mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
More strlcat/strlcpy truncate checks.
This commit is contained in:
Jeremy Allison
parent
60eb1621d2
commit
959516d61b
@ -74,32 +74,62 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len);
|
||||
strlcat( secret_str, "\n", secret_str_len);
|
||||
strlcat( secret_str, user_info->client.account_name, secret_str_len);
|
||||
strlcat( secret_str, "\n", secret_str_len);
|
||||
if (strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
if (strlcat( secret_str, user_info->client.account_name, secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
slprintf(&hex_str[i*2], 3, "%02X", auth_context->challenge.data[i]);
|
||||
}
|
||||
strlcat( secret_str, hex_str, secret_str_len);
|
||||
strlcat( secret_str, "\n", secret_str_len);
|
||||
if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
|
||||
if (user_info->password.response.lanman.data) {
|
||||
for (i = 0; i < 24; i++) {
|
||||
slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.lanman.data[i]);
|
||||
}
|
||||
strlcat( secret_str, hex_str, secret_str_len);
|
||||
if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
}
|
||||
if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
strlcat( secret_str, "\n", secret_str_len);
|
||||
|
||||
if (user_info->password.response.nt.data) {
|
||||
for (i = 0; i < 24; i++) {
|
||||
slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.nt.data[i]);
|
||||
}
|
||||
strlcat( secret_str, hex_str, secret_str_len);
|
||||
if (strlcat( secret_str, hex_str, secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
}
|
||||
if (strlcat( secret_str, "\n", secret_str_len) >= secret_str_len) {
|
||||
/* Truncate. */
|
||||
goto cat_out;
|
||||
}
|
||||
strlcat( secret_str, "\n", secret_str_len);
|
||||
|
||||
DEBUG(10,("script_check_user_credentials: running %s with parameters:\n%s\n",
|
||||
script, secret_str ));
|
||||
@ -117,6 +147,11 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
|
||||
|
||||
/* Cause the auth system to keep going.... */
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
|
||||
cat_out:
|
||||
|
||||
SAFE_FREE(secret_str);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* module initialisation */
|
||||
|
||||
@ -52,10 +52,17 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int
|
||||
return NULL;
|
||||
}
|
||||
|
||||
strlcpy(ret,field, len);
|
||||
if (strlcpy(ret,field, len) >= len) {
|
||||
/* Truncate ! */
|
||||
free(r);
|
||||
return NULL;
|
||||
}
|
||||
p=strtok_r(r, sep, &saveptr);
|
||||
if (p) {
|
||||
strlcat(ret, p, len);
|
||||
if (strlcat(ret, p, len) >= len) {
|
||||
free(r);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) {
|
||||
int retval;
|
||||
|
||||
@ -316,16 +316,22 @@ static bool unparse_afs_acl(struct afs_acl *acl, char *acl_str)
|
||||
}
|
||||
|
||||
fstr_sprintf(line, "%d\n", positives);
|
||||
strlcat(acl_str, line, MAXSIZE);
|
||||
if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) {
|
||||
return false;
|
||||
}
|
||||
|
||||
fstr_sprintf(line, "%d\n", negatives);
|
||||
strlcat(acl_str, line, MAXSIZE);
|
||||
if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) {
|
||||
return false;
|
||||
}
|
||||
|
||||
ace = acl->acelist;
|
||||
|
||||
while (ace != NULL) {
|
||||
fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights);
|
||||
strlcat(acl_str, line, MAXSIZE);
|
||||
if (strlcat(acl_str, line, MAXSIZE) >= MAXSIZE) {
|
||||
return false;
|
||||
}
|
||||
ace = ace->next;
|
||||
}
|
||||
return true;
|
||||
|
||||
@ -280,13 +280,17 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname)
|
||||
*new_dir = '\0';
|
||||
if (dname[0] == '/') {
|
||||
/* Absolute path. */
|
||||
strlcat(new_dir,"/",len+1);
|
||||
if (strlcat(new_dir,"/",len+1) >= len+1) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
/* Create directory tree if neccessary */
|
||||
for(token = strtok_r(tok_str, "/", &saveptr); token;
|
||||
token = strtok_r(NULL, "/", &saveptr)) {
|
||||
strlcat(new_dir, token, len+1);
|
||||
if (strlcat(new_dir, token, len+1) >= len+1) {
|
||||
goto done;
|
||||
}
|
||||
if (recycle_directory_exist(handle, new_dir))
|
||||
DEBUG(10, ("recycle: dir %s already exists\n", new_dir));
|
||||
else {
|
||||
@ -297,7 +301,9 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname)
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
strlcat(new_dir, "/", len+1);
|
||||
if (strlcat(new_dir, "/", len+1) >= len+1) {
|
||||
goto done;
|
||||
}
|
||||
mode = recycle_subdir_mode(handle);
|
||||
}
|
||||
|
||||
|
||||
@ -327,8 +327,9 @@ static void notify_scanner(vfs_handle_struct * handle, const char *scanfile)
|
||||
if (gsendlen + tmplen >= SENDBUFFERSIZE) {
|
||||
flush_sendbuffer(handle);
|
||||
}
|
||||
strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1);
|
||||
strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1);
|
||||
/* FIXME ! Truncate checks... JRA. */
|
||||
(void)strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1);
|
||||
(void)strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1);
|
||||
}
|
||||
|
||||
static bool is_scannedonly_file(struct Tscannedonly *so, const char *shortname)
|
||||
|
||||
@ -7338,8 +7338,14 @@ static bool run_shortname_test(int dummy)
|
||||
goto out;
|
||||
}
|
||||
|
||||
strlcpy(fname, "\\shortname\\", sizeof(fname));
|
||||
strlcat(fname, "test .txt", sizeof(fname));
|
||||
if (strlcpy(fname, "\\shortname\\", sizeof(fname)) >= sizeof(fname)) {
|
||||
correct = false;
|
||||
goto out;
|
||||
}
|
||||
if (strlcat(fname, "test .txt", sizeof(fname)) >= sizeof(fname)) {
|
||||
correct = false;
|
||||
goto out;
|
||||
}
|
||||
|
||||
s.val = false;
|
||||
|
||||
|
||||
@ -3765,8 +3765,12 @@ static NTSTATUS copy_fn(const char *mnt, struct file_info *f,
|
||||
}
|
||||
|
||||
/* search below that directory */
|
||||
strlcpy(new_mask, dir, sizeof(new_mask));
|
||||
strlcat(new_mask, "\\*", sizeof(new_mask));
|
||||
if (strlcpy(new_mask, dir, sizeof(new_mask)) >= sizeof(new_mask)) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
if (strlcat(new_mask, "\\*", sizeof(new_mask)) >= sizeof(new_mask)) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
old_dir = local_state->cwd;
|
||||
local_state->cwd = dir;
|
||||
@ -4807,7 +4811,9 @@ static bool get_user_tokens_from_file(FILE *f,
|
||||
|
||||
token = &((*tokens)[*num_tokens-1]);
|
||||
|
||||
strlcpy(token->name, line, sizeof(token->name));
|
||||
if (strlcpy(token->name, line, sizeof(token->name)) >= sizeof(token->name)) {
|
||||
return false;
|
||||
}
|
||||
token->token.num_sids = 0;
|
||||
token->token.sids = NULL;
|
||||
continue;
|
||||
|
||||
@ -176,7 +176,8 @@ void get_xsrf_token(const char *username, const char *pass,
|
||||
char tmp[3];
|
||||
|
||||
snprintf(tmp, sizeof(tmp), "%02x", token[i]);
|
||||
strlcat(token_str, tmp, sizeof(tmp));
|
||||
/* FIXME ! Truncate check. JRA. */
|
||||
(void)strlcat(token_str, tmp, sizeof(tmp));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user