sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

Start to add truncate checks on all uses of strlcpy(). Reading lwn

Browse Source 
has it's uses :-).

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Mar 29 20:48:15 CEST 2012 on sn-devel-104
This commit is contained in:
Jeremy Allison 2012-03-28 16:49:30 -07:00
parent 762928945d
commit 5df1c11539
4 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/socket/interfaces.c
View File

@ -212,8 +212,12 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces)
continue;
}
strlcpy(ifaces[total].name, ifptr->ifa_name,
sizeof(ifaces[total].name));
if (strlcpy(ifaces[total].name, ifptr->ifa_name,
sizeof(ifaces[total].name)) >=
sizeof(ifaces[total].name)) {
/* Truncation ! Ignore. */
continue;
}
total++;
}

28
lib/util/fault.c
View File

@ -116,8 +116,6 @@ _PUBLIC_ const char *panic_action = NULL;
*/
static void smb_panic_default(const char *why)
{
int result;
#if defined(HAVE_PRCTL) && defined(PR_SET_PTRACER)
/*
* Make sure all children can attach a debugger.
@ -126,20 +124,22 @@ static void smb_panic_default(const char *why)
#endif
if (panic_action && *panic_action) {
char pidstr[20];
char cmdstring[200];
strlcpy(cmdstring, panic_action, sizeof(cmdstring));
snprintf(pidstr, sizeof(pidstr), "%d", (int) getpid());
all_string_sub(cmdstring, "%d", pidstr, sizeof(cmdstring));
DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmdstring));
result = system(cmdstring);
if (strlcpy(cmdstring, panic_action, sizeof(cmdstring)) < sizeof(cmdstring)) {
int result;
char pidstr[20];
snprintf(pidstr, sizeof(pidstr), "%d", (int) getpid());
all_string_sub(cmdstring, "%d", pidstr, sizeof(cmdstring));
DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmdstring));
result = system(cmdstring);
if (result == -1)
DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n",
strerror(errno)));
else
DEBUG(0, ("smb_panic(): action returned status %d\n",
WEXITSTATUS(result)));
if (result == -1)
DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n",
strerror(errno)));
else
DEBUG(0, ("smb_panic(): action returned status %d\n",
WEXITSTATUS(result)));
}
}
DEBUG(0,("PANIC: %s\n", why));

21
lib/util/util_net.c
View File

@ -107,9 +107,11 @@ static bool interpret_string_addr_pref(struct sockaddr_storage *pss,
*/
if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) {
strlcpy(addr, str,
MIN(PTR_DIFF(p,str)+1,
sizeof(addr)));
size_t len = MIN(PTR_DIFF(p,str)+1, sizeof(addr));
if (strlcpy(addr, str, len) >= len) {
/* Truncate. */
return false;
}
str = addr;
}
}
@ -332,9 +334,11 @@ bool is_ipaddress_v6(const char *str)
*/
if (p && (p > str) && (if_nametoindex(p+1) != 0)) {
strlcpy(addr, str,
MIN(PTR_DIFF(p,str)+1,
sizeof(addr)));
size_t len = MIN(PTR_DIFF(p,str)+1, sizeof(addr));
if (strlcpy(addr, str, len) >= len) {
/* Truncate. */
return false;
}
sp = addr;
}
ret = inet_pton(AF_INET6, sp, &dest6);
@ -723,7 +727,10 @@ static const char *get_socket_addr(int fd, char *addr_buf, size_t addr_len)
* zero IPv6 address. No good choice here.
*/
strlcpy(addr_buf, "0.0.0.0", addr_len);
if (strlcpy(addr_buf, "0.0.0.0", addr_len) >= addr_len) {
/* Truncate ! */
return NULL;
}
if (fd == -1) {
return addr_buf;

4
source3/smbd/process.c
View File

@ -3037,7 +3037,9 @@ static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn,
return NT_STATUS_NO_MEMORY;
}
client_socket_addr(sconn->sock, tmp_addr, sizeof(tmp_addr));
if (client_socket_addr(sconn->sock, tmp_addr, sizeof(tmp_addr)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
addr = talloc_strdup(cconn, tmp_addr);
if (addr == NULL) {
return NT_STATUS_NO_MEMORY;