sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

bounds check next_token() to prevent possible buffer overflows

Browse Source
This commit is contained in:
Andrew Tridgell 0001-01-01 00:00:00 +00:00
parent 7d455ee637
commit 3eade55dc7
21 changed files with 128 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
source/client/client.c
View File

@ -448,7 +448,7 @@ static void cmd_cd(char *inbuf,char *outbuf)
{
fstring buf;
if (next_token(NULL,buf,NULL))
if (next_token(NULL,buf,NULL,sizeof(buf)))
do_cd(buf);
else
DEBUG(0,("Current directory is %s\n",CNV_LANG(cur_dir)));
@ -1033,7 +1033,7 @@ static void cmd_dir(char *inbuf,char *outbuf)
if(mask[strlen(mask)-1]!='\\')
pstrcat(mask,"\\");
if (next_token(NULL,buf,NULL))
if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if (*p == '\\')
pstrcpy(mask,p);
@ -1463,14 +1463,14 @@ static void cmd_get(char *dum_in, char *dum_out)
p = rname + strlen(rname);
if (!next_token(NULL,p,NULL)) {
if (!next_token(NULL,p,NULL,sizeof(rname)-strlen(rname))) {
DEBUG(0,("get <filename>\n"));
return;
}
pstrcpy(lname,p);
dos_clean_name(rname);
next_token(NULL,lname,NULL);
next_token(NULL,lname,NULL,sizeof(lname));
do_get(rname,lname,NULL);
}
@ -1577,7 +1577,7 @@ static void cmd_more(char *dum_in, char *dum_out)
"%s/smbmore.%d",tmpdir(),(int)getpid());
fstrcpy(lname,tmpname);
if (!next_token(NULL,rname+strlen(rname),NULL)) {
if (!next_token(NULL,rname+strlen(rname),NULL,sizeof(rname)-strlen(rname))) {
DEBUG(0,("more <filename>\n"));
return;
}
@ -1612,7 +1612,7 @@ static void cmd_mget(char *inbuf,char *outbuf)
abort_mget = False;
while (next_token(NULL,p,NULL))
while (next_token(NULL,p,NULL,sizeof(buf)))
{
pstrcpy(mget_mask,cur_dir);
if(mget_mask[strlen(mget_mask)-1]!='\\')
@ -1692,7 +1692,7 @@ static void cmd_mkdir(char *inbuf,char *outbuf)
pstrcpy(mask,cur_dir);
if (!next_token(NULL,p,NULL))
if (!next_token(NULL,p,NULL,sizeof(buf)))
{
if (!recurse)
DEBUG(0,("mkdir <dirname>\n"));
@ -1983,14 +1983,14 @@ static void cmd_put(char *dum_in, char *dum_out)
pstrcat(rname,"\\");
if (!next_token(NULL,p,NULL))
if (!next_token(NULL,p,NULL,sizeof(buf)))
{
DEBUG(0,("put <filename>\n"));
return;
}
pstrcpy(lname,p);
if (next_token(NULL,p,NULL))
if (next_token(NULL,p,NULL,sizeof(buf)))
pstrcat(rname,p);
else
pstrcat(rname,lname);
@ -2040,7 +2040,7 @@ static BOOL seek_list(FILE *f,char *name)
static void cmd_select(char *dum_in, char *dum_out)
{
pstrcpy(fileselection,"");
next_token(NULL,fileselection,NULL);
next_token(NULL,fileselection,NULL,sizeof(fileselection));
}
@ -2058,7 +2058,7 @@ static void cmd_mput(char *dum_in, char *dum_out)
finfo = def_finfo;
while (next_token(NULL,p,NULL))
while (next_token(NULL,p,NULL,sizeof(buf)))
{
struct stat st;
pstring cmd;
@ -2197,14 +2197,14 @@ static void cmd_cancel(char *inbuf,char *outbuf )
DEBUG(0,("Trying to cancel print jobs without -P may fail\n"));
}
if (!next_token(NULL,buf,NULL)) {
if (!next_token(NULL,buf,NULL,sizeof(buf))) {
printf("cancel <jobid> ...\n");
return;
}
do {
job = atoi(buf);
do_cancel(job);
} while (next_token(NULL,buf,NULL));
} while (next_token(NULL,buf,NULL,sizeof(buf)));
}
@ -2228,7 +2228,7 @@ static void cmd_print(char *inbuf,char *outbuf )
DEBUG(0,("Trying to print without -P may fail\n"));
}
if (!next_token(NULL,lname,NULL))
if (!next_token(NULL,lname,NULL, sizeof(lname)))
{
DEBUG(0,("print <filename>\n"));
return;
@ -2699,7 +2699,7 @@ static void cmd_del(char *inbuf,char *outbuf )
pstrcpy(mask,cur_dir);
if (!next_token(NULL,buf,NULL))
if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0,("del <filename>\n"));
return;
@ -2721,7 +2721,7 @@ static void cmd_rmdir(char *inbuf,char *outbuf )
pstrcpy(mask,cur_dir);
if (!next_token(NULL,buf,NULL))
if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0,("rmdir <dirname>\n"));
return;
@ -2763,7 +2763,8 @@ static void cmd_rename(char *inbuf,char *outbuf )
pstrcpy(src,cur_dir);
pstrcpy(dest,cur_dir);
if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL))
if (!next_token(NULL,buf,NULL,sizeof(buf)) ||
!next_token(NULL,buf2,NULL, sizeof(buf2)))
{
DEBUG(0,("rename <src> <dest>\n"));
return;
@ -2817,7 +2818,7 @@ static void cmd_newer(char *dum_in, char *dum_out)
BOOL ok;
struct stat sbuf;
ok = next_token(NULL,buf,NULL);
ok = next_token(NULL,buf,NULL,sizeof(buf));
if (ok && (sys_stat(buf,&sbuf) == 0))
{
newer_than = sbuf.st_mtime;
@ -2838,7 +2839,7 @@ static void cmd_archive(char *dum_in, char *dum_out)
{
fstring buf;
if (next_token(NULL,buf,NULL)) {
if (next_token(NULL,buf,NULL,sizeof(buf))) {
archive_level = atoi(buf);
} else
DEBUG(0,("Archive level is %d\n",archive_level));
@ -2884,7 +2885,7 @@ static void cmd_printmode(char *dum_in, char *dum_out)
fstring buf;
fstring mode;
if (next_token(NULL,buf,NULL))
if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if (strequal(buf,"text"))
printmode = 0;
@ -2921,7 +2922,7 @@ static void cmd_lcd(char *dum_in, char *dum_out)
fstring buf;
pstring d;
if (next_token(NULL,buf,NULL))
if (next_token(NULL,buf,NULL,sizeof(buf)))
sys_chdir(buf);
DEBUG(2,("the local directory is now %s\n",GetWd(d)));
}
@ -3299,7 +3300,7 @@ void cmd_help(char *dum_in, char *dum_out)
int i=0,j;
fstring buf;
if (next_token(NULL,buf,NULL))
if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if ((i = process_tok(buf)) >= 0)
DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description));
@ -3398,7 +3399,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
if (!next_token(&ptr,tok,NULL)) continue;
if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)
@ -3438,7 +3439,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
if (!next_token(&ptr,tok,NULL)) continue;
if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)

10
source/client/clitar.c
View File

@ -2073,7 +2073,7 @@ void cmd_block(char *dum_in, char *dum_out)
fstring buf;
int block;
if (!next_token(NULL,buf,NULL))
if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0, ("blocksize <n>\n"));
return;
@ -2097,7 +2097,7 @@ void cmd_tarmode(char *dum_in, char *dum_out)
{
fstring buf;
while (next_token(NULL,buf,NULL)) {
while (next_token(NULL,buf,NULL,sizeof(buf))) {
if (strequal(buf, "full"))
tar_inc=False;
else if (strequal(buf, "inc"))
@ -2143,7 +2143,7 @@ void cmd_setmode(char *dum_in, char *dum_out)
attra[0] = attra[1] = 0;
if (!next_token(NULL,buf,NULL))
if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0, ("setmode <filename> <perm=[+|-]rsha>\n"));
return;
@ -2152,7 +2152,7 @@ void cmd_setmode(char *dum_in, char *dum_out)
safe_strcpy(fname, cur_dir, sizeof(pstring));
safe_strcat(fname, buf, sizeof(pstring));
while (next_token(NULL,buf,NULL)) {
while (next_token(NULL,buf,NULL,sizeof(buf))) {
q=buf;
while(*q)
@ -2194,7 +2194,7 @@ void cmd_tar(char *inbuf, char *outbuf)
char **argl;
int argcl;
if (!next_token(NULL,buf,NULL))
if (!next_token(NULL,buf,NULL,sizeof(buf)))
{
DEBUG(0,("tar <c|x>[IXbga] <filename>\n"));
return;

10
source/client/smbmount.c
View File

@ -326,7 +326,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
int retval;
char mount_point[MAXPATHLEN+1];
if (!next_token(NULL, mpoint, NULL))
if (!next_token(NULL, mpoint, NULL, sizeof(mpoint)))
{
DEBUG(0,("You must supply a mount point\n"));
return;
@ -350,7 +350,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
slprintf(mount_command, sizeof(mount_command)-1,"smbmnt %s -s %s", mount_point, share_name);
while(next_token(NULL, buf, NULL))
while(next_token(NULL, buf, NULL, sizeof(buf)))
{
pstrcat(mount_command, " ");
pstrcat(mount_command, buf);
@ -429,7 +429,7 @@ void cmd_help(char *dum_in, char *dum_out)
int i=0,j;
fstring buf;
if (next_token(NULL,buf,NULL))
if (next_token(NULL,buf,NULL,sizeof(buf)))
{
if ((i = process_tok(buf)) >= 0)
DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description));
@ -527,7 +527,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
if (!next_token(&ptr,tok,NULL)) continue;
if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)
@ -567,7 +567,7 @@ static BOOL process(char *base_directory)
/* and get the first part of the command */
{
char *ptr = line;
if (!next_token(&ptr,tok,NULL)) continue;
if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue;
}
if ((i = process_tok(tok)) >= 0)

2
source/include/proto.h
View File

@ -216,7 +216,7 @@ BOOL user_in_list(char *user,char *list);
char *tmpdir(void);
BOOL is_a_socket(int fd);
BOOL next_token(char **ptr,char *buff,char *sep);
BOOL next_token(char **ptr,char *buff,char *sep, int bufsize);
char **toktocliplist(int *ctok, char *sep);
void *mem_dup( void *from, int size );
void array_promote(char *array,int elsize,int element);

2
source/lib/interface.c
View File

@ -136,7 +136,7 @@ static void interpret_interfaces(char *s, struct interface **interfaces,
allones_ip = *interpret_addr2("255.255.255.255");
loopback_ip = *interpret_addr2("127.0.0.1");
while (next_token(&ptr,token,NULL)) {
while (next_token(&ptr,token,NULL,sizeof(token))) {
/* parse it into an IP address/netmasklength pair */
char *p = strchr(token,'/');
if (p) *p++ = 0;

2
source/lib/username.c
View File

@ -297,7 +297,7 @@ BOOL user_in_list(char *user,char *list)
pstring tok;
char *p=list;
while (next_token(&p,tok,LIST_SEP))
while (next_token(&p,tok,LIST_SEP, sizeof(tok)))
{
/*
* Check raw username.

26
source/lib/util.c
View File

@ -131,10 +131,11 @@ static char *last_ptr=NULL;
Based on a routine by GJC@VILLAGE.COM.
Extensively modified by Andrew.Tridgell@anu.edu.au
****************************************************************************/
BOOL next_token(char **ptr,char *buff,char *sep)
BOOL next_token(char **ptr,char *buff,char *sep, int bufsize)
{
char *s;
BOOL quoted;
int len=1;
if (!ptr) ptr = &last_ptr;
if (!ptr) return(False);
@ -151,12 +152,14 @@ BOOL next_token(char **ptr,char *buff,char *sep)
if (! *s) return(False);
/* copy over the token */
for (quoted = False; *s && (quoted || !strchr(sep,*s)); s++)
for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++)
{
if (*s == '\"')
quoted = !quoted;
else
*buff++ = *s;
if (*s == '\"') {
quoted = !quoted;
} else {
len++;
*buff++ = *s;
}
}
*ptr = (*s) ? s+1 : s;
@ -291,7 +294,7 @@ void set_socket_options(int fd, char *options)
{
fstring tok;
while (next_token(&options,tok," \t,"))
while (next_token(&options,tok," \t,", sizeof(tok)))
{
int ret=0,i;
int value = 1;
@ -2618,7 +2621,7 @@ BOOL in_list(char *s,char *list,BOOL casesensitive)
if (!list) return(False);
while (next_token(&p,tok,LIST_SEP))
while (next_token(&p,tok,LIST_SEP,sizeof(tok)))
{
if (casesensitive) {
if (strcmp(tok,s) == 0)
@ -5085,7 +5088,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
}
p += 2;
if(!next_token(&p, tok, "-")) {
if(!next_token(&p, tok, "-", sizeof(tok))) {
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
@ -5093,7 +5096,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
/* Get the revision number. */
sidout->sid_rev_num = atoi(tok);
if(!next_token(&p, tok, "-")) {
if(!next_token(&p, tok, "-", sizeof(tok))) {
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
@ -5111,7 +5114,8 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
sidout->num_auths = 0;
while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) {
while(next_token(&p, tok, "-", sizeof(tok)) &&
sidout->num_auths < MAXSUBAUTHS) {
/*
* NOTE - the subauths are in native machine-endian format. They
* are converted to little-endian when linearized onto the wire.

10
source/libsmb/namequery.c
View File

@ -347,13 +347,13 @@ BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr
ptr = line;
if (next_token(&ptr,ip ,NULL))
if (next_token(&ptr,ip ,NULL,sizeof(ip)))
++count;
if (next_token(&ptr,name ,NULL))
if (next_token(&ptr,name ,NULL, sizeof(name)))
++count;
if (next_token(&ptr,flags,NULL))
if (next_token(&ptr,flags,NULL, sizeof(flags)))
++count;
if (next_token(&ptr,extra,NULL))
if (next_token(&ptr,extra,NULL, sizeof(extra)))
++count;
if (count <= 0)
@ -452,7 +452,7 @@ BOOL resolve_name(char *name, struct in_addr *return_ip)
ptr = name_resolve_list;
if (!ptr || !*ptr) ptr = "host";
while (next_token(&ptr, tok, LIST_SEP)) {
while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
if(strequal(tok, "host") || strequal(tok, "hosts")) {
/*

4
source/nmbd/nmbd.c
View File

@ -468,7 +468,7 @@ static BOOL init_structs(void)
*/
/* Work out the max number of netbios aliases that we have */
ptr = lp_netbios_aliases();
for( namecount=0; next_token(&ptr,nbname,NULL); namecount++ )
for( namecount=0; next_token(&ptr,nbname,NULL, sizeof(nbname)); namecount++ )
;
if ( *global_myname )
namecount++;
@ -487,7 +487,7 @@ static BOOL init_structs(void)
my_netbios_names[namecount++] = global_myname;
ptr = lp_netbios_aliases();
while ( next_token( &ptr, nbname, NULL ) )
while ( next_token( &ptr, nbname, NULL, sizeof(nbname) ) )
{
strupper( nbname );
/* Look for duplicates */

4
source/nmbd/nmbd_sendannounce.c
View File

@ -506,7 +506,7 @@ void announce_remote(time_t t)
comment = lp_serverstring();
for (ptr=s; next_token(&ptr,s2,NULL); )
for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); )
{
/* The entries are of the form a.b.c.d/WORKGROUP with
WORKGROUP being optional */
@ -596,7 +596,7 @@ for workgroup %s on subnet %s.\n", global_myworkgroup, FIRST_SUBNET->subnet_name
strupper(p);
p = skip_string(p,1);
for (ptr=s; next_token(&ptr,s2,NULL); )
for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); )
{
/* The entries are of the form a.b.c.d */
addr = *interpret_addr2(s2);

10
source/nmbd/nmbd_synclists.c
View File

@ -150,6 +150,8 @@ void sync_browse_lists(struct work_record *work,
CatchChild();
if ((s->pid = fork())) return;
BlockSignals( False, SIGTERM );
DEBUG(2,("Initiating browse sync for %s to %s(%s)\n",
work->work_group, name, inet_ntoa(ip)));
@ -239,11 +241,9 @@ static void complete_sync(struct sync_record *s)
ptr = line;
DEBUG(9,("sync line [%s]\n", line));
if (!next_token(&ptr,server,NULL) ||
!next_token(&ptr,type_str,NULL) ||
!next_token(&ptr,comment,NULL)) {
if (!next_token(&ptr,server,NULL,sizeof(server)) ||
!next_token(&ptr,type_str,NULL, sizeof(type_str)) ||
!next_token(&ptr,comment,NULL, sizeof(comment))) {
continue;
}

14
source/nmbd/nmbd_winsserver.c
View File

@ -211,13 +211,13 @@ BOOL initialise_wins(void)
* time to actually parse them into the ip_list array.
*/
if (!next_token(&ptr,name_str,NULL))
if (!next_token(&ptr,name_str,NULL,sizeof(name_str)))
{
DEBUG(0,("initialise_wins: Failed to parse name when parsing line %s\n", line ));
continue;
}
if (!next_token(&ptr,ttl_str,NULL))
if (!next_token(&ptr,ttl_str,NULL,sizeof(ttl_str)))
{
DEBUG(0,("initialise_wins: Failed to parse time to live when parsing line %s\n", line ));
continue;
@ -229,7 +229,7 @@ BOOL initialise_wins(void)
num_ips = 0;
do
{
got_token = next_token(&ptr,ip_str,NULL);
got_token = next_token(&ptr,ip_str,NULL,sizeof(ip_str));
was_ip = False;
if(got_token && strchr(ip_str, '.'))
@ -260,16 +260,16 @@ BOOL initialise_wins(void)
/* Reset and re-parse the line. */
ptr = line;
next_token(&ptr,name_str,NULL);
next_token(&ptr,ttl_str,NULL);
next_token(&ptr,name_str,NULL,sizeof(name_str));
next_token(&ptr,ttl_str,NULL,sizeof(ttl_str));
for(i = 0; i < num_ips; i++)
{
next_token(&ptr, ip_str, NULL);
next_token(&ptr, ip_str, NULL, sizeof(ip_str));
ip_list[i] = *interpret_addr2(ip_str);
if (ip_equal(ip_list[i], ipzero))
source = SELF_NAME;
}
next_token(&ptr,nb_flags_str,NULL);
next_token(&ptr,nb_flags_str,NULL, sizeof(nb_flags_str));
/*
* Deal with SELF or REGISTER name encoding. Default is REGISTER

27
source/printing/printing.c
View File

@ -228,7 +228,10 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
for (count=0; count<NTOK && next_token(&line,tok[count],NULL); count++) ;
for (count=0;
count<NTOK &&
next_token(&line,tok[count],NULL, sizeof(tok[count]));
count++) ;
/* we must get NTOK tokens */
if (count < NTOK)
@ -398,7 +401,10 @@ A long spool-path will just waste significant chars of the file name.
string_sub(line,"(","\"");
string_sub(line,")","\"");
for (count=0; count<LPRNG_NTOK && next_token(&line,tok[count],NULL); count++) ;
for (count=0;
count<LPRNG_NTOK &&
next_token(&line,tok[count],NULL, sizeof(tok[count]));
count++) ;
/* we must get LPRNG_NTOK tokens */
if (count < LPRNG_NTOK)
@ -471,7 +477,10 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ;
for (count=0;
count<10 &&
next_token(&line,tok[count],NULL, sizeof(tok[count]));
count++) ;
/* we must get 6 tokens */
if (count < 10)
@ -585,7 +594,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
for (count=0; count<2 && next_token(&line,tok[count],NULL); count++) ;
for (count=0; count<2 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 2 tokens */
if (count < 2) return(False);
@ -621,7 +630,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
/* handle the dash in the job id */
string_sub(line,"-"," ");
for (count=0; count<12 && next_token(&line,tok[count],NULL); count++) ;
for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 8 tokens */
if (count < 8) return(False);
@ -671,7 +680,7 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
/* handle the dash in the job id */
string_sub(line,"-"," ");
for (count=0; count<9 && next_token(&line,tok[count],NULL); count++) ;
for (count=0; count<9 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 7 tokens */
if (count < 7)
@ -735,7 +744,7 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
for (count=0; count<7 && next_token(&line,tok[count],NULL); count++) ;
for (count=0; count<7 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 7 tokens */
if (count < 7)
@ -790,7 +799,7 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
string_sub(line,"(","\"");
string_sub(line,")","\"");
for (count=0; count<11 && next_token(&line,tok[count],NULL); count++) ;
for (count=0; count<11 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 11 tokens */
if (count < 11)
@ -858,7 +867,7 @@ static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first)
/* mung all the ":"s to spaces*/
string_sub(line,":"," ");
for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ;
for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
/* we must get 9 tokens */
if (count < 9)

5
source/rpc_client/cli_netlogon.c
View File

@ -609,8 +609,9 @@ account password for domain %s.\n", domain));
*/
generate_random_buffer( new_trust_passwd_hash, 16, True);
while(remote_machine_list && next_token( &remote_machine_list,
remote_machine, LIST_SEP)) {
while(remote_machine_list &&
next_token(&remote_machine_list, remote_machine,
LIST_SEP, sizeof(remote_machine))) {
strupper(remote_machine);
if(modify_trust_password( domain, remote_machine,
old_trust_passwd_hash, new_trust_passwd_hash)) {

4
source/rpc_parse/parse_net.c
View File

@ -558,7 +558,9 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids)
if (sids_str == NULL || *sids_str == 0) return 0;
for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++)
for (count = 0, ptr = sids_str;
next_token(&ptr, s2, NULL, sizeof(s2)) && count < max_sids;
count++)
{
DOM_SID tmpsid;
string_to_sid(&tmpsid, s2);

10
source/rpc_server/srv_util.c
View File

@ -137,7 +137,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
if (gids_str == NULL || *gids_str == 0)
return 0;
for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
for (count = 0, ptr = gids_str;
next_token(&ptr, s2, NULL, sizeof(s2));
count++)
;
gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
@ -147,8 +149,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
return 0;
}
for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) &&
count < LSA_MAX_GROUPS; count++)
for (count = 0, ptr = gids_str;
next_token(&ptr, s2, NULL, sizeof(s2)) &&
count < LSA_MAX_GROUPS;
count++)
{
/* the entries are of the form GID/ATTR, ATTR being optional.*/
char *attr;

4
source/smbd/chgpasswd.c
View File

@ -262,7 +262,7 @@ static int talktochild(int master, char *chatsequence)
*buf = 0;
sleep(1);
while (next_token(&ptr,chatbuf,NULL)) {
while (next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) {
BOOL ok=True;
count++;
pwd_sub(chatbuf);
@ -277,7 +277,7 @@ static int talktochild(int master, char *chatsequence)
return(False);
}
if (!next_token(&ptr,chatbuf,NULL)) break;
if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break;
pwd_sub(chatbuf);
if (!strequal(chatbuf,"."))
writestring(master,chatbuf);

4
source/smbd/groupname.c
View File

@ -125,10 +125,10 @@ void load_groupname_map(void)
if (!*s || strchr("#;",*s))
continue;
if(!next_token(&s,unixname, "\t\n\r="))
if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
continue;
if(!next_token(&s,windows_name, "\t\n\r="))
if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name)))
continue;
trim_string(unixname, " ", " ");

26
source/smbd/ipc.c
View File

@ -658,7 +658,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
p = q; /* reset string pointer */
fgets(p,8191,f);
p[strlen(p)-1]='\0';
if (next_token(&p,tok,":") &&
if (next_token(&p,tok,":",sizeof(tok)) &&
(strlen(lp_printerdriver(snum)) == strlen(tok)) &&
(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))))
ok=1;
@ -666,9 +666,9 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
fclose(f);
/* driver file name */
if (ok && !next_token(&p,driver,":")) ok = 0;
if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0;
/* data file name */
if (ok && !next_token(&p,datafile,":")) ok = 0;
if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0;
/*
* for the next tokens - which may be empty - I have to check for empty
* tokens first because the next_token function will skip all empty
@ -679,7 +679,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
if (*p == ':') {
*helpfile = '\0';
p++;
} else if (!next_token(&p,helpfile,":")) ok = 0;
} else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0;
}
if (ok) {
@ -687,11 +687,11 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
if (*p == ':') {
*langmon = '\0';
p++;
} else if (!next_token(&p,langmon,":")) ok = 0;
} else if (!next_token(&p,langmon,":",sizeof(langmon))) ok = 0;
}
/* default data type */
if (ok && !next_token(&p,datatype,":")) ok = 0;
if (ok && !next_token(&p,datatype,":",sizeof(datatype))) ok = 0;
if (ok) {
PACKI(desc,"W",0x0400); /* don't know */
@ -714,7 +714,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
/* no need to check return value here - it was already tested in
* get_printerdrivernumber
*/
next_token(&p,tok,",");
next_token(&p,tok,",",sizeof(tok));
PACKS(desc,"z",tok); /* driver files to copy */
DEBUG(3,("file:%s:\n",tok));
}
@ -755,7 +755,7 @@ int get_printerdrivernumber(int snum)
{
p = q; /* reset string pointer */
fgets(p,8191,f);
if (next_token(&p,tok,":") &&
if (next_token(&p,tok,":",sizeof(tok)) &&
(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))))
ok=1;
}
@ -771,7 +771,7 @@ int get_printerdrivernumber(int snum)
return(0);
/* count the number of files */
while (next_token(&p,tok,","))
while (next_token(&p,tok,",",sizeof(tok)))
i++;
}
free(q);
@ -1021,10 +1021,10 @@ static int get_server_info(uint32 servertype,
}
s = &(*servers)[count];
if (!next_token(&ptr,s->name , NULL)) continue;
if (!next_token(&ptr,stype , NULL)) continue;
if (!next_token(&ptr,s->comment, NULL)) continue;
if (!next_token(&ptr,s->domain , NULL)) {
if (!next_token(&ptr,s->name , NULL, sizeof(s->name))) continue;
if (!next_token(&ptr,stype , NULL, sizeof(stype))) continue;
if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue;
if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) {
/* this allows us to cope with an old nmbd */
pstrcpy(s->domain,global_myworkgroup);
}

4
source/smbd/password.c
View File

@ -934,7 +934,7 @@ struct cli_state *server_cryptkey(void)
return NULL;
p = lp_passwordserver();
while(p && next_token( &p, desthost, LIST_SEP)) {
while(p && next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
standard_sub_basic(desthost);
strupper(desthost);
@ -1214,7 +1214,7 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup ));
*/
p = lp_passwordserver();
while(p && next_token( &p, remote_machine, LIST_SEP)) {
while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
standard_sub_basic(remote_machine);
strupper(remote_machine);

8
source/utils/make_smbcodepage.c
View File

@ -244,7 +244,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
unsigned char b = 0;
/* Get the 'lower' value. */
if(!next_token(&p, token_buf, NULL))
if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse first value");
if(!parse_byte( token_buf, &b))
parse_error(buf, "first value doesn't resolve to a byte");
@ -253,7 +253,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4),b);
/* Get the 'upper' value. */
if(!next_token(&p, token_buf, NULL))
if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse second value");
if(!parse_byte( token_buf, &b))
parse_error(buf, "second value doesn't resolve to a byte");
@ -262,7 +262,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 1,b);
/* Get the 'upper to lower' value. */
if(!next_token(&p, token_buf, NULL))
if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse third value");
if(!parse_bool( token_buf, &b))
parse_error(buf, "third value doesn't resolve to a boolean");
@ -271,7 +271,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu
SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 2,b);
/* Get the 'lower to upper' value. */
if(!next_token(&p, token_buf, NULL))
if(!next_token(&p, token_buf, NULL, sizeof(token_buf)))
parse_error(buf, "cannot parse fourth value");
if(!parse_bool( token_buf, &b))
parse_error(buf, "fourth value doesn't resolve to a boolean");