From 61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 31 Aug 1998 03:11:42 +0000 Subject: bounds check next_token() to prevent possible buffer overflows (This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3) --- source3/client/client.c | 49 ++++++++++++++++++++------------------- source3/client/clitar.c | 10 ++++---- source3/client/smbmount.c | 10 ++++---- source3/include/proto.h | 2 +- source3/lib/interface.c | 2 +- source3/lib/username.c | 2 +- source3/lib/util.c | 26 ++++++++++++--------- source3/libsmb/namequery.c | 10 ++++---- source3/nmbd/nmbd.c | 4 ++-- source3/nmbd/nmbd_sendannounce.c | 4 ++-- source3/nmbd/nmbd_synclists.c | 10 ++++---- source3/nmbd/nmbd_winsserver.c | 14 +++++------ source3/printing/printing.c | 27 ++++++++++++++------- source3/rpc_client/cli_netlogon.c | 5 ++-- source3/rpc_parse/parse_net.c | 4 +++- source3/rpc_server/srv_util.c | 10 +++++--- source3/smbd/chgpasswd.c | 4 ++-- source3/smbd/groupname.c | 4 ++-- source3/smbd/ipc.c | 26 ++++++++++----------- source3/smbd/password.c | 4 ++-- source3/utils/make_smbcodepage.c | 8 +++---- 21 files changed, 128 insertions(+), 107 deletions(-) (limited to 'source3') diff --git a/source3/client/client.c b/source3/client/client.c index 9a4806b7a2..855d4cc2de 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -448,7 +448,7 @@ static void cmd_cd(char *inbuf,char *outbuf) { fstring buf; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) do_cd(buf); else DEBUG(0,("Current directory is %s\n",CNV_LANG(cur_dir))); @@ -1033,7 +1033,7 @@ static void cmd_dir(char *inbuf,char *outbuf) if(mask[strlen(mask)-1]!='\\') pstrcat(mask,"\\"); - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if (*p == '\\') pstrcpy(mask,p); @@ -1463,14 +1463,14 @@ static void cmd_get(char *dum_in, char *dum_out) p = rname + strlen(rname); - if (!next_token(NULL,p,NULL)) { + if (!next_token(NULL,p,NULL,sizeof(rname)-strlen(rname))) { DEBUG(0,("get \n")); return; } pstrcpy(lname,p); dos_clean_name(rname); - next_token(NULL,lname,NULL); + next_token(NULL,lname,NULL,sizeof(lname)); do_get(rname,lname,NULL); } @@ -1577,7 +1577,7 @@ static void cmd_more(char *dum_in, char *dum_out) "%s/smbmore.%d",tmpdir(),(int)getpid()); fstrcpy(lname,tmpname); - if (!next_token(NULL,rname+strlen(rname),NULL)) { + if (!next_token(NULL,rname+strlen(rname),NULL,sizeof(rname)-strlen(rname))) { DEBUG(0,("more \n")); return; } @@ -1612,7 +1612,7 @@ static void cmd_mget(char *inbuf,char *outbuf) abort_mget = False; - while (next_token(NULL,p,NULL)) + while (next_token(NULL,p,NULL,sizeof(buf))) { pstrcpy(mget_mask,cur_dir); if(mget_mask[strlen(mget_mask)-1]!='\\') @@ -1692,7 +1692,7 @@ static void cmd_mkdir(char *inbuf,char *outbuf) pstrcpy(mask,cur_dir); - if (!next_token(NULL,p,NULL)) + if (!next_token(NULL,p,NULL,sizeof(buf))) { if (!recurse) DEBUG(0,("mkdir \n")); @@ -1983,14 +1983,14 @@ static void cmd_put(char *dum_in, char *dum_out) pstrcat(rname,"\\"); - if (!next_token(NULL,p,NULL)) + if (!next_token(NULL,p,NULL,sizeof(buf))) { DEBUG(0,("put \n")); return; } pstrcpy(lname,p); - if (next_token(NULL,p,NULL)) + if (next_token(NULL,p,NULL,sizeof(buf))) pstrcat(rname,p); else pstrcat(rname,lname); @@ -2040,7 +2040,7 @@ static BOOL seek_list(FILE *f,char *name) static void cmd_select(char *dum_in, char *dum_out) { pstrcpy(fileselection,""); - next_token(NULL,fileselection,NULL); + next_token(NULL,fileselection,NULL,sizeof(fileselection)); } @@ -2058,7 +2058,7 @@ static void cmd_mput(char *dum_in, char *dum_out) finfo = def_finfo; - while (next_token(NULL,p,NULL)) + while (next_token(NULL,p,NULL,sizeof(buf))) { struct stat st; pstring cmd; @@ -2197,14 +2197,14 @@ static void cmd_cancel(char *inbuf,char *outbuf ) DEBUG(0,("Trying to cancel print jobs without -P may fail\n")); } - if (!next_token(NULL,buf,NULL)) { + if (!next_token(NULL,buf,NULL,sizeof(buf))) { printf("cancel ...\n"); return; } do { job = atoi(buf); do_cancel(job); - } while (next_token(NULL,buf,NULL)); + } while (next_token(NULL,buf,NULL,sizeof(buf))); } @@ -2228,7 +2228,7 @@ static void cmd_print(char *inbuf,char *outbuf ) DEBUG(0,("Trying to print without -P may fail\n")); } - if (!next_token(NULL,lname,NULL)) + if (!next_token(NULL,lname,NULL, sizeof(lname))) { DEBUG(0,("print \n")); return; @@ -2699,7 +2699,7 @@ static void cmd_del(char *inbuf,char *outbuf ) pstrcpy(mask,cur_dir); - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0,("del \n")); return; @@ -2721,7 +2721,7 @@ static void cmd_rmdir(char *inbuf,char *outbuf ) pstrcpy(mask,cur_dir); - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0,("rmdir \n")); return; @@ -2763,7 +2763,8 @@ static void cmd_rename(char *inbuf,char *outbuf ) pstrcpy(src,cur_dir); pstrcpy(dest,cur_dir); - if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf)) || + !next_token(NULL,buf2,NULL, sizeof(buf2))) { DEBUG(0,("rename \n")); return; @@ -2817,7 +2818,7 @@ static void cmd_newer(char *dum_in, char *dum_out) BOOL ok; struct stat sbuf; - ok = next_token(NULL,buf,NULL); + ok = next_token(NULL,buf,NULL,sizeof(buf)); if (ok && (sys_stat(buf,&sbuf) == 0)) { newer_than = sbuf.st_mtime; @@ -2838,7 +2839,7 @@ static void cmd_archive(char *dum_in, char *dum_out) { fstring buf; - if (next_token(NULL,buf,NULL)) { + if (next_token(NULL,buf,NULL,sizeof(buf))) { archive_level = atoi(buf); } else DEBUG(0,("Archive level is %d\n",archive_level)); @@ -2884,7 +2885,7 @@ static void cmd_printmode(char *dum_in, char *dum_out) fstring buf; fstring mode; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if (strequal(buf,"text")) printmode = 0; @@ -2921,7 +2922,7 @@ static void cmd_lcd(char *dum_in, char *dum_out) fstring buf; pstring d; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) sys_chdir(buf); DEBUG(2,("the local directory is now %s\n",GetWd(d))); } @@ -3299,7 +3300,7 @@ void cmd_help(char *dum_in, char *dum_out) int i=0,j; fstring buf; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if ((i = process_tok(buf)) >= 0) DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description)); @@ -3398,7 +3399,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) @@ -3438,7 +3439,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 395f31edcf..47903d20be 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -2073,7 +2073,7 @@ void cmd_block(char *dum_in, char *dum_out) fstring buf; int block; - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0, ("blocksize \n")); return; @@ -2097,7 +2097,7 @@ void cmd_tarmode(char *dum_in, char *dum_out) { fstring buf; - while (next_token(NULL,buf,NULL)) { + while (next_token(NULL,buf,NULL,sizeof(buf))) { if (strequal(buf, "full")) tar_inc=False; else if (strequal(buf, "inc")) @@ -2143,7 +2143,7 @@ void cmd_setmode(char *dum_in, char *dum_out) attra[0] = attra[1] = 0; - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0, ("setmode \n")); return; @@ -2152,7 +2152,7 @@ void cmd_setmode(char *dum_in, char *dum_out) safe_strcpy(fname, cur_dir, sizeof(pstring)); safe_strcat(fname, buf, sizeof(pstring)); - while (next_token(NULL,buf,NULL)) { + while (next_token(NULL,buf,NULL,sizeof(buf))) { q=buf; while(*q) @@ -2194,7 +2194,7 @@ void cmd_tar(char *inbuf, char *outbuf) char **argl; int argcl; - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0,("tar [IXbga] \n")); return; diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c index 9bc7cba6f6..95aeecde3c 100644 --- a/source3/client/smbmount.c +++ b/source3/client/smbmount.c @@ -326,7 +326,7 @@ static void cmd_mount(char *inbuf,char *outbuf) int retval; char mount_point[MAXPATHLEN+1]; - if (!next_token(NULL, mpoint, NULL)) + if (!next_token(NULL, mpoint, NULL, sizeof(mpoint))) { DEBUG(0,("You must supply a mount point\n")); return; @@ -350,7 +350,7 @@ static void cmd_mount(char *inbuf,char *outbuf) slprintf(mount_command, sizeof(mount_command)-1,"smbmnt %s -s %s", mount_point, share_name); - while(next_token(NULL, buf, NULL)) + while(next_token(NULL, buf, NULL, sizeof(buf))) { pstrcat(mount_command, " "); pstrcat(mount_command, buf); @@ -429,7 +429,7 @@ void cmd_help(char *dum_in, char *dum_out) int i=0,j; fstring buf; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if ((i = process_tok(buf)) >= 0) DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description)); @@ -527,7 +527,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) @@ -567,7 +567,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) diff --git a/source3/include/proto.h b/source3/include/proto.h index ae38ece1a2..8ee95483c5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -216,7 +216,7 @@ BOOL user_in_list(char *user,char *list); char *tmpdir(void); BOOL is_a_socket(int fd); -BOOL next_token(char **ptr,char *buff,char *sep); +BOOL next_token(char **ptr,char *buff,char *sep, int bufsize); char **toktocliplist(int *ctok, char *sep); void *mem_dup( void *from, int size ); void array_promote(char *array,int elsize,int element); diff --git a/source3/lib/interface.c b/source3/lib/interface.c index 8cc5cfb0b1..581a2135bd 100644 --- a/source3/lib/interface.c +++ b/source3/lib/interface.c @@ -136,7 +136,7 @@ static void interpret_interfaces(char *s, struct interface **interfaces, allones_ip = *interpret_addr2("255.255.255.255"); loopback_ip = *interpret_addr2("127.0.0.1"); - while (next_token(&ptr,token,NULL)) { + while (next_token(&ptr,token,NULL,sizeof(token))) { /* parse it into an IP address/netmasklength pair */ char *p = strchr(token,'/'); if (p) *p++ = 0; diff --git a/source3/lib/username.c b/source3/lib/username.c index a9d391f11a..f56f7efce2 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -297,7 +297,7 @@ BOOL user_in_list(char *user,char *list) pstring tok; char *p=list; - while (next_token(&p,tok,LIST_SEP)) + while (next_token(&p,tok,LIST_SEP, sizeof(tok))) { /* * Check raw username. diff --git a/source3/lib/util.c b/source3/lib/util.c index 5b8428b546..a52228c997 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -131,10 +131,11 @@ static char *last_ptr=NULL; Based on a routine by GJC@VILLAGE.COM. Extensively modified by Andrew.Tridgell@anu.edu.au ****************************************************************************/ -BOOL next_token(char **ptr,char *buff,char *sep) +BOOL next_token(char **ptr,char *buff,char *sep, int bufsize) { char *s; BOOL quoted; + int len=1; if (!ptr) ptr = &last_ptr; if (!ptr) return(False); @@ -151,12 +152,14 @@ BOOL next_token(char **ptr,char *buff,char *sep) if (! *s) return(False); /* copy over the token */ - for (quoted = False; *s && (quoted || !strchr(sep,*s)); s++) + for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) { - if (*s == '\"') - quoted = !quoted; - else - *buff++ = *s; + if (*s == '\"') { + quoted = !quoted; + } else { + len++; + *buff++ = *s; + } } *ptr = (*s) ? s+1 : s; @@ -291,7 +294,7 @@ void set_socket_options(int fd, char *options) { fstring tok; - while (next_token(&options,tok," \t,")) + while (next_token(&options,tok," \t,", sizeof(tok))) { int ret=0,i; int value = 1; @@ -2618,7 +2621,7 @@ BOOL in_list(char *s,char *list,BOOL casesensitive) if (!list) return(False); - while (next_token(&p,tok,LIST_SEP)) + while (next_token(&p,tok,LIST_SEP,sizeof(tok))) { if (casesensitive) { if (strcmp(tok,s) == 0) @@ -5085,7 +5088,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr) } p += 2; - if(!next_token(&p, tok, "-")) { + if(!next_token(&p, tok, "-", sizeof(tok))) { DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); return False; } @@ -5093,7 +5096,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr) /* Get the revision number. */ sidout->sid_rev_num = atoi(tok); - if(!next_token(&p, tok, "-")) { + if(!next_token(&p, tok, "-", sizeof(tok))) { DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); return False; } @@ -5111,7 +5114,8 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr) sidout->num_auths = 0; - while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) { + while(next_token(&p, tok, "-", sizeof(tok)) && + sidout->num_auths < MAXSUBAUTHS) { /* * NOTE - the subauths are in native machine-endian format. They * are converted to little-endian when linearized onto the wire. diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 8b0d68ce6a..5e189020ad 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -347,13 +347,13 @@ BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr ptr = line; - if (next_token(&ptr,ip ,NULL)) + if (next_token(&ptr,ip ,NULL,sizeof(ip))) ++count; - if (next_token(&ptr,name ,NULL)) + if (next_token(&ptr,name ,NULL, sizeof(name))) ++count; - if (next_token(&ptr,flags,NULL)) + if (next_token(&ptr,flags,NULL, sizeof(flags))) ++count; - if (next_token(&ptr,extra,NULL)) + if (next_token(&ptr,extra,NULL, sizeof(extra))) ++count; if (count <= 0) @@ -452,7 +452,7 @@ BOOL resolve_name(char *name, struct in_addr *return_ip) ptr = name_resolve_list; if (!ptr || !*ptr) ptr = "host"; - while (next_token(&ptr, tok, LIST_SEP)) { + while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) { if(strequal(tok, "host") || strequal(tok, "hosts")) { /* diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 9210ce4dcf..feb9c2420e 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -468,7 +468,7 @@ static BOOL init_structs(void) */ /* Work out the max number of netbios aliases that we have */ ptr = lp_netbios_aliases(); - for( namecount=0; next_token(&ptr,nbname,NULL); namecount++ ) + for( namecount=0; next_token(&ptr,nbname,NULL, sizeof(nbname)); namecount++ ) ; if ( *global_myname ) namecount++; @@ -487,7 +487,7 @@ static BOOL init_structs(void) my_netbios_names[namecount++] = global_myname; ptr = lp_netbios_aliases(); - while ( next_token( &ptr, nbname, NULL ) ) + while ( next_token( &ptr, nbname, NULL, sizeof(nbname) ) ) { strupper( nbname ); /* Look for duplicates */ diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c index d43d2878e3..38c8deafe7 100644 --- a/source3/nmbd/nmbd_sendannounce.c +++ b/source3/nmbd/nmbd_sendannounce.c @@ -506,7 +506,7 @@ void announce_remote(time_t t) comment = lp_serverstring(); - for (ptr=s; next_token(&ptr,s2,NULL); ) + for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d/WORKGROUP with WORKGROUP being optional */ @@ -596,7 +596,7 @@ for workgroup %s on subnet %s.\n", global_myworkgroup, FIRST_SUBNET->subnet_name strupper(p); p = skip_string(p,1); - for (ptr=s; next_token(&ptr,s2,NULL); ) + for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d */ addr = *interpret_addr2(s2); diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c index b62d9b7569..432b6dcbe2 100644 --- a/source3/nmbd/nmbd_synclists.c +++ b/source3/nmbd/nmbd_synclists.c @@ -150,6 +150,8 @@ void sync_browse_lists(struct work_record *work, CatchChild(); if ((s->pid = fork())) return; + BlockSignals( False, SIGTERM ); + DEBUG(2,("Initiating browse sync for %s to %s(%s)\n", work->work_group, name, inet_ntoa(ip))); @@ -239,11 +241,9 @@ static void complete_sync(struct sync_record *s) ptr = line; - DEBUG(9,("sync line [%s]\n", line)); - - if (!next_token(&ptr,server,NULL) || - !next_token(&ptr,type_str,NULL) || - !next_token(&ptr,comment,NULL)) { + if (!next_token(&ptr,server,NULL,sizeof(server)) || + !next_token(&ptr,type_str,NULL, sizeof(type_str)) || + !next_token(&ptr,comment,NULL, sizeof(comment))) { continue; } diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index d891124d06..2fcc95e1d6 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -211,13 +211,13 @@ BOOL initialise_wins(void) * time to actually parse them into the ip_list array. */ - if (!next_token(&ptr,name_str,NULL)) + if (!next_token(&ptr,name_str,NULL,sizeof(name_str))) { DEBUG(0,("initialise_wins: Failed to parse name when parsing line %s\n", line )); continue; } - if (!next_token(&ptr,ttl_str,NULL)) + if (!next_token(&ptr,ttl_str,NULL,sizeof(ttl_str))) { DEBUG(0,("initialise_wins: Failed to parse time to live when parsing line %s\n", line )); continue; @@ -229,7 +229,7 @@ BOOL initialise_wins(void) num_ips = 0; do { - got_token = next_token(&ptr,ip_str,NULL); + got_token = next_token(&ptr,ip_str,NULL,sizeof(ip_str)); was_ip = False; if(got_token && strchr(ip_str, '.')) @@ -260,16 +260,16 @@ BOOL initialise_wins(void) /* Reset and re-parse the line. */ ptr = line; - next_token(&ptr,name_str,NULL); - next_token(&ptr,ttl_str,NULL); + next_token(&ptr,name_str,NULL,sizeof(name_str)); + next_token(&ptr,ttl_str,NULL,sizeof(ttl_str)); for(i = 0; i < num_ips; i++) { - next_token(&ptr, ip_str, NULL); + next_token(&ptr, ip_str, NULL, sizeof(ip_str)); ip_list[i] = *interpret_addr2(ip_str); if (ip_equal(ip_list[i], ipzero)) source = SELF_NAME; } - next_token(&ptr,nb_flags_str,NULL); + next_token(&ptr,nb_flags_str,NULL, sizeof(nb_flags_str)); /* * Deal with SELF or REGISTER name encoding. Default is REGISTER diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 2c7197f9db..fae4c1cc05 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -228,7 +228,10 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first) string_sub(line,"(","\""); string_sub(line,")","\""); - for (count=0; countname , NULL)) continue; - if (!next_token(&ptr,stype , NULL)) continue; - if (!next_token(&ptr,s->comment, NULL)) continue; - if (!next_token(&ptr,s->domain , NULL)) { + if (!next_token(&ptr,s->name , NULL, sizeof(s->name))) continue; + if (!next_token(&ptr,stype , NULL, sizeof(stype))) continue; + if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue; + if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) { /* this allows us to cope with an old nmbd */ pstrcpy(s->domain,global_myworkgroup); } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 4ee9e8705d..dadbcad11e 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -934,7 +934,7 @@ struct cli_state *server_cryptkey(void) return NULL; p = lp_passwordserver(); - while(p && next_token( &p, desthost, LIST_SEP)) { + while(p && next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { standard_sub_basic(desthost); strupper(desthost); @@ -1214,7 +1214,7 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup )); */ p = lp_passwordserver(); - while(p && next_token( &p, remote_machine, LIST_SEP)) { + while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) { standard_sub_basic(remote_machine); strupper(remote_machine); diff --git a/source3/utils/make_smbcodepage.c b/source3/utils/make_smbcodepage.c index 86c9df3a18..155ed5aeb5 100644 --- a/source3/utils/make_smbcodepage.c +++ b/source3/utils/make_smbcodepage.c @@ -244,7 +244,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu unsigned char b = 0; /* Get the 'lower' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse first value"); if(!parse_byte( token_buf, &b)) parse_error(buf, "first value doesn't resolve to a byte"); @@ -253,7 +253,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4),b); /* Get the 'upper' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse second value"); if(!parse_byte( token_buf, &b)) parse_error(buf, "second value doesn't resolve to a byte"); @@ -262,7 +262,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 1,b); /* Get the 'upper to lower' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse third value"); if(!parse_bool( token_buf, &b)) parse_error(buf, "third value doesn't resolve to a boolean"); @@ -271,7 +271,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 2,b); /* Get the 'lower to upper' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse fourth value"); if(!parse_bool( token_buf, &b)) parse_error(buf, "fourth value doesn't resolve to a boolean"); -- cgit