From d73db405f71002deaddeea68adb747ef1984945c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Mar 2011 21:03:59 +1100 Subject: s3-safe_string: Add checked_strlcpy() This is strlcpy, just with an extra check of the parameters with sizeof(), use only where that works. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Wed Mar 23 03:39:35 CET 2011 on sn-devel-104 --- source3/include/safe_string.h | 12 ++++++++++++ source3/smbd/negprot.c | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index a4648b57d4..611f850d12 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -144,6 +144,17 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : srvstr_push_fn(base_ptr, smb_flags2, dest, src, dest_len, flags)) +/* This allows the developer to choose to check the arguments to + strlcpy. if the compiler will optimize out function calls, then + use this to tell if we are have the correct size buffer (this works only + where sizeof() returns the size of the buffer, not the size of the + pointer), so stack and static variables only */ + +#define checked_strlcpy(dest, src, size) \ + (sizeof(dest) != (size) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : strlcpy(dest, src, size)) + #else #define safe_strcpy safe_strcpy_fn @@ -153,6 +164,7 @@ size_t __unsafe_string_function_usage_here_char__(void); #define clistr_push clistr_push_fn #define clistr_pull clistr_pull_fn #define srvstr_push srvstr_push_fn +#define checked_strlcpy strlcpy #endif diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index eb6dfa35a9..f128396173 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -238,7 +238,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) memset(blob_out.data, '\0', 16); - safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1); + checked_strlcpy(unix_name, global_myname(), sizeof(unix_name)); strlower_m(unix_name); push_ascii_nstring(dos_name, unix_name); safe_strcpy((char *)blob_out.data, dos_name, 16); -- cgit