sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

changed to use slprintf() instead of sprintf() just about

Browse Source 
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.

This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb)
This commit is contained in:
Andrew Tridgell
1998-05-11 06:38:36 +00:00
parent ffc88e2d26
commit 3dfc0c8472
33 changed files with 207 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
source3/smbd/server.c
View File

@ -563,7 +563,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
{
char *s;
fstring name2;
sprintf(name2,"%.6s.XXXXXX",remote_machine);
slprintf(name2,sizeof(name2)-1,"%.6s.XXXXXX",remote_machine);
/* sanitise the name */
for (s=name2 ; *s ; s++)
if (!issafe(*s)) *s = '_';
@ -754,8 +754,8 @@ int disk_free(char *path,int *bsize,int *dfree,int *dsize)
pstring syscmd;
pstring outfile;
sprintf(outfile,"%s/dfree.smb.%d",tmpdir(),(int)getpid());
sprintf(syscmd,"%s %s",df_command,path);
slprintf(outfile,sizeof(outfile)-1, "%s/dfree.smb.%d",tmpdir(),(int)getpid());
slprintf(syscmd,sizeof(syscmd)-1,"%s %s",df_command,path);
standard_sub_basic(syscmd);
ret = smbrun(syscmd,outfile,False);
@ -1439,7 +1439,7 @@ static void check_magic(int fnum,int cnum)
if (*lp_magicoutput(SNUM(cnum)))
pstrcpy(magic_output,lp_magicoutput(SNUM(cnum)));
else
sprintf(magic_output,"%s.out",fname);
slprintf(magic_output,sizeof(fname)-1, "%s.out",fname);
chmod(fname,0755);
ret = smbrun(fname,magic_output,False);