From 6f46f75dfc2c80b99a6a5fb277bab456a5fd247b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 3 Dec 2007 17:17:05 -0800 Subject: Make strhex_to_str clear on string limits. Remove pstring from web/*.c Jeremy. (This used to be commit f9c8d62389f8cb47837e5360209936176537df13) --- source3/lib/util_str.c | 14 +++--- source3/libads/ldap.c | 4 +- source3/rpc_parse/parse_misc.c | 6 ++- source3/web/cgi.c | 36 ++++++++------- source3/web/startstop.c | 48 ++++++++++---------- source3/web/statuspage.c | 29 +++++++++---- source3/web/swat.c | 99 +++++++++++++++++++++++++----------------- 7 files changed, 138 insertions(+), 98 deletions(-) (limited to 'source3') diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index a0ca03a972..7cd0f78439 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1034,7 +1034,7 @@ static char *strncpyn(char *dest, const char *src, size_t n, char c) **/ -size_t strhex_to_str(char *p, size_t len, const char *strhex) +size_t strhex_to_str(char *buf, size_t buf_len, const char *strhex, size_t strhex_len) { size_t i; size_t num_chars = 0; @@ -1042,7 +1042,7 @@ size_t strhex_to_str(char *p, size_t len, const char *strhex) const char *hexchars = "0123456789ABCDEF"; char *p1 = NULL, *p2 = NULL; - for (i = 0; i < len && strhex[i] != 0; i++) { + for (i = 0; i < strhex_len && strhex[i] != 0; i++) { if (strnequal(hexchars, "0x", 2)) { i++; /* skip two chars */ continue; @@ -1060,7 +1060,10 @@ size_t strhex_to_str(char *p, size_t len, const char *strhex) hinybble = PTR_DIFF(p1, hexchars); lonybble = PTR_DIFF(p2, hexchars); - p[num_chars] = (hinybble << 4) | lonybble; + if (num_chars >= buf_len) { + break; + } + buf[num_chars] = (hinybble << 4) | lonybble; num_chars++; p1 = NULL; @@ -1079,8 +1082,9 @@ DATA_BLOB strhex_to_data_blob(TALLOC_CTX *mem_ctx, const char *strhex) ret_blob = data_blob(NULL, strlen(strhex)/2+1); ret_blob.length = strhex_to_str((char*)ret_blob.data, - strlen(strhex), - strhex); + ret_blob.length, + strhex, + strlen(strhex)); return ret_blob; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 533aa3026f..a4ba3760c2 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2853,10 +2853,10 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, } break; case ADS_EXTENDED_DN_HEX_STRING: { - pstring buf; + fstring buf; size_t buf_len; - buf_len = strhex_to_str(buf, strlen(p), p); + buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p)); if (buf_len == 0) { return False; } diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 783c7fb7b3..9e1937ea32 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -509,8 +509,10 @@ void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf) { ZERO_STRUCTP(str); if (buf && *buf) { - create_rpc_blob(str, strlen(buf)); - str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + size_t len = strlen(buf); + create_rpc_blob(str, len); + str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, + buf, len); } } diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 41ac29be5d..07a6fbcf54 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -173,7 +173,7 @@ void cgi_load_variables(void) variables[num_variables].name = SMB_STRDUP(tok); variables[num_variables].value = SMB_STRDUP(p+1); - if (!variables[num_variables].name || + if (!variables[num_variables].name || !variables[num_variables].value) continue; @@ -186,32 +186,36 @@ void cgi_load_variables(void) printf("\n", variables[num_variables].name, variables[num_variables].value); -#endif +#endif num_variables++; if (num_variables == MAX_VARIABLES) break; } } #ifdef DEBUG_COMMENTS - printf("\n"); + printf("\n"); #endif /* variables from the client are in UTF-8 - convert them to our internal unix charset before use */ for (i=0;i 0) { + become_daemon(true, false); + execl(binfile, binfile, "-D", NULL); + } exit(0); } /* startup nmbd */ void start_nmbd(void) { - pstring binfile; + char *binfile = NULL; - if (geteuid() != 0) return; + if (geteuid() != 0) { + return; + } if (fork()) { return; } - slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", dyn_SBINDIR); - - become_daemon(True, False); - - execl(binfile, binfile, "-D", NULL); - + if (asprintf(&binfile, "%s/nmbd", dyn_SBINDIR) > 0) { + become_daemon(true, false); + execl(binfile, binfile, "-D", NULL); + } exit(0); } /** Startup winbindd from web interface. */ void start_winbindd(void) { - pstring binfile; + char *binfile = NULL; - if (geteuid() != 0) return; + if (geteuid() != 0) { + return; + } if (fork()) { return; } - slprintf(binfile, sizeof(pstring) - 1, "%s/winbindd", dyn_SBINDIR); - - become_daemon(True, False); - - execl(binfile, binfile, NULL); - + if (asprintf(&binfile, "%s/winbindd", dyn_SBINDIR) > 0) { + become_daemon(true, false); + execl(binfile, binfile, NULL); + } exit(0); } diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c index b59c5cdf43..647e4fcb5b 100644 --- a/source3/web/statuspage.c +++ b/source3/web/statuspage.c @@ -20,7 +20,7 @@ #include "includes.h" #include "web/swat_proto.h" -#define _(x) lang_msg_rotate(x) +#define _(x) lang_msg_rotate(talloc_tos(),x) #define PIDMAP struct PidMap @@ -99,11 +99,20 @@ static char *mapPid2Machine (struct server_id pid) return pidbuf; } -static char *tstring(time_t t) +static const char *tstring(TALLOC_CTX *ctx, time_t t) { - static pstring buf; - pstrcpy(buf, time_to_asc(t)); - all_string_sub(buf," "," ",sizeof(buf)); + char *buf; + buf = talloc_strdup(ctx, time_to_asc(t)); + if (!buf) { + return ""; + } + buf = talloc_all_string_sub(ctx, + buf, + " ", + " "); + if (!buf) { + return ""; + } return buf; } @@ -162,7 +171,7 @@ static void print_share_mode(const struct share_mode_entry *e, push_utf8_allocate(&utf8_fname, fname); printf("%s%s\n", - utf8_fname,tstring(e->time.tv_sec)); + utf8_fname,tstring(talloc_tos(),e->time.tv_sec)); SAFE_FREE(utf8_fname); } @@ -199,7 +208,7 @@ static int traverse_fn2(struct db_record *rec, printf("%s%s%s%s\n", procid_str_static(&crec->pid), crec->machine, crec->addr, - tstring(crec->start)); + tstring(talloc_tos(),crec->start)); if (geteuid() == 0) { printf("\n", procid_str_static(&crec->pid)); @@ -222,7 +231,7 @@ static int traverse_fn3(struct db_record *rec, crec->servicename, uidtoname(crec->uid), gidtoname(crec->gid),procid_str_static(&crec->pid), crec->machine, - tstring(crec->start)); + tstring(talloc_tos(),crec->start)); return 0; } @@ -235,6 +244,7 @@ void status_page(void) int refresh_interval=30; int nr_running=0; bool waitup = False; + TALLOC_CTX *ctx = talloc_stackframe(); smbd_pid = pid_to_procid(pidfile_pid("smbd")); @@ -311,7 +321,7 @@ void status_page(void) } connections_forall(traverse_fn1, NULL); - + initPid2Machine (); printf("

%s

\n", _("Server Status")); @@ -438,4 +448,5 @@ void status_page(void) refresh_interval*1000); printf("//-->\n\n"); } + TALLOC_FREE(ctx); } diff --git a/source3/web/swat.c b/source3/web/swat.c index 65f8877bb3..b36168f71f 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -51,7 +51,7 @@ static int iNumNonAutoPrintServices = 0; #define ENABLE_USER_FLAG "enable_user_flag" #define RHOST "remote_host" -#define _(x) lang_msg_rotate(x) +#define _(x) lang_msg_rotate(talloc_tos(),x) /**************************************************************************** ****************************************************************************/ @@ -77,16 +77,30 @@ static char *fix_backslash(const char *str) return newstring; } -static char *fix_quotes(const char *str) +static const char *fix_quotes(TALLOC_CTX *ctx, const char *str) { - static pstring newstring; - char *p = newstring; - size_t newstring_len = sizeof(newstring); + char *newstring = NULL; + char *p = NULL; + size_t newstring_len; int quote_len = strlen("""); + /* Count the number of quotes. */ + newstring_len = 1; while (*str) { - if ( *str == '\"' && (newstring_len - PTR_DIFF(p, newstring) - 1) > quote_len ) { - strncpy( p, """, quote_len); + if ( *str == '\"') { + newstring_len += quote_len; + } else { + newstring_len++; + } + ++str; + } + newstring = TALLOC_ARRAY(ctx, char, newstring_len); + if (!newstring) { + return ""; + } + for (p = newstring; *str; str++) { + if ( *str == '\"') { + strncpy( p, """, quote_len); p += quote_len; } else { *p++ = *str; @@ -180,25 +194,24 @@ static void print_header(void) "i18n_translated_parm" class is used to change the color of the translated parameter with CSS. **************************************************************** */ -static const char* get_parm_translated( +static const char *get_parm_translated(TALLOC_CTX *ctx, const char* pAnchor, const char* pHelp, const char* pLabel) { - const char* pTranslated = _(pLabel); - static pstring output; - if(strcmp(pLabel, pTranslated) != 0) - { - pstr_sprintf(output, + const char *pTranslated = _(pLabel); + char *output; + if(strcmp(pLabel, pTranslated) != 0) { + output = talloc_asprintf(ctx, " %s       %s
%s", pAnchor, pHelp, pLabel, pTranslated); return output; } - pstr_sprintf(output, + output = talloc_asprintf(ctx, " %s       %s", pAnchor, pHelp, pLabel); return output; } /**************************************************************************** - finish off the page + finish off the page ****************************************************************************/ static void print_footer(void) { @@ -208,19 +221,21 @@ static void print_footer(void) } /**************************************************************************** - display one editable parameter in a form + display one editable parameter in a form ****************************************************************************/ static void show_parameter(int snum, struct parm_struct *parm) { int i; void *ptr = parm->ptr; char *utf8_s1, *utf8_s2; + TALLOC_CTX *ctx = talloc_stackframe(); if (parm->p_class == P_LOCAL && snum >= 0) { ptr = lp_local_ptr(snum, ptr); } - printf("%s", get_parm_translated(stripspaceupper(parm->label), _("Help"), parm->label)); + printf("%s", get_parm_translated(ctx, + stripspaceupper(parm->label), _("Help"), parm->label)); switch (parm->type) { case P_CHAR: printf("", @@ -256,7 +271,7 @@ static void show_parameter(int snum, struct parm_struct *parm) char **list = (char **)(parm->def.lvalue); for (; *list; list++) { /* enclose in HTML encoded quotes if the string contains a space */ - if ( strchr_m(*list, ' ') ) + if ( strchr_m(*list, ' ') ) printf(""%s"%s", *list, ((*(list+1))?", ":"")); else printf("%s%s", *list, ((*(list+1))?", ":"")); @@ -269,7 +284,7 @@ static void show_parameter(int snum, struct parm_struct *parm) case P_USTRING: push_utf8_allocate(&utf8_s1, *(char **)ptr); printf("", - make_parm_name(parm->label), fix_quotes(utf8_s1)); + make_parm_name(parm->label), fix_quotes(ctx, utf8_s1)); SAFE_FREE(utf8_s1); printf("", _("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue))); @@ -279,7 +294,7 @@ static void show_parameter(int snum, struct parm_struct *parm) case P_UGSTRING: push_utf8_allocate(&utf8_s1, (char *)ptr); printf("", - make_parm_name(parm->label), fix_quotes(utf8_s1)); + make_parm_name(parm->label), fix_quotes(ctx, utf8_s1)); SAFE_FREE(utf8_s1); printf("", _("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue))); @@ -331,6 +346,7 @@ static void show_parameter(int snum, struct parm_struct *parm) break; } printf("\n"); + TALLOC_FREE(ctx); } /**************************************************************************** @@ -510,14 +526,17 @@ static void commit_parameters(int snum) { int i = 0; struct parm_struct *parm; - pstring label; + char *label; const char *v; while ((parm = lp_next_parameter(snum, &i, 1))) { - slprintf(label, sizeof(label)-1, "parm_%s", make_parm_name(parm->label)); - if ((v = cgi_variable(label)) != NULL) { - if (parm->flags & FLAG_HIDE) continue; - commit_parameter(snum, parm, v); + if (asprintf(&label, "parm_%s", make_parm_name(parm->label)) > 0) { + if ((v = cgi_variable(label)) != NULL) { + if (parm->flags & FLAG_HIDE) + continue; + commit_parameter(snum, parm, v); + } + SAFE_FREE(label); } } } @@ -720,9 +739,8 @@ static void wizard_page(void) /* Have to create Homes share? */ if ((HomeExpo == 1) && (have_home == -1)) { - pstring unix_share; - - pstrcpy(unix_share,HOMES_NAME); + const char *unix_share = HOMES_NAME; + load_config(False); lp_copy_service(GLOBAL_SECTION_SNUM, unix_share); iNumNonAutoPrintServices = lp_numservices(); @@ -749,7 +767,6 @@ static void wizard_page(void) winstype = 1; if (lp_wins_server_list() && strlen(*lp_wins_server_list())) winstype = 2; - /* Do we have a homes share? */ have_home = lp_servicenumber(HOMES_NAME); @@ -1339,22 +1356,24 @@ static void printers_page(void) doesn't have more calls to _() than the number of buffers */ -const char *lang_msg_rotate(const char *msgid) +const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid) { -#define NUM_LANG_BUFS 16 - char *msgstr; - static pstring bufs[NUM_LANG_BUFS]; - static int next; + const char *msgstr; + const char *ret; - msgstr = (char *)lang_msg(msgid); - if (!msgstr) return msgid; + msgstr = lang_msg(msgid); + if (!msgstr) { + return msgid; + } - pstrcpy(bufs[next], msgstr); - msgstr = bufs[next]; + ret = talloc_strdup(ctx, msgstr); - next = (next+1) % NUM_LANG_BUFS; + lang_msg_free(msgstr); + if (!ret) { + return msgid; + } - return msgstr; + return ret; } /** -- cgit