c | 2 +- source3/rpc_parse/parse_rpc.c | 6 ++-- source3/rpc_server/srv_lsa.c | 4 +-- source3/rpc_server/srv_netlog.c | 6 ++-- source3/rpc_server/srv_pipe.c | 6 ++-- source3/rpc_server/srv_reg.c | 2 +- source3/rpc_server/srv_samr.c | 12 +++---- source3/rpc_server/srv_svcctl.c | 4 +-- source3/rpcclient/cmd_svcctl.c | 2 +- source3/rpcclient/display.c | 68 ++++++++++++++++++++-------------------- source3/smbd/trans2.c | 6 ++-- 17 files changed, 82 insertions(+), 82 deletions(-) (limited to 'source3') diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index fbbeb4233e..45ddefe592 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -156,7 +156,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) for (num = 0; num < ref->num_ref_doms_1; num++) { fstring domname; - unistr2_to_ascii(domname, &ref->ref_dom[num].uni_dom_name, sizeof(domname)); + unistr2_to_ascii(domname, &ref->ref_dom[num].uni_dom_name, sizeof(domname)-1); if (strequal(domname, dom_name)) { return num; @@ -217,7 +217,7 @@ static void make_lsa_rid2s(DOM_R_REF *ref, char *dom_name = NULL; uint8 sid_name_use = SID_NAME_UNKNOWN; - unistr2_to_ascii(find_name, &name[i], sizeof(find_name)); + unistr2_to_ascii(find_name, &name[i], sizeof(find_name)-1); dom_name = strdup(find_name); if (map_domain_name_to_sid(&sid, &dom_name)) diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index 67678db069..98ce8a680a 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -140,8 +140,8 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); q = align2(q, buf); /* PDC and domain name */ - q = ascii_to_unibuf(q, my_name, outbuf+sizeof(outbuf)-q); - q = ascii_to_unibuf(q, global_myworkgroup, outbuf+sizeof(outbuf)-q); + q = ascii_to_unibuf(q, my_name, outbuf+sizeof(outbuf)-q-2); + q = ascii_to_unibuf(q, global_myworkgroup, outbuf+sizeof(outbuf)-q-2); SIVAL(q, 0, ntversion); q += 4; @@ -204,8 +204,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", fstring ascuser; fstring asccomp; - unibuf_to_ascii(ascuser, uniuser, sizeof(ascuser)); - unibuf_to_ascii(asccomp, unicomp, sizeof(asccomp)); + unibuf_to_ascii(ascuser, uniuser, sizeof(ascuser)-1); + unibuf_to_ascii(asccomp, unicomp, sizeof(asccomp)-1); DEBUGADD(3,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n", asccomp,inet_ntoa(p->ip), ascuser, reply_name, @@ -219,9 +219,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", q += 2; /* Logon server, trust account, domain */ - q = ascii_to_unibuf(q, reply_name, outbuf+sizeof(outbuf)-q); - q = uni_strncpy(q, uniuser, outbuf+sizeof(outbuf)-q); - q = ascii_to_unibuf(q, lp_workgroup(), outbuf+sizeof(outbuf)-q); + q = ascii_to_unibuf(q, reply_name, outbuf+sizeof(outbuf)-q-2); + q = uni_strncpy(q, uniuser, outbuf+sizeof(outbuf)-q-2); + q = ascii_to_unibuf(q, lp_workgroup(), outbuf+sizeof(outbuf)-q-2); SIVAL(q, 0, ntversion); q += 4; diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 21eba6ddb7..751a84aaaa 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -331,8 +331,8 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, if (dom_idx != 0xffffffff) { - unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)); - unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)); + unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)-1); + unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)-1); memset(full_name, 0, sizeof(full_name)); @@ -427,7 +427,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id3.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(domain_name)); + unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(fstring)-1); } if (r_q.dom.id3.buffer_dom_sid != 0) { @@ -441,7 +441,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id5.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(domain_name)); + unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(fstring)-1); } if (r_q.dom.id5.buffer_dom_sid != 0) { diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index 6fe48599d5..166617ff37 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -306,7 +306,7 @@ BOOL do_reg_query_key(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, valid_query = True; *class_len = r_o.hdr_class.uni_max_len; - unistr2_to_ascii(class, &r_o.uni_class, sizeof(class)); + unistr2_to_ascii(class, &r_o.uni_class, sizeof(fstring)-1); *num_subkeys = r_o.num_subkeys ; *max_subkeylen = r_o.max_subkeylen ; *max_subkeysize = r_o.max_subkeysize; @@ -426,7 +426,7 @@ BOOL do_reg_query_info(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, { valid_query = True; unistr_to_ascii(type, r_o.uni_type.buffer, - MIN(r_o.uni_type.buf_len, sizeof(type))); + MIN(r_o.uni_type.buf_len, sizeof(fstring)-1)); (*unk_0) = r_o.unknown_0; (*unk_1) = r_o.unknown_1; } @@ -788,7 +788,7 @@ BOOL do_reg_enum_key(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, (*unk_1) = r_o.unknown_1; (*unk_2) = r_o.unknown_2; unistr_to_ascii(key_name, r_o.key_name.str.buffer, - sizeof(key_name)); + sizeof(fstring)-1); (*mod_time) = nt_time_to_unix(&r_o.time); } } @@ -904,7 +904,7 @@ BOOL do_reg_enum_val(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, { valid_query = True; (*val_type) = r_o.type; - unistr2_to_ascii(val_name, &r_o.uni_name, sizeof(val_name)); + unistr2_to_ascii(val_name, &r_o.uni_name, sizeof(fstring)-1); } } diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 2ddc0877a9..6791195e71 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -585,12 +585,12 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum, (*sam)[i].acct_desc[0] = 0; if (r_e.sam[i].hdr_grp_name.buffer) { - unistr2_to_ascii((*sam)[i].acct_name, &r_e.str[name_idx].uni_grp_name, sizeof((*sam)[i].acct_name)); + unistr2_to_ascii((*sam)[i].acct_name, &r_e.str[name_idx].uni_grp_name, sizeof((*sam)[i].acct_name)-1); name_idx++; } if (r_e.sam[i].hdr_grp_desc.buffer) { - unistr2_to_ascii((*sam)[i].acct_desc, &r_e.str[name_idx].uni_grp_desc, sizeof((*sam)[i].acct_desc)); + unistr2_to_ascii((*sam)[i].acct_desc, &r_e.str[name_idx].uni_grp_desc, sizeof((*sam)[i].acct_desc)-1); desc_idx++; } DEBUG(5,("samr_enum_dom_groups: idx: %4d rid: %8x acct: %s desc: %s\n", @@ -678,7 +678,7 @@ BOOL samr_enum_dom_aliases(struct cli_state *cli, uint16 fnum, (*sam)[i].acct_desc[0] = 0; if (r_e.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*sam)[i].acct_name, &r_e.uni_grp_name[name_idx], sizeof((*sam)[i].acct_name)); + unistr2_to_ascii((*sam)[i].acct_name, &r_e.uni_grp_name[name_idx], sizeof((*sam)[i].acct_name)-1); name_idx++; } DEBUG(5,("samr_enum_dom_aliases: idx: %4d rid: %8x acct: %s\n", @@ -767,7 +767,7 @@ BOOL samr_enum_dom_users(struct cli_state *cli, uint16 fnum, (*sam)[i].acct_desc[0] = 0; if (r_e.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*sam)[i].acct_name, &r_e.uni_acct_name[name_idx], sizeof((*sam)[i].acct_name)); + unistr2_to_ascii((*sam)[i].acct_name, &r_e.uni_acct_name[name_idx], sizeof((*sam)[i].acct_name)-1); name_idx++; } DEBUG(5,("samr_enum_dom_users: idx: %4d rid: %8x acct: %s\n", @@ -1774,7 +1774,7 @@ BOOL samr_query_lookup_rids(struct cli_state *cli, uint16 fnum, for (i = 0; i < r_o.num_names1; i++) { - unistr2_to_ascii(names[i], &r_o.uni_name[i], sizeof(names[i])); + unistr2_to_ascii(names[i], &r_o.uni_name[i], sizeof(fstring)-1); } for (i = 0; i < r_o.num_types1; i++) { diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 04a9ba4544..12501a5e57 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -328,7 +328,7 @@ creates a UNISTR structure. ********************************************************************/ void make_unistr(UNISTR *str, char *buf) { - ascii_to_unistr(str->buffer, buf, sizeof(str->buffer)); + ascii_to_unistr(str->buffer, buf, sizeof(str->buffer)-1); } /******************************************************************* diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index 3aa9bbbc2a..8072ed2a64 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -771,7 +771,7 @@ void make_reg_r_info(REG_R_INFO *r_r, char buf[512]; int len; - len = ascii_to_unibuf(buf, os_type, sizeof(buf)) - buf; + len = ascii_to_unibuf(buf, os_type, sizeof(buf)-2) - buf; r_r->ptr1 = 1; r_r->level = level; diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index c4a7e35895..9716b35b78 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -707,9 +707,9 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) { - ascii_to_unibuf(rsp->domain, domain, sizeof(rsp->domain)); - ascii_to_unibuf(rsp->user , user , sizeof(rsp->user )); - ascii_to_unibuf(rsp->wks , wks , sizeof(rsp->wks )); + ascii_to_unibuf(rsp->domain, domain, sizeof(rsp->domain)-2); + ascii_to_unibuf(rsp->user , user , sizeof(rsp->user )-2); + ascii_to_unibuf(rsp->wks , wks , sizeof(rsp->wks )-2); } else { diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index fbbeb4233e..45ddefe592 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -156,7 +156,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) for (num = 0; num < ref->num_ref_doms_1; num++) { fstring domname; - unistr2_to_ascii(domname, &ref->ref_dom[num].uni_dom_name, sizeof(domname)); + unistr2_to_ascii(domname, &ref->ref_dom[num].uni_dom_name, sizeof(domname)-1); if (strequal(domname, dom_name)) { return num; @@ -217,7 +217,7 @@ static void make_lsa_rid2s(DOM_R_REF *ref, char *dom_name = NULL; uint8 sid_name_use = SID_NAME_UNKNOWN; - unistr2_to_ascii(find_name, &name[i], sizeof(find_name)); + unistr2_to_ascii(find_name, &name[i], sizeof(find_name)-1); dom_name = strdup(find_name); if (map_domain_name_to_sid(&sid, &dom_name)) diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index f34aa502ed..30c132aa06 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -288,7 +288,7 @@ static void api_net_req_chal( uint16 vuid, /* grab the challenge... */ net_io_q_req_chal("", &q_r, data, 0); - unistr2_to_ascii(mach_acct, &q_r.uni_logon_clnt, sizeof(mach_acct)); + unistr2_to_ascii(mach_acct, &q_r.uni_logon_clnt, sizeof(mach_acct)-1); fstrcpy(mach_name, mach_acct); strlower(mach_name); @@ -400,7 +400,7 @@ static void api_net_srv_pwset( uint16 vuid, DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__)); unistr2_to_ascii(mach_acct, &q_a.clnt_id.login.uni_acct_name, - sizeof(mach_acct)); + sizeof(mach_acct)-1); DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); @@ -674,7 +674,7 @@ static void api_net_sam_logon( uint16 vuid, if (status == 0) { unistr2_to_ascii(nt_username, uni_samlogon_user, - sizeof(nt_username)); + sizeof(nt_username)-1); DEBUG(3,("User:[%s]\n", nt_username)); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 07e16c7e5d..e619797f6e 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -227,13 +227,13 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) { unibuf_to_ascii(p->user_name, p->ntlmssp_resp.user, MIN(p->ntlmssp_resp.hdr_usr .str_str_len/2, - sizeof(p->user_name))); + sizeof(p->user_name)-1)); unibuf_to_ascii(p->domain , p->ntlmssp_resp.domain, MIN(p->ntlmssp_resp.hdr_domain.str_str_len/2, - sizeof(p->domain ))); + sizeof(p->domain )-1)); unibuf_to_ascii(p->wks , p->ntlmssp_resp.wks, MIN(p->ntlmssp_resp.hdr_wks .str_str_len/2, - sizeof(p->wks ))); + sizeof(p->wks )-1)); } else { diff --git a/source3/rpc_server/srv_reg.c b/source3/rpc_server/srv_reg.c index 52fff8716c..47ead00227 100644 --- a/source3/rpc_server/srv_reg.c +++ b/source3/rpc_server/srv_reg.c @@ -136,7 +136,7 @@ static void reg_reply_open_entry(REG_Q_OPEN_ENTRY *q_u, status = 0xC000000 | NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ } - unistr2_to_ascii(name, &q_u->uni_name, sizeof(name)); + unistr2_to_ascii(name, &q_u->uni_name, sizeof(name)-1); if (status == 0x0) { diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 7f2b62212e..449a47e4c9 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -1440,7 +1440,7 @@ static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, { DOM_SID sid; fstring name; - unistr2_to_ascii(name, &q_u->uni_name[i], sizeof(name)); + unistr2_to_ascii(name, &q_u->uni_name[i], sizeof(name)-1); status = lookup_name(name, &sid, &(type[i])); if (status == 0x0) @@ -1489,8 +1489,8 @@ static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u, fstring user_name; fstring wks; - unistr2_to_ascii(user_name, &q_u->uni_user_name, sizeof(user_name)); - unistr2_to_ascii(wks, &q_u->uni_dest_host, sizeof(wks)); + unistr2_to_ascii(user_name, &q_u->uni_user_name, sizeof(user_name)-1); + unistr2_to_ascii(wks, &q_u->uni_dest_host, sizeof(wks)-1); DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks)); @@ -2024,7 +2024,7 @@ static void samr_reply_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS *q_u, if (status == 0x0) { - unistr2_to_ascii(grp.name, &q_u->uni_acct_desc, sizeof(grp.name)); + unistr2_to_ascii(grp.name, &q_u->uni_acct_desc, sizeof(grp.name)-1); fstrcpy(grp.comment, ""); grp.rid = 0xffffffff; @@ -2135,7 +2135,7 @@ static void samr_reply_create_dom_group(SAMR_Q_CREATE_DOM_GROUP *q_u, if (status == 0x0) { - unistr2_to_ascii(grp.name, &q_u->uni_acct_desc, sizeof(grp.name)); + unistr2_to_ascii(grp.name, &q_u->uni_acct_desc, sizeof(grp.name)-1); fstrcpy(grp.comment, ""); grp.rid = 0xffffffff; grp.attr = 0x07; @@ -2302,7 +2302,7 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat reply if the account already exists... */ - unistr2_to_ascii(mach_acct, &q_u.uni_mach_acct, sizeof(mach_acct)); + unistr2_to_ascii(mach_acct, &q_u.uni_mach_acct, sizeof(mach_acct)-1); become_root(True); sam_pass = getsam21pwntnam(mach_acct); diff --git a/source3/rpc_server/srv_svcctl.c b/source3/rpc_server/srv_svcctl.c index cf6ab5a0e1..56a0749776 100644 --- a/source3/rpc_server/srv_svcctl.c +++ b/source3/rpc_server/srv_svcctl.c @@ -93,7 +93,7 @@ static void svc_reply_open_service(SVC_Q_OPEN_SERVICE *q_u, status = 0xC000000 | NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ } - unistr2_to_ascii(name, &q_u->uni_svc_name, sizeof(name)); + unistr2_to_ascii(name, &q_u->uni_svc_name, sizeof(name)-1); if (status == 0x0) { @@ -143,7 +143,7 @@ static void svc_reply_open_sc_man(SVC_Q_OPEN_SC_MAN *q_u, status = 0xC000000 | NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ } - unistr2_to_ascii(name, &q_u->uni_srv_name, sizeof(name)); + unistr2_to_ascii(name, &q_u->uni_srv_name, sizeof(name)-1); if (status == 0x0) { diff --git a/source3/rpcclient/cmd_svcctl.c b/source3/rpcclient/cmd_svcctl.c index 280eea68de..ac3834fb16 100644 --- a/source3/rpcclient/cmd_svcctl.c +++ b/source3/rpcclient/cmd_svcctl.c @@ -105,7 +105,7 @@ void cmd_svc_enum(struct client_info *info) uint32 svc_buf_size = 0x800; unistr_to_ascii(svc_name, svcs[i].uni_srvc_name.buffer, - sizeof(svc_name)); + sizeof(svc_name)-1); res2 = res2 ? svc_open_service(smb_cli, fnum, &sc_man_pol, diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c index 3432932686..0bfed9eba3 100644 --- a/source3/rpcclient/display.c +++ b/source3/rpcclient/display.c @@ -192,8 +192,8 @@ void display_srv_info_101(FILE *out_hnd, enum action_type action, fstring name; fstring comment; - unistr2_to_ascii(name, &sv101->uni_name, sizeof(name)); - unistr2_to_ascii(comment, &sv101->uni_comment, sizeof(comment)); + unistr2_to_ascii(name, &sv101->uni_name, sizeof(name)-1); + unistr2_to_ascii(comment, &sv101->uni_comment, sizeof(comment)-1); display_server(out_hnd, action, name, sv101->srv_type, comment); @@ -234,10 +234,10 @@ void display_srv_info_102(FILE *out_hnd, enum action_type action,SRV_INFO_102 *s fstring comment; fstring usr_path; - unistr2_to_ascii(name, &sv102->uni_name, sizeof(name)); - unistr2_to_ascii(comment, &sv102->uni_comment, sizeof(comment)); + unistr2_to_ascii(name, &sv102->uni_name, sizeof(name)-1); + unistr2_to_ascii(comment, &sv102->uni_comment, sizeof(comment)-1); unistr2_to_ascii(usr_path, &sv102->uni_usr_path, - sizeof(usr_path)); + sizeof(usr_path)-1); display_server(out_hnd, action, name, sv102->srv_type, comment); @@ -348,8 +348,8 @@ void display_conn_info_1(FILE *out_hnd, enum action_type action, fstring usr_name; fstring net_name; - unistr2_to_ascii(usr_name, &str1->uni_usr_name, sizeof(usr_name)); - unistr2_to_ascii(net_name, &str1->uni_net_name, sizeof(net_name)); + unistr2_to_ascii(usr_name, &str1->uni_usr_name, sizeof(usr_name)-1); + unistr2_to_ascii(net_name, &str1->uni_net_name, sizeof(net_name)-1); fprintf(out_hnd, "\tid :\t%d\n", info1->id); fprintf(out_hnd, "\ttype :\t%s\n", get_share_type_str(info1->type)); @@ -504,8 +504,8 @@ void display_share_info_1(FILE *out_hnd, enum action_type action, fstring remark ; fstring net_name; - unistr2_to_ascii(net_name, &str1->uni_netname, sizeof(net_name)); - unistr2_to_ascii(remark, &str1->uni_remark, sizeof(remark)); + unistr2_to_ascii(net_name, &str1->uni_netname, sizeof(net_name)-1); + unistr2_to_ascii(remark, &str1->uni_remark, sizeof(remark)-1); display_share(out_hnd, action, net_name, info1->type, remark); @@ -546,10 +546,10 @@ void display_share_info_2(FILE *out_hnd, enum action_type action, fstring path ; fstring passwd ; - unistr2_to_ascii(net_name, &str2->uni_netname, sizeof(net_name)); - unistr2_to_ascii(remark, &str2->uni_remark, sizeof(remark)); - unistr2_to_ascii(path, &str2->uni_path, sizeof(path)); - unistr2_to_ascii(passwd, &str2->uni_passwd, sizeof(passwd)); + unistr2_to_ascii(net_name, &str2->uni_netname, sizeof(net_name)-1); + unistr2_to_ascii(remark, &str2->uni_remark, sizeof(remark)-1); + unistr2_to_ascii(path, &str2->uni_path, sizeof(path)-1); + unistr2_to_ascii(passwd, &str2->uni_passwd, sizeof(passwd)-1); display_share2(out_hnd, action, net_name, info2->type, remark, info2->perms, info2->max_uses, info2->num_uses, @@ -700,9 +700,9 @@ void display_file_info_3(FILE *out_hnd, enum action_type action, fstring user_name; unistr2_to_ascii(path_name, &str3->uni_path_name, - sizeof(path_name)); + sizeof(path_name)-1); unistr2_to_ascii(user_name, &str3->uni_user_name, - sizeof(user_name)); + sizeof(user_name)-1); fprintf(out_hnd, "\tid :\t%d\n", info3->id); fprintf(out_hnd, "\tperms :\t%s\n", get_file_mode_str(info3->perms)); @@ -1153,34 +1153,34 @@ void display_sam_user_info_21(FILE *out_hnd, enum action_type action, SAM_USER_I { fstring temp; - unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1); fprintf(out_hnd, "\t\tUser Name :\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1); fprintf(out_hnd, "\t\tFull Name :\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1); fprintf(out_hnd, "\t\tHome Drive :\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1); fprintf(out_hnd, "\t\tDir Drive :\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1); fprintf(out_hnd, "\t\tProfile Path:\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1); fprintf(out_hnd, "\t\tLogon Script:\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1); fprintf(out_hnd, "\t\tDescription :\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1); fprintf(out_hnd, "\t\tWorkstations:\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)-1); fprintf(out_hnd, "\t\tUnknown Str :\t%s\n", temp); - unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1); fprintf(out_hnd, "\t\tRemote Dial :\t%s\n", temp); fprintf(out_hnd, "\t\tLogon Time :\t%s\n", http_timestring(nt_time_to_unix(&(usr->logon_time )))); @@ -1479,7 +1479,7 @@ static void print_reg_value(FILE *out_hnd, char *val_name, uint32 val_type, BUFF case 0x01: /* unistr */ { unistr_to_ascii(valstr, value->buffer, - MIN(value->buf_len, sizeof(valstr))); + MIN(value->buf_len, sizeof(valstr)-1)); fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, valstr); break; } @@ -1508,7 +1508,7 @@ static void print_reg_value(FILE *out_hnd, char *val_name, uint32 val_type, BUFF case 0x07: /* multiunistr */ { - buffer2_to_multistr(valstr, value, sizeof(valstr)); + buffer2_to_multistr(valstr, value, sizeof(valstr)-1); fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, valstr); break; } @@ -1597,7 +1597,7 @@ void display_query_svc_cfg(FILE *out_hnd, enum action_type action, { fstring service; - unistr2_to_ascii(service, &cfg->uni_display_name, sizeof(service)); + unistr2_to_ascii(service, &cfg->uni_display_name, sizeof(service)-1); fprintf(out_hnd, "\tService:\t%s\n", service); fprintf(out_hnd, "\t-------\n"); break; @@ -1606,16 +1606,16 @@ void display_query_svc_cfg(FILE *out_hnd, enum action_type action, { fstring temp; - unistr2_to_ascii(temp, &cfg->uni_bin_path_name, sizeof(temp)); + unistr2_to_ascii(temp, &cfg->uni_bin_path_name, sizeof(temp)-1); fprintf(out_hnd, "\tPath:\t%s\n", temp); - unistr2_to_ascii(temp, &cfg->uni_load_order_grp, sizeof(temp)); + unistr2_to_ascii(temp, &cfg->uni_load_order_grp, sizeof(temp)-1); fprintf(out_hnd, "\tLoad Order:\t%s\n", temp); - unistr2_to_ascii(temp, &cfg->uni_dependencies, sizeof(temp)); + unistr2_to_ascii(temp, &cfg->uni_dependencies, sizeof(temp)-1); fprintf(out_hnd, "\tDependencies:\t%s\n", temp); - unistr2_to_ascii(temp, &cfg->uni_service_start_name, sizeof(temp)); + unistr2_to_ascii(temp, &cfg->uni_service_start_name, sizeof(temp)-1); fprintf(out_hnd, "\tService Start:\t%s\n", temp); fprintf(out_hnd, "\tService Type:\t%d\n", cfg->service_type); @@ -1649,11 +1649,11 @@ void display_svc_info(FILE *out_hnd, enum action_type action, ENUM_SRVC_STATUS * fstring name; unistr_to_ascii(name, svc->uni_srvc_name.buffer, - sizeof(name)); /* service name */ + sizeof(name)-1); /* service name */ fprintf(out_hnd, "\t%s:", name); unistr_to_ascii(name, svc->uni_disp_name.buffer, - sizeof(name)); /* display name */ + sizeof(name)-1); /* display name */ fprintf(out_hnd, "\t%s\n", name); break; } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 1bfcaa5f12..f041393dab 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1121,7 +1121,7 @@ static int call_trans2qfsinfo(connection_struct *conn, #endif /* Old code. */ SIVAL(pdata,4,128); /* Max filename component length */ SIVAL(pdata,8,2*strlen(fstype)); - ascii_to_unibuf(pdata+12, fstype, 1024-12); + ascii_to_unibuf(pdata+12, fstype, 1024-2-12); SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS); break; case SMB_QUERY_FS_LABEL_INFO: @@ -1148,7 +1148,7 @@ static int call_trans2qfsinfo(connection_struct *conn, } else { data_len = 18 + 2*strlen(vname); SIVAL(pdata,12,strlen(vname)*2); - ascii_to_unibuf(pdata+18, vname, 1024-18); + ascii_to_unibuf(pdata+18, vname, 1024-2-18); } DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol = %s\n", @@ -1405,7 +1405,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn, *short_name = '\0'; } strupper(short_name); - data_end = ascii_to_unibuf(pdata + 4, short_name, 1024-4); + data_end = ascii_to_unibuf(pdata + 4, short_name, 1024-2-4); data_size = data_end - pdata; SIVAL(pdata,0,2*(data_size-4)); } -- cgit