1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

Adding Andrews buffer overflow fixes into the main branch.

Jeremy (jallison@whistle.com)
This commit is contained in:
Jeremy Allison 0001-01-01 00:00:00 +00:00
parent 2c5587a6fe
commit e7eb1f044d
29 changed files with 341 additions and 240 deletions

View File

@ -171,7 +171,8 @@ BOOL cli_send_session_request(char *inbuf, char *outbuf)
int len = 4;
/* send a session request (RFC 8002) */
strcpy(dest,desthost);
fstrcpy(dest,desthost);
p = strchr(dest,'.');
if (p) *p = 0;
@ -302,11 +303,11 @@ BOOL cli_send_login(char *inbuf, char *outbuf, BOOL start_session, BOOL use_setu
outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
}
strcpy(dev,"A:");
pstrcpy(dev,"A:");
if (connect_as_printer)
strcpy(dev,"LPT1:");
pstrcpy(dev,"LPT1:");
if (connect_as_ipc)
strcpy(dev,"IPC");
pstrcpy(dev,"IPC");
if (start_session && !cli_send_session_request(inbuf,outbuf))
@ -438,7 +439,7 @@ BOOL cli_send_login(char *inbuf, char *outbuf, BOOL start_session, BOOL use_setu
{
fstring pword;
int passlen = strlen(pass)+1;
strcpy(pword,pass);
fstrcpy(pword,pass);
if (doencrypt && *pass) {
DEBUG(5,("Using encrypted passwords\n"));
@ -447,7 +448,7 @@ BOOL cli_send_login(char *inbuf, char *outbuf, BOOL start_session, BOOL use_setu
}
/* if in share level security then don't send a password now */
if (!(sec_mode & 1)) {strcpy(pword, "");passlen=1;}
if (!(sec_mode & 1)) {fstrcpy(pword, "");passlen=1;}
/* send a session setup command */
bzero(outbuf,smb_size);
@ -553,7 +554,7 @@ BOOL cli_send_login(char *inbuf, char *outbuf, BOOL start_session, BOOL use_setu
{
int passlen = strlen(pass)+1;
fstring pword;
strcpy(pword,pass);
fstrcpy(pword,pass);
if (doencrypt && *pass) {
passlen=24;
@ -562,7 +563,7 @@ BOOL cli_send_login(char *inbuf, char *outbuf, BOOL start_session, BOOL use_setu
/* if in user level security then don't send a password now */
if ((sec_mode & 1)) {
strcpy(pword, ""); passlen=1;
fstrcpy(pword, ""); passlen=1;
}
set_message(outbuf,4,2 + strlen(service) + passlen + strlen(dev),True);
@ -811,9 +812,9 @@ BOOL cli_open_sockets(int port)
}
else
{
strcpy(service2,service);
pstrcpy(service2,service);
host = strtok(service2,"\\/");
strcpy(desthost,host);
pstrcpy(desthost,host);
}
DEBUG(5,("Opening sockets\n"));

View File

@ -42,6 +42,8 @@
#define WORDMAX 0xFFFF
/* the maximum password length before we declare a likely attack */
#define MAX_PASSWORD_LENGTH 200
/* separators for lists */
#define LIST_SEP " \t,;:\n\r"

View File

@ -310,8 +310,8 @@ int sys_rename(char *from, char *to)
int rcode;
pstring zfrom, zto;
strcpy (zfrom, dos_to_unix (from, False));
strcpy (zto, dos_to_unix (to, False));
pstrcpy (zfrom, dos_to_unix (from, False));
pstrcpy (zto, dos_to_unix (to, False));
rcode = rename (zfrom, zto);
if (errno == EXDEV)

View File

@ -469,12 +469,12 @@ BOOL set_filetime(char *fname,time_t mtime)
****************************************************************************/
char *timestring(void )
{
static char TimeBuf[100];
static fstring TimeBuf;
time_t t = time(NULL);
struct tm *tm = LocalTime(&t);
#ifdef NO_STRFTIME
strcpy(TimeBuf, asctime(tm));
fstrcpy(TimeBuf, asctime(tm));
#elif defined(CLIX) || defined(CONVEX)
strftime(TimeBuf,100,"%m/%d/%y %I:%M:%S %p",tm);
#elif defined(AMPM)

View File

@ -65,7 +65,7 @@ void map_username(char *user)
if (strequal(user,last_from)) {
DEBUG(3,("Mapped user %s to %s\n",user,last_to));
strcpy(user,last_to);
fstrcpy(user,last_to);
return;
}
@ -191,7 +191,7 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change)
if (ret) return(ret);
if (allow_change)
strcpy(user,user2);
fstrcpy(user,user2);
return(NULL);
}

View File

@ -1117,7 +1117,7 @@ void unix_format(char *fname)
if (*fname == '/')
{
strcpy(namecopy,fname);
pstrcpy(namecopy,fname);
strcpy(fname,".");
strcat(fname,namecopy);
}
@ -1328,7 +1328,7 @@ void dos_clean_name(char *s)
pstring s1;
*p = 0;
strcpy(s1,p+3);
pstrcpy(s1,p+3);
if ((p=strrchr(s,'\\')) != NULL)
*p = 0;
@ -1366,7 +1366,7 @@ void unix_clean_name(char *s)
pstring s1;
*p = 0;
strcpy(s1,p+3);
pstrcpy(s1,p+3);
if ((p=strrchr(s,'/')) != NULL)
*p = 0;
@ -1393,7 +1393,7 @@ int ChDir(char *path)
DEBUG(3,("chdir to %s\n",path));
res = sys_chdir(path);
if (!res)
strcpy(LastDir,path);
pstrcpy(LastDir,path);
return(res);
}
@ -1553,7 +1553,7 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks)
/* remove any double slashes */
string_sub(s,"//","/");
strcpy(basename,s);
pstrcpy(basename,s);
p = strrchr(basename,'/');
if (!p)
@ -1623,12 +1623,12 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks)
if (relative)
{
if (newname[l] == '/')
strcpy(s,newname + l + 1);
pstrcpy(s,newname + l + 1);
else
strcpy(s,newname+l);
pstrcpy(s,newname+l);
}
else
strcpy(s,newname);
pstrcpy(s,newname);
}
ChDir(wd);
@ -1652,10 +1652,10 @@ static void expand_one(char *Mask,int len)
int lfill = (len+1) - strlen(Mask);
int l1= (p1 - Mask);
pstring tmp;
strcpy(tmp,Mask);
pstrcpy(tmp,Mask);
memset(tmp+l1,'?',lfill);
strcpy(tmp + l1 + lfill,Mask + l1 + 1);
strcpy(Mask,tmp);
pstrcpy(tmp + l1 + lfill,Mask + l1 + 1);
pstrcpy(Mask,tmp);
}
}
@ -1679,20 +1679,20 @@ void expand_mask(char *Mask,BOOL doext)
filename_dos(Mask,filepart);
strcpy(mbeg,filepart);
pstrcpy(mbeg,filepart);
if ((p1 = strchr(mbeg,'.')) != NULL)
{
hasdot = True;
*p1 = 0;
p1++;
strcpy(mext,p1);
pstrcpy(mext,p1);
}
else
{
strcpy(mext,"");
if (strlen(mbeg) > 8)
{
strcpy(mext,mbeg + 8);
pstrcpy(mext,mbeg + 8);
mbeg[8] = 0;
}
}
@ -1710,7 +1710,7 @@ void expand_mask(char *Mask,BOOL doext)
if (*mext)
expand_one(mext,3);
strcpy(Mask,dirpart);
pstrcpy(Mask,dirpart);
if (*dirpart || absolute) strcat(Mask,"\\");
strcat(Mask,mbeg);
strcat(Mask,".");
@ -1839,7 +1839,7 @@ void make_dir_struct(char *buf,char *mask,char *fname,unsigned int size,int mode
char *p;
pstring mask2;
strcpy(mask2,mask);
pstrcpy(mask2,mask);
if ((mode & aDIR) != 0)
size = 0;
@ -2569,7 +2569,12 @@ BOOL string_init(char **dest,char *src)
}
else
{
*dest = (char *)malloc(l+1);
(*dest) = (char *)malloc(l+1);
if ((*dest) == NULL) {
DEBUG(0,("Out of memory in string_init\n"));
return False;
}
strcpy(*dest,src);
}
return(True);
@ -2741,25 +2746,25 @@ BOOL mask_match(char *str, char *regexp, int case_sig,BOOL trans2)
DEBUG(5,("mask_match str=<%s> regexp=<%s>, case_sig = %d\n", p2, p1, case_sig));
if (trans2) {
strcpy(ebase,p1);
strcpy(sbase,p2);
fstrcpy(ebase,p1);
fstrcpy(sbase,p2);
} else {
if ((p=strrchr(p1,'.'))) {
*p = 0;
strcpy(ebase,p1);
strcpy(eext,p+1);
fstrcpy(ebase,p1);
fstrcpy(eext,p+1);
} else {
strcpy(ebase,p1);
fstrcpy(ebase,p1);
eext[0] = 0;
}
if (!strequal(p2,".") && !strequal(p2,"..") && (p=strrchr(p2,'.'))) {
*p = 0;
strcpy(sbase,p2);
strcpy(sext,p+1);
fstrcpy(sbase,p2);
fstrcpy(sext,p+1);
} else {
strcpy(sbase,p2);
strcpy(sext,"");
fstrcpy(sbase,p2);
fstrcpy(sext,"");
}
}
@ -3075,7 +3080,7 @@ BOOL get_myname(char *my_name,struct in_addr *ip)
char *p = strchr(hostname,'.');
if (p) *p = 0;
strcpy(my_name,hostname);
fstrcpy(my_name,hostname);
}
if (ip)
@ -3443,7 +3448,7 @@ char *client_addr(void)
return addr_buf;
}
strcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr));
fstrcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr));
global_client_addr_done = True;
return addr_buf;
@ -3700,7 +3705,7 @@ char *readdirname(void *p)
{
static pstring buf;
strcpy(buf, dname);
pstrcpy(buf, dname);
unix_to_dos(buf, True);
dname = buf;
}
@ -4055,3 +4060,54 @@ enum remote_arch_types get_remote_arch()
{
return ra_type;
}
/*******************************************************************
safe string copy into a fstring
********************************************************************/
void fstrcpy(char *dest, char *src)
{
int maxlength = sizeof(fstring) - 1;
if (!dest) {
DEBUG(0,("ERROR: NULL dest in fstrcpy\n"));
return;
}
if (!src) {
*dest = 0;
return;
}
while (maxlength-- && *src)
*dest++ = *src++;
*dest = 0;
if (*src) {
DEBUG(0,("ERROR: string overflow by %d in fstrcpy\n",
strlen(src)));
}
}
/*******************************************************************
safe string copy into a pstring
********************************************************************/
void pstrcpy(char *dest, char *src)
{
int maxlength = sizeof(pstring) - 1;
if (!dest) {
DEBUG(0,("ERROR: NULL dest in pstrcpy\n"));
return;
}
if (!src) {
*dest = 0;
return;
}
while (maxlength-- && *src)
*dest++ = *src++;
*dest = 0;
if (*src) {
DEBUG(0,("ERROR: string overflow by %d in pstrcpy\n",
strlen(src)));
}
}

View File

@ -616,10 +616,10 @@ static int build_dgram(char *buf,struct packet_struct *p)
******************************************************************/
void make_nmb_name(struct nmb_name *n,char *name,int type,char *this_scope)
{
strcpy(n->name,name);
fstrcpy(n->name,name);
strupper(n->name);
n->name_type = type;
strcpy(n->scope,this_scope);
fstrcpy(n->scope,this_scope);
}

View File

@ -108,7 +108,7 @@ BOOL start_share_mode_mgmt(void)
{
pstring shmem_file_name;
strcpy(shmem_file_name,lp_lockdir());
pstrcpy(shmem_file_name,lp_lockdir());
if (!directory_exist(shmem_file_name,NULL))
mkdir(shmem_file_name,0755);
trim_string(shmem_file_name,"","/");

View File

@ -174,11 +174,11 @@ void do_announce_host(int command,
SSVAL(p,27,BROWSER_ELECTION_VERSION);
SSVAL(p,29,BROWSER_CONSTANT); /* browse signature */
strcpy(p+31,server_comment);
pstrcpy(p+31,server_comment);
p += 31;
p = skip_string(p,1);
debug_browse_data(outbuf, PTR_DIFF(p,outbuf));
debug_browse_data(outbuf, PTR_DIFF(p,outbuf));
/* send the announcement */
send_mailslot_reply(False,BROWSE_MAILSLOT,ClientDGRAM,outbuf,

View File

@ -226,11 +226,11 @@ void dump_names(void)
if(lp_wins_support() == False || wins_subnet == 0)
return;
strcpy(fname,lp_lockdir());
fstrcpy(fname,lp_lockdir());
trim_string(fname,NULL,"/");
strcat(fname,"/");
strcat(fname,WINS_LIST);
strcpy(fnamenew,fname);
fstrcpy(fnamenew,fname);
strcat(fnamenew,".");
f = fopen(fnamenew,"w");
@ -306,7 +306,7 @@ void load_netbios_names(void)
if (!d) return;
strcpy(fname,lp_lockdir());
fstrcpy(fname,lp_lockdir());
trim_string(fname,NULL,"/");
strcat(fname,"/");
strcat(fname,WINS_LIST);
@ -366,7 +366,7 @@ void load_netbios_names(void)
nb_flags_str[strlen(nb_flags_str)-1] = '\0';
/* netbios name. # divides the name from the type (hex): netbios#xx */
strcpy(name,name_str);
pstrcpy(name,name_str);
p = strchr(name,'#');

View File

@ -308,11 +308,11 @@ void write_browse_list(time_t t)
dump_names();
dump_workgroups();
strcpy(fname,lp_lockdir());
pstrcpy(fname,lp_lockdir());
trim_string(fname,NULL,"/");
strcat(fname,"/");
strcat(fname,SERVER_LIST);
strcpy(fnamenew,fname);
pstrcpy(fnamenew,fname);
strcat(fnamenew,".");
f = fopen(fnamenew,"w");

View File

@ -182,7 +182,7 @@ void send_election(struct subnet_record *d, char *group,uint32 criterion,
SIVAL(p,1,criterion);
SIVAL(p,5,timeup*1000); /* ms - despite the spec */
p += 13;
strcpy(p,name);
pstrcpy(p,name);
strupper(p);
p = skip_string(p,1);

View File

@ -74,7 +74,7 @@ void process_logon_packet(struct packet_struct *p,char *buf,int len)
token = SVAL(tmp,3);
reply_code = 0x6;
strcpy(reply_name,myname);
fstrcpy(reply_name,myname);
strupper(reply_name);
add_slashes = True;
DEBUG(3,("Domain login request from %s(%s) user=%s token=%x\n",
@ -87,11 +87,11 @@ void process_logon_packet(struct packet_struct *p,char *buf,int len)
logname = skip_string(machine,1);
token = SVAL(skip_string(logname,1),0);
strcpy(reply_name,lp_domain_controller());
fstrcpy(reply_name,lp_domain_controller());
if (!*reply_name)
{
/* oo! no domain controller. must be us, then */
strcpy(reply_name,myname);
fstrcpy(reply_name,myname);
reply_code = 0xC;
}
else

View File

@ -121,7 +121,7 @@ static BOOL dump_core(void)
{
char *p;
pstring dname;
strcpy(dname,debugf);
pstrcpy(dname,debugf);
if ((p=strrchr(dname,'/'))) *p=0;
strcat(dname,"/corefiles");
mkdir(dname,0700);
@ -188,10 +188,10 @@ BOOL reload_services(BOOL test)
if (lp_loaded())
{
pstring fname;
strcpy(fname,lp_configfile());
pstrcpy(fname,lp_configfile());
if (file_exist(fname,NULL) && !strcsequal(fname,servicesf))
{
strcpy(servicesf,fname);
pstrcpy(servicesf,fname);
test = False;
}
}
@ -276,7 +276,7 @@ static void load_hosts_file(char *fname)
if (strchr(flags,'M')) {
source = SELF;
strcpy(myname,name);
pstrcpy(myname,name);
}
ipaddr = *interpret_addr2(ip);
@ -371,7 +371,7 @@ static BOOL init_structs()
pstring nbname;
if (! *myname) {
strcpy(myname,myhostname);
fstrcpy(myname,myhostname);
p = strchr(myname,'.');
if (p) *p = 0;
}
@ -422,7 +422,7 @@ static BOOL init_structs()
/* Terminate name list */
my_netbios_names[namecount++]=NULL;
strcpy(local_machine,myname);
fstrcpy(local_machine,myname);
trim_string(local_machine," "," ");
p = strchr(local_machine,' ');
if (p)
@ -501,7 +501,7 @@ static void usage(char *pname)
strncpy(pidFile, optarg, sizeof(pidFile));
break;
case 's':
strcpy(servicesf,optarg);
pstrcpy(servicesf,optarg);
break;
case 'N':
case 'B':
@ -511,17 +511,17 @@ static void usage(char *pname)
DEBUG(0,("Obsolete option '%c' used\n",opt));
break;
case 'H':
strcpy(host_file,optarg);
pstrcpy(host_file,optarg);
break;
case 'n':
strcpy(myname,optarg);
pstrcpy(myname,optarg);
strupper(myname);
break;
case 'l':
sprintf(debugf,"%s.nmb",optarg);
break;
case 'i':
strcpy(scope,optarg);
pstrcpy(scope,optarg);
strupper(scope);
break;
case 'D':
@ -564,7 +564,7 @@ static void usage(char *pname)
reload_services(True);
strcpy(myworkgroup, lp_workgroup());
pstrcpy(myworkgroup, lp_workgroup());
if (strequal(myworkgroup,"*")) {
DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n"));

View File

@ -82,7 +82,7 @@ static BOOL add_info(struct subnet_record *d, struct work_record *work, int serv
SIVAL(p,0,servertype);
p += 4;
strcpy(p, work->work_group);
pstrcpy(p, work->work_group);
p = skip_string(p,1);
if (cli_call_api(PTR_DIFF(p,param),0, 8,BUFFER_SIZE - SAFETY_MARGIN,
@ -162,7 +162,7 @@ void sync_browse_lists(struct subnet_record *d, struct work_record *work,
name, work->work_group, inet_ntoa(ip)));
strcpy(workgroup,work->work_group);
strcpy(desthost,name);
fstrcpy(desthost,name);
dest_ip = ip;
if (zero_ip(dest_ip)) return;

View File

@ -1381,7 +1381,7 @@ static void add_to_file_list(char *fname)
{
pstring n2;
strcpy(n2,fname);
pstrcpy(n2,fname);
standard_sub_basic(n2);
f->modtime = file_modtime(n2);
}
@ -1401,7 +1401,7 @@ BOOL lp_file_list_changed(void)
pstring n2;
time_t mod_time;
strcpy(n2,f->name);
pstrcpy(n2,f->name);
standard_sub_basic(n2);
DEBUG(6,("file %s -> %s last mod_time: %s\n",
@ -1529,7 +1529,7 @@ handle the include operation
static BOOL handle_include(char *pszParmValue,char **ptr)
{
pstring fname;
strcpy(fname,pszParmValue);
pstrcpy(fname,pszParmValue);
add_to_file_list(fname);
@ -2127,7 +2127,7 @@ BOOL lp_load(char *pszFname,BOOL global_only)
init_globals();
strcpy(n2,pszFname);
pstrcpy(n2,pszFname);
standard_sub_basic(n2);
/* We get sections first, so have to start 'behind' to make up */

View File

@ -358,8 +358,8 @@ void pcap_printer_fn(void (*fn)())
if (strlen(p) <= 8 && strlen(p)>strlen(name) && !has_punctuation)
{
if (!*comment) strcpy(comment,name);
strcpy(name,p);
if (!*comment) pstrcpy(comment,name);
pstrcpy(name,p);
continue;
}

View File

@ -85,7 +85,7 @@ static char *build_print_command(int cnum, char *command, char *syscmd, char *fi
strcat(filename,filename1);
}
else
strcpy(filename,filename1);
pstrcpy(filename,filename1);
string_sub(syscmd, "%s", filename);
}
@ -258,7 +258,7 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
if (p)
{
strcpy(tmp,p+1);
strcpy(tok[FILETOK],tmp);
fstrcpy(tok[FILETOK],tmp);
}
}
@ -404,8 +404,8 @@ A long spool-path will just waste significant chars of the file name.
char *p = strrchr(tok[LPRNG_FILETOK],'/');
if (p)
{
strcpy(tmp,p+1);
strcpy(tok[LPRNG_FILETOK],tmp);
fstrcpy(tmp,p+1);
fstrcpy(tok[LPRNG_FILETOK],tmp);
}
}
@ -472,8 +472,8 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
char *p = strrchr(tok[2],'/');
if (p)
{
strcpy(tmp,p+1);
strcpy(tok[2],tmp);
fstrcpy(tmp,p+1);
fstrcpy(tok[2],tmp);
}
}
@ -506,8 +506,8 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
char *p = strrchr(tok[4],'/');
if (p)
{
strcpy(tmp,p+1);
strcpy(tok[4],tmp);
fstrcpy(tmp,p+1);
fstrcpy(tok[4],tmp);
}
}
@ -666,8 +666,8 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
if ((p=strchr(tok[2],'!')))
{
string tmp;
strcpy(tmp,p+1);
strcpy(tok[2],tmp);
fstrcpy(tmp,p+1);
fstrcpy(tok[2],tmp);
}
@ -731,8 +731,8 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
char *p = strrchr(tok[6],'/');
if (p)
{
strcpy(tmp,p+1);
strcpy(tok[6],tmp);
fstrcpy(tmp,p+1);
fstrcpy(tok[6],tmp);
}
}
@ -795,8 +795,8 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
char *p = strrchr(tok[6],'/');
if (p)
{
strcpy(tmp,p+1);
strcpy(tok[6],tmp);
fstrcpy(tmp,p+1);
fstrcpy(tok[6],tmp);
}
}
@ -863,7 +863,7 @@ static BOOL parse_lpq_entry(int snum,char *line,
/* change guest entries to the current logged in user to make
them appear deletable to windows */
if (sesssetup_user[0] && strequal(buf->user,lp_guestaccount(snum)))
strcpy(buf->user,sesssetup_user);
pstrcpy(buf->user,sesssetup_user);
}
#endif
@ -940,7 +940,7 @@ int get_printqueue(int snum,int cnum,print_queue_struct **queue,
return(0);
}
strcpy(syscmd,lpq_command);
pstrcpy(syscmd,lpq_command);
string_sub(syscmd,"%p",printername);
standard_sub(cnum,syscmd);
@ -1031,7 +1031,7 @@ void del_printqueue(int cnum,int snum,int jobid)
sprintf(jobstr,"%d",jobid);
strcpy(syscmd,lprm_command);
pstrcpy(syscmd,lprm_command);
string_sub(syscmd,"%p",printername);
string_sub(syscmd,"%j",jobstr);
standard_sub(cnum,syscmd);
@ -1069,7 +1069,7 @@ void status_printjob(int cnum,int snum,int jobid,int status)
sprintf(jobstr,"%d",jobid);
strcpy(syscmd,lpstatus_command);
pstrcpy(syscmd,lpstatus_command);
string_sub(syscmd,"%p",printername);
string_sub(syscmd,"%j",jobstr);
standard_sub(cnum,syscmd);

View File

@ -212,8 +212,8 @@ static int expect(int master,char *expected,char *buf)
{
pstring s1,s2;
strcpy(s1,buf);
strcpy(s2,expected);
pstrcpy(s1,buf);
pstrcpy(s2,expected);
if (do_match(s1, s2, False))
return(True);
}
@ -364,11 +364,11 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass)
}
#if (defined(PASSWD_PROGRAM) && defined(PASSWD_CHAT))
strcpy(passwordprogram,PASSWD_PROGRAM);
strcpy(chatsequence,PASSWD_CHAT);
pstrcpy(passwordprogram,PASSWD_PROGRAM);
pstrcpy(chatsequence,PASSWD_CHAT);
#else
strcpy(passwordprogram,lp_passwd_program());
strcpy(chatsequence,lp_passwd_chat());
pstrcpy(passwordprogram,lp_passwd_program());
pstrcpy(chatsequence,lp_passwd_chat());
#endif
if (!*chatsequence) {

View File

@ -461,7 +461,7 @@ BOOL get_dir_entry(int cnum,char *mask,int dirtype,char *fname,int *size,int *mo
matched = False;
strcpy(filename,dname);
pstrcpy(filename,dname);
if ((strcmp(filename,mask) == 0) ||
(name_map_mangle(filename,True,SNUM(cnum)) &&

View File

@ -774,7 +774,7 @@ static int get_server_info(uint32 servertype,
pstring line;
BOOL local_list_only;
strcpy(fname,lp_lockdir());
pstrcpy(fname,lp_lockdir());
trim_string(fname,NULL,"/");
strcat(fname,"/");
strcat(fname,SERVER_LIST);
@ -1363,7 +1363,7 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
fstring user;
fstring pass1,pass2;
strcpy(user,p);
fstrcpy(user,p);
p = skip_string(p,1);
@ -1698,14 +1698,14 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data,
pstring comment;
uint32 servertype= lp_default_server_announce();
strcpy(comment,lp_serverstring());
pstrcpy(comment,lp_serverstring());
if ((count=get_server_info(SV_TYPE_ALL,&servers,myworkgroup))>0) {
for (i=0;i<count;i++)
if (strequal(servers[i].name,local_machine))
{
servertype = servers[i].type;
strcpy(comment,servers[i].comment);
pstrcpy(comment,servers[i].comment);
}
}
if (servers) free(servers);
@ -2026,7 +2026,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
p2 = p + usri11_end;
memset(p,0,21);
strcpy(p+usri11_name,UserName); /* 21 bytes - user name */
fstrcpy(p+usri11_name,UserName); /* 21 bytes - user name */
if (uLevel > 0)
{
@ -2043,9 +2043,9 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
strcpy(p2,"UserComment");
p2 = skip_string(p2,1);
/* EEK! the cifsrap.txt doesn't have this in!!!! */
/* EEK! the cifsrap.txt doesn't have this in!!!! */
SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
strcpy(p2,vuser->real_name); /* simeon */
strcpy(p2,vuser->real_name); /* simeon */
p2 = skip_string(p2,1);
}
@ -2062,7 +2062,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
else
{
#if (defined(NETGROUP) && defined(AUTOMOUNT))
strcpy(p2, vuser->home_share);
strcpy(p2, vuser->home_share);
#else
strcpy(p2,"\\\\%L\\%U");
#endif
@ -2469,7 +2469,8 @@ static void fill_printdest_info(int cnum, int snum, int uLevel,
struct pack_desc* desc)
{
char buf[100];
strcpy(buf,SERVICE(snum));
strncpy(buf,SERVICE(snum),sizeof(buf)-1);
buf[sizeof(buf)-1] = 0;
strupper(buf);
if (uLevel <= 1) {
PACKS(desc,"B9",buf); /* szName */
@ -3026,7 +3027,11 @@ int reply_trans(char *inbuf,char *outbuf)
int dsoff = SVAL(inbuf,smb_vwv12);
int suwcnt = CVAL(inbuf,smb_vwv13);
StrnCpy(name,smb_buf(inbuf),sizeof(name)-1);
fstrcpy(name,smb_buf(inbuf));
if (dscnt > tdscnt || pscnt > tpscnt) {
exit_server("invalid trans parameters\n");
}
if (tdscnt)
{
@ -3088,6 +3093,10 @@ int reply_trans(char *inbuf,char *outbuf)
pscnt += pcnt;
dscnt += dcnt;
if (dscnt > tdscnt || pscnt > tpscnt) {
exit_server("invalid trans parameters\n");
}
if (pcnt)
memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
if (dcnt)

View File

@ -273,7 +273,7 @@ BOOL check_mangled_stack(char *s)
}
if (check_extension && !strchr(mangled_stack[i],'.'))
{
strcpy(tmpname,mangled_stack[i]);
pstrcpy(tmpname,mangled_stack[i]);
strcat(tmpname,extension);
mangle_name_83(tmpname);
if (strequal(tmpname,s))
@ -307,7 +307,7 @@ static char *map_filename(char *s, /* This is null terminated */
pstring pat;
StrnCpy(pat, pattern, len); /* Get pattern into a proper string! */
strcpy(matching_bit,""); /* Match but no star gets this. */
pstrcpy(matching_bit,""); /* Match but no star gets this. */
pp = pat; /* Initialise the pointers. */
sp = s;
if ((len == 1) && (*pattern == '*')) {
@ -446,7 +446,7 @@ static void do_fwd_mangled_map(char *s, char *MangledMap)
continue; /* Always check for the end. */
}
if (*end == '*') {
strcpy(np, match_string);
pstrcpy(np, match_string);
np += strlen(match_string);
end++; /* Skip the '*' */
while ((*end) /* Not the end of string. */
@ -460,7 +460,7 @@ static void do_fwd_mangled_map(char *s, char *MangledMap)
}
*np++ = '\0'; /* NULL terminate it. */
DEBUG(5,("End of second in pair '%s'\n", end));
strcpy(s, new_string); /* Substitute with the new name. */
pstrcpy(s, new_string); /* Substitute with the new name. */
DEBUG(5,("s is now '%s'\n", s));
}
start = end; /* Skip a bit which cannot be wanted */

View File

@ -54,7 +54,7 @@ static void msg_deliver(void)
/* put it in a temporary file */
sprintf(s,"%s/msg.XXXXXX",tmpdir());
strcpy(name,(char *)mktemp(s));
fstrcpy(name,(char *)mktemp(s));
fd = open(name,O_WRONLY|O_CREAT|O_TRUNC|O_EXCL,0600);
if (fd == -1) {
@ -74,7 +74,7 @@ static void msg_deliver(void)
/* run the command */
if (*lp_msg_command())
{
strcpy(s,lp_msg_command());
pstrcpy(s,lp_msg_command());
string_sub(s,"%s",name);
string_sub(s,"%f",msgfrom);
string_sub(s,"%t",msgto);
@ -108,8 +108,8 @@ int reply_sends(char *inbuf,char *outbuf)
dest = skip_string(orig,1)+1;
msg = skip_string(dest,1)+1;
strcpy(msgfrom,orig);
strcpy(msgto,dest);
fstrcpy(msgfrom,orig);
fstrcpy(msgto,dest);
len = SVAL(msg,0);
len = MIN(len,1600-msgpos);
@ -143,10 +143,10 @@ int reply_sendstrt(char *inbuf,char *outbuf)
orig = smb_buf(inbuf)+1;
dest = skip_string(orig,1)+1;
strcpy(msgfrom,orig);
strcpy(msgto,dest);
fstrcpy(msgfrom,orig);
fstrcpy(msgto,dest);
DEBUG(3,("%s SMBsendstrt (from %s to %s)\n",timestring(),orig,dest));
DEBUG(3,("%s SMBsendstrt (from %s to %s)\n",timestring(),msgfrom,msgto));
return(outsize);
}

View File

@ -87,7 +87,7 @@ int reply_open_pipe_and_X(char *inbuf,char *outbuf,int length,int bufsize)
BOOL bad_path = False;
/* XXXX we need to handle passed times, sattr and flags */
strcpy(fname,smb_buf(inbuf));
pstrcpy(fname,smb_buf(inbuf));
/* If the name doesn't start \PIPE\ then this is directed */
/* at a mailslot or something we really, really don't understand, */
@ -98,7 +98,7 @@ int reply_open_pipe_and_X(char *inbuf,char *outbuf,int length,int bufsize)
DEBUG(4,("Opening pipe %s.\n", fname));
/* Strip \PIPE\ off the name. */
strcpy(fname,smb_buf(inbuf) + PIPELEN);
pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
/* See if it is one we want to handle. */
for( i = 0; known_pipes[i] ; i++ )

View File

@ -48,6 +48,18 @@ a packet to ensure chaining works correctly */
#define GETFNUM(buf,where) (chain_fnum!= -1?chain_fnum:SVAL(buf,where))
/****************************************************************************
report a possible attack via the password buffer overflow bug
****************************************************************************/
static void overflow_attack(int len)
{
DEBUG(0,("ERROR: Invalid password length %d\n", len));
DEBUG(0,("you're machine may be under attack by a user exploiting an old bug\n"));
DEBUG(0,("Attack was from IP=%s\n", client_addr()));
exit_server("possible attack");
}
/****************************************************************************
reply to an special message
****************************************************************************/
@ -66,36 +78,36 @@ int reply_special(char *inbuf,char *outbuf)
smb_setlen(outbuf,0);
switch (msg_type) {
case 0x81: /* session request */
CVAL(outbuf,0) = 0x82;
CVAL(outbuf,3) = 0;
if (name_len(inbuf+4) > 50) {
DEBUG(0,("Invalid name length in session request\n"));
return(0);
}
name_extract(inbuf,4,name1);
name_extract(inbuf,4 + name_len(inbuf + 4),name2);
case 0x81: /* session request */
CVAL(outbuf,0) = 0x82;
CVAL(outbuf,3) = 0;
if (name_len(inbuf+4) > 50 || name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
DEBUG(0,("Invalid name length in session request\n"));
return(0);
}
name_extract(inbuf,4,name1);
name_extract(inbuf,4 + name_len(inbuf + 4),name2);
DEBUG(2,("netbios connect: name1=%s name2=%s\n",
name1,name2));
strcpy(remote_machine,name2);
trim_string(remote_machine," "," ");
p = strchr(remote_machine,' ');
strlower(remote_machine);
if (p) *p = 0;
strcpy(local_machine,name1);
trim_string(local_machine," "," ");
p = strchr(local_machine,' ');
strlower(local_machine);
if (p) *p = 0;
add_session_user(remote_machine);
reload_services(True);
reopen_logs();
break;
fstrcpy(remote_machine,name2);
trim_string(remote_machine," "," ");
p = strchr(remote_machine,' ');
strlower(remote_machine);
if (p) *p = 0;
fstrcpy(local_machine,name1);
trim_string(local_machine," "," ");
p = strchr(local_machine,' ');
strlower(local_machine);
if (p) *p = 0;
add_session_user(remote_machine);
reload_services(True);
reopen_logs();
break;
case 0x89: /* session keepalive request
(some old clients produce this?) */
@ -160,25 +172,25 @@ static void parse_connect(char *p,char *service,char *user,
p2 = strrchr(p,'\\');
if (p2 == NULL)
strcpy(service,p);
fstrcpy(service,p);
else
strcpy(service,p2+1);
fstrcpy(service,p2+1);
p += strlen(p) + 2;
strcpy(password,p);
fstrcpy(password,p);
*pwlen = strlen(password);
p += strlen(p) + 2;
strcpy(dev,p);
fstrcpy(dev,p);
*user = 0;
p = strchr(service,'%');
if (p != NULL)
{
*p = 0;
strcpy(user,p+1);
fstrcpy(user,p+1);
}
}
@ -238,6 +250,10 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
/* we might have to close an old one */
if ((SVAL(inbuf,smb_vwv2) & 0x1) != 0)
close_cnum(SVAL(inbuf,smb_tid),vuid);
if (passlen > MAX_PASSWORD_LENGTH) {
overflow_attack(passlen);
}
{
char *path;
@ -252,18 +268,17 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
passlen = strlen(password);
}
DEBUG(4,("parsing net-path %s, passlen=%d\n",path,passlen));
strcpy(service,path+2);
fstrcpy(service,path+2);
p = strchr(service,'\\');
if (!p)
return(ERROR(ERRSRV,ERRinvnetname));
*p = 0;
strcpy(service,p+1);
fstrcpy(service,p+1);
p = strchr(service,'%');
if (p)
{
*p++ = 0;
strcpy(user,p);
fstrcpy(user,p);
}
StrnCpy(devicename,path + strlen(path) + 1,6);
DEBUG(4,("Got device type %s\n",devicename));
@ -372,11 +387,15 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
if (Protocol < PROTOCOL_NT1) {
smb_apasslen = SVAL(inbuf,smb_vwv7);
memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
StrnCpy(user,smb_buf(inbuf)+smb_apasslen,sizeof(user)-1);
if (smb_apasslen > MAX_PASSWORD_LENGTH)
overflow_attack(smb_apasslen);
if (lp_security() != SEC_SERVER && !doencrypt)
smb_apasslen = strlen(smb_apasswd);
memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
pstrcpy(user,smb_buf(inbuf)+smb_apasslen);
if (lp_security() != SEC_SERVER && !doencrypt) {
smb_apasslen = strlen(smb_apasswd);
}
} else {
uint16 passlen1 = SVAL(inbuf,smb_vwv7);
uint16 passlen2 = SVAL(inbuf,smb_vwv8);
@ -401,6 +420,13 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
if (passlen1 != 24 && passlen2 != 24)
doencrypt = False;
if (passlen1 > MAX_PASSWORD_LENGTH) {
overflow_attack(passlen1);
}
passlen1 = MIN(passlen1, MAX_PASSWORD_LENGTH);
passlen2 = MIN(passlen2, MAX_PASSWORD_LENGTH);
if(doencrypt) {
/* Save the lanman2 password and the NT md4 password. */
smb_apasslen = passlen1;
@ -438,7 +464,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
}
p += passlen1 + passlen2;
strcpy(user,p); p = skip_string(p,1);
fstrcpy(user,p); p = skip_string(p,1);
DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s]\n",
p,skip_string(p,1),skip_string(p,2)));
}
@ -591,7 +617,7 @@ int reply_chkpth(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
strcpy(name,smb_buf(inbuf) + 1);
pstrcpy(name,smb_buf(inbuf) + 1);
unix_convert(name,cnum,0,&bad_path);
mode = SVAL(inbuf,smb_vwv0);
@ -639,7 +665,7 @@ int reply_getatr(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
strcpy(fname,smb_buf(inbuf) + 1);
pstrcpy(fname,smb_buf(inbuf) + 1);
unix_convert(fname,cnum,0,&bad_path);
/* dos smetimes asks for a stat of "" - it returns a "hidden directory"
@ -714,7 +740,7 @@ int reply_setatr(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
strcpy(fname,smb_buf(inbuf) + 1);
pstrcpy(fname,smb_buf(inbuf) + 1);
unix_convert(fname,cnum,0,&bad_path);
mode = SVAL(inbuf,smb_vwv0);
@ -825,8 +851,8 @@ int reply_search(char *inbuf,char *outbuf)
{
pstring dir2;
strcpy(directory,smb_buf(inbuf)+1);
strcpy(dir2,smb_buf(inbuf)+1);
pstrcpy(directory,smb_buf(inbuf)+1);
pstrcpy(dir2,smb_buf(inbuf)+1);
unix_convert(directory,cnum,0,&bad_path);
unix_format(dir2);
@ -842,7 +868,7 @@ int reply_search(char *inbuf,char *outbuf)
else
{
*p = 0;
strcpy(mask,p+1);
pstrcpy(mask,p+1);
}
p = strrchr(directory,'/');
@ -876,7 +902,7 @@ int reply_search(char *inbuf,char *outbuf)
if ((p = strrchr(mask,' ')))
{
fstring ext;
strcpy(ext,p+1);
fstrcpy(ext,p+1);
*p = 0;
trim_string(mask,NULL," ");
strcat(mask,".");
@ -898,7 +924,7 @@ int reply_search(char *inbuf,char *outbuf)
if (!strchr(mask,'.') && strlen(mask)>8)
{
fstring tmp;
strcpy(tmp,&mask[8]);
fstrcpy(tmp,&mask[8]);
mask[8] = '.';
mask[9] = 0;
strcat(mask,tmp);
@ -1078,7 +1104,7 @@ int reply_open(char *inbuf,char *outbuf)
share_mode = SVAL(inbuf,smb_vwv0);
strcpy(fname,smb_buf(inbuf)+1);
pstrcpy(fname,smb_buf(inbuf)+1);
unix_convert(fname,cnum,0,&bad_path);
fnum = find_free_file();
@ -1168,7 +1194,7 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
/* XXXX we need to handle passed times, sattr and flags */
strcpy(fname,smb_buf(inbuf));
pstrcpy(fname,smb_buf(inbuf));
unix_convert(fname,cnum,0,&bad_path);
fnum = find_free_file();
@ -1281,7 +1307,7 @@ int reply_mknew(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
createmode = SVAL(inbuf,smb_vwv0);
strcpy(fname,smb_buf(inbuf)+1);
pstrcpy(fname,smb_buf(inbuf)+1);
unix_convert(fname,cnum,0,&bad_path);
if (createmode & aVOLID)
@ -1359,7 +1385,8 @@ int reply_ctemp(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
createmode = SVAL(inbuf,smb_vwv0);
sprintf(fname,"%s/TMXXXXXX",smb_buf(inbuf)+1);
pstrcpy(fname,smb_buf(inbuf)+1);
strcat(fname,"/TMXXXXXX");
unix_convert(fname,cnum,0,&bad_path);
unixmode = unix_mode(cnum,createmode);
@ -1455,7 +1482,7 @@ int reply_unlink(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
dirtype = SVAL(inbuf,smb_vwv0);
strcpy(name,smb_buf(inbuf) + 1);
pstrcpy(name,smb_buf(inbuf) + 1);
DEBUG(3,("reply_unlink : %s\n",name));
@ -1503,7 +1530,7 @@ int reply_unlink(char *inbuf,char *outbuf)
while ((dname = ReadDirName(dirptr)))
{
pstring fname;
strcpy(fname,dname);
pstrcpy(fname,dname);
if(!mask_match(fname, mask, case_sensitive, False)) continue;
@ -2381,7 +2408,7 @@ int reply_printopen(char *inbuf,char *outbuf)
{
pstring s;
char *p;
StrnCpy(s,smb_buf(inbuf)+1,sizeof(pstring)-1);
pstrcpy(s,smb_buf(inbuf)+1);
p = s;
while (*p)
{
@ -2583,7 +2610,7 @@ int reply_mkdir(char *inbuf,char *outbuf)
int outsize,ret= -1;
BOOL bad_path = False;
strcpy(directory,smb_buf(inbuf) + 1);
pstrcpy(directory,smb_buf(inbuf) + 1);
cnum = SVAL(inbuf,smb_tid);
unix_convert(directory,cnum,0,&bad_path);
@ -2680,7 +2707,7 @@ int reply_rmdir(char *inbuf,char *outbuf)
BOOL bad_path = False;
cnum = SVAL(inbuf,smb_tid);
strcpy(directory,smb_buf(inbuf) + 1);
pstrcpy(directory,smb_buf(inbuf) + 1);
unix_convert(directory,cnum,0,&bad_path);
if (check_name(directory,cnum))
@ -2728,7 +2755,7 @@ int reply_rmdir(char *inbuf,char *outbuf)
errno = ENOMEM;
break;
}
strcpy(fullname, directory);
pstrcpy(fullname, directory);
strcat(fullname, "/");
strcat(fullname, dname);
@ -2795,21 +2822,21 @@ static BOOL resolve_wildcards(char *name1,char *name2)
if (!name1 || !name2) return(False);
strcpy(root1,name1);
strcpy(root2,name2);
fstrcpy(root1,name1);
fstrcpy(root2,name2);
p = strrchr(root1,'.');
if (p) {
*p = 0;
strcpy(ext1,p+1);
fstrcpy(ext1,p+1);
} else {
strcpy(ext1,"");
fstrcpy(ext1,"");
}
p = strrchr(root2,'.');
if (p) {
*p = 0;
strcpy(ext2,p+1);
fstrcpy(ext2,p+1);
} else {
strcpy(ext2,"");
fstrcpy(ext2,"");
}
p = root1;
@ -2883,8 +2910,8 @@ int reply_mv(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
strcpy(name,smb_buf(inbuf) + 1);
strcpy(newname,smb_buf(inbuf) + 3 + strlen(name));
pstrcpy(name,smb_buf(inbuf) + 1);
pstrcpy(newname,smb_buf(inbuf) + 3 + strlen(name));
DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
@ -2998,14 +3025,14 @@ int reply_mv(char *inbuf,char *outbuf)
while ((dname = ReadDirName(dirptr)))
{
pstring fname;
strcpy(fname,dname);
pstrcpy(fname,dname);
if(!mask_match(fname, mask, case_sensitive, False)) continue;
error = ERRnoaccess;
sprintf(fname,"%s/%s",directory,dname);
if (!can_rename(fname,cnum)) continue;
strcpy(destname,newname);
pstrcpy(destname,newname);
if (!resolve_wildcards(fname,destname)) continue;
@ -3051,7 +3078,7 @@ static BOOL copy_file(char *src,char *dest1,int cnum,int ofun,
int fnum1,fnum2;
pstring dest;
strcpy(dest,dest1);
pstrcpy(dest,dest1);
if (target_is_directory) {
char *p = strrchr(src,'/');
if (p)
@ -3128,8 +3155,8 @@ int reply_copy(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
strcpy(name,smb_buf(inbuf));
strcpy(newname,smb_buf(inbuf) + 1 + strlen(name));
pstrcpy(name,smb_buf(inbuf));
pstrcpy(newname,smb_buf(inbuf) + 1 + strlen(name));
DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
@ -3198,7 +3225,7 @@ int reply_copy(char *inbuf,char *outbuf)
while ((dname = ReadDirName(dirptr)))
{
pstring fname;
strcpy(fname,dname);
pstrcpy(fname,dname);
if(!mask_match(fname, mask, case_sensitive, False)) continue;
@ -3252,7 +3279,7 @@ int reply_setdir(char *inbuf,char *outbuf)
if (!CAN_SETDIR(snum))
return(ERROR(ERRDOS,ERRnoaccess));
strcpy(newdir,smb_buf(inbuf) + 1);
pstrcpy(newdir,smb_buf(inbuf) + 1);
strlower(newdir);
if (strlen(newdir) == 0)

View File

@ -399,7 +399,7 @@ static BOOL scan_directory(char *path, char *name,int cnum,BOOL docache)
(strequal(dname,".") || strequal(dname,"..")))
continue;
strcpy(name2,dname);
pstrcpy(name2,dname);
if (!name_map_mangle(name2,False,SNUM(cnum))) continue;
if ((mangled && mangled_equal(name,name2))
@ -545,7 +545,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
/* remember the rest of the pathname so it can be restored
later */
if (end) strcpy(rest,end+1);
if (end) pstrcpy(rest,end+1);
/* try to find this part of the path in the directory */
if (strchr(start,'?') || strchr(start,'*') ||
@ -1057,7 +1057,7 @@ static void open_file(int fnum,int cnum,char *fname1,int flags,int mode, struct
Files[fnum].fd_ptr = 0;
errno = EPERM;
strcpy(fname,fname1);
pstrcpy(fname,fname1);
/* check permissions */
if ((flags != O_RDONLY) && !CAN_WRITE(cnum) && !Connections[cnum].printer)
@ -1186,7 +1186,7 @@ static void open_file(int fnum,int cnum,char *fname1,int flags,int mode, struct
pstring dname;
int dum1,dum2,dum3;
char *p;
strcpy(dname,fname);
pstrcpy(dname,fname);
p = strrchr(dname,'/');
if (p) *p = 0;
if (sys_disk_free(dname,&dum1,&dum2,&dum3) <
@ -1321,10 +1321,10 @@ static void check_magic(int fnum,int cnum)
int ret;
pstring magic_output;
pstring fname;
strcpy(fname,Files[fnum].name);
pstrcpy(fname,Files[fnum].name);
if (*lp_magicoutput(SNUM(cnum)))
strcpy(magic_output,lp_magicoutput(SNUM(cnum)));
pstrcpy(magic_output,lp_magicoutput(SNUM(cnum)));
else
sprintf(magic_output,"%s.out",fname);
@ -2355,10 +2355,10 @@ BOOL reload_services(BOOL test)
if (lp_loaded())
{
pstring fname;
strcpy(fname,lp_configfile());
pstrcpy(fname,lp_configfile());
if (file_exist(fname,NULL) && !strcsequal(fname,servicesf))
{
strcpy(servicesf,fname);
pstrcpy(servicesf,fname);
test = False;
}
}
@ -2651,13 +2651,13 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
{
struct passwd *pass2;
fstring fuser;
strcpy(fuser,lp_force_user(snum));
fstrcpy(fuser,lp_force_user(snum));
pass2 = (struct passwd *)Get_Pwnam(fuser,True);
if (pass2)
{
pcon->uid = pass2->pw_uid;
string_set(&pcon->user,fuser);
strcpy(user,fuser);
fstrcpy(user,fuser);
pcon->force_user = True;
DEBUG(3,("Forced user %s\n",fuser));
}
@ -2667,7 +2667,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
{
pstring s;
strcpy(s,lp_pathname(snum));
pstrcpy(s,lp_pathname(snum));
standard_sub(cnum,s);
string_set(&pcon->connectpath,s);
DEBUG(3,("Connect path is %s\n",s));
@ -2703,7 +2703,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
if (*lp_rootpreexec(SNUM(cnum)))
{
pstring cmd;
strcpy(cmd,lp_rootpreexec(SNUM(cnum)));
pstrcpy(cmd,lp_rootpreexec(SNUM(cnum)));
standard_sub(cnum,cmd);
DEBUG(5,("cmd=%s\n",cmd));
smbrun(cmd,NULL,False);
@ -2743,7 +2743,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
/* resolve any soft links early */
{
pstring s;
strcpy(s,pcon->connectpath);
pstrcpy(s,pcon->connectpath);
GetWd(s);
string_set(&pcon->connectpath,s);
ChDir(pcon->connectpath);
@ -2757,7 +2757,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
if (*lp_preexec(SNUM(cnum)))
{
pstring cmd;
strcpy(cmd,lp_preexec(SNUM(cnum)));
pstrcpy(cmd,lp_preexec(SNUM(cnum)));
standard_sub(cnum,cmd);
smbrun(cmd,NULL,False);
}
@ -3216,7 +3216,7 @@ static int reply_negprot(char *inbuf,char *outbuf)
SSVAL(outbuf,smb_vwv0,choice);
if(choice != -1) {
extern fstring remote_proto;
strcpy(remote_proto,supported_protocols[protocol].short_name);
fstrcpy(remote_proto,supported_protocols[protocol].short_name);
reload_services(True);
outsize = supported_protocols[protocol].proto_reply_fn(outbuf);
DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
@ -3335,7 +3335,7 @@ BOOL yield_connection(int cnum,char *name,int max_connections)
bzero(&crec,sizeof(crec));
strcpy(fname,lp_lockdir());
pstrcpy(fname,lp_lockdir());
standard_sub(cnum,fname);
trim_string(fname,"","/");
@ -3407,7 +3407,7 @@ BOOL claim_connection(int cnum,char *name,int max_connections,BOOL Clear)
DEBUG(5,("trying claim %s %s %d\n",lp_lockdir(),name,max_connections));
strcpy(fname,lp_lockdir());
pstrcpy(fname,lp_lockdir());
standard_sub(cnum,fname);
trim_string(fname,"","/");
@ -3503,7 +3503,7 @@ static BOOL dump_core(void)
{
char *p;
pstring dname;
strcpy(dname,debugf);
pstrcpy(dname,debugf);
if ((p=strrchr(dname,'/'))) *p=0;
strcat(dname,"/corefiles");
mkdir(dname,0700);

View File

@ -306,10 +306,10 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
if(p[1] == '\0')
strcpy(mask,"*.*");
else
strcpy(mask, p+1);
pstrcpy(mask, p+1);
}
else
strcpy(mask, path_mask);
pstrcpy(mask, path_mask);
while (!found)
{
@ -327,7 +327,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
matched = False;
strcpy(fname,dname);
pstrcpy(fname,dname);
if(mask_match(fname, mask, case_sensitive, True))
{
@ -338,7 +338,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
if (isrootdir && isdots)
continue;
strcpy(pathreal,Connections[cnum].dirpath);
pstrcpy(pathreal,Connections[cnum].dirpath);
if(needslash)
strcat(pathreal,"/");
strcat(pathreal,dname);
@ -595,7 +595,7 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
return(ERROR(ERRDOS,ERRunknownlevel));
}
strcpy(directory, params + 12); /* Complete directory path with
pstrcpy(directory, params + 12); /* Complete directory path with
wildcard mask appended */
DEBUG(5,("path=%s\n",directory));
@ -1057,7 +1057,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
/* qpathinfo */
info_level = SVAL(params,0);
fname = &fname1[0];
strcpy(fname,&params[6]);
pstrcpy(fname,&params[6]);
unix_convert(fname,cnum,0,&bad_path);
if (!check_name(fname,cnum) || sys_stat(fname,&sbuf)) {
DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno)));
@ -1163,7 +1163,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
case SMB_QUERY_FILE_ALT_NAME_INFO:
data_size = 4 + l;
SIVAL(pdata,0,l);
strcpy(pdata+4,fname);
pstrcpy(pdata+4,fname);
break;
case SMB_QUERY_FILE_ALLOCATION_INFO:
case SMB_QUERY_FILE_END_OF_FILEINFO:
@ -1197,7 +1197,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
pdata += 4;
pdata += 4; /* alignment */
SIVAL(pdata,0,l);
strcpy(pdata+4,fname);
pstrcpy(pdata+4,fname);
pdata += 4 + l;
data_size = PTR_DIFF(pdata,(*ppdata));
break;
@ -1208,7 +1208,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
SIVAL(pdata,4,size);
SIVAL(pdata,12,size);
SIVAL(pdata,20,l);
strcpy(pdata+24,fname);
pstrcpy(pdata+24,fname);
break;
default:
return(ERROR(ERRDOS,ERRunknownlevel));
@ -1260,7 +1260,7 @@ static int call_trans2setfilepathinfo(char *inbuf, char *outbuf, int length,
/* set path info */
info_level = SVAL(params,0);
fname = fname1;
strcpy(fname,&params[6]);
pstrcpy(fname,&params[6]);
unix_convert(fname,cnum,0,&bad_path);
if(!check_name(fname, cnum))
{
@ -1443,7 +1443,7 @@ static int call_trans2mkdir(char *inbuf, char *outbuf, int length, int bufsize,
if (!CAN_WRITE(cnum))
return(ERROR(ERRSRV,ERRaccess));
strcpy(directory, &params[4]);
pstrcpy(directory, &params[4]);
DEBUG(3,("call_trans2mkdir : name = %s\n", directory));
@ -1645,6 +1645,9 @@ int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize)
num_params = num_params_sofar = SVAL(inbuf,smb_pscnt);
num_data = num_data_sofar = SVAL(inbuf, smb_dscnt);
if (num_params > total_params || num_data > total_data)
exit_server("invalid params in reply_trans2");
memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
@ -1672,6 +1675,9 @@ int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize)
total_data = SVAL(inbuf, smb_tdscnt);
num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt));
num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt));
if (num_params_sofar > total_params || num_data_sofar > total_data)
exit_server("data overflow in trans2");
memcpy( &params[ SVAL(inbuf, smb_spsdisp)],
smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params);
memcpy( &data[SVAL(inbuf, smb_sdsdisp)],

View File

@ -81,7 +81,7 @@ int VT_Start_utmp(void)
setutent();
strcpy(u.ut_line, VT_Line);
fstrcpy(u.ut_line, VT_Line);
if((v = getutline(&u)) == NULL) {
if(strncmp(VT_Line, "tty", 3) == 0)
@ -91,12 +91,12 @@ int VT_Start_utmp(void)
else
tt = VT_Line;
strcpy(u.ut_id, tt);
fstrcpy(u.ut_id, tt);
u.ut_time = time((time_t*)0);
}
strcpy(u.ut_user, "LOGIN");
strcpy(u.ut_line, VT_Line);
fstrcpy(u.ut_user, "LOGIN");
fstrcpy(u.ut_line, VT_Line);
u.ut_pid = getpid();
u.ut_type = LOGIN_PROCESS;
pututline(&u);
@ -118,10 +118,10 @@ int VT_Stop_utmp(void)
if(VT_Line != NULL) {
setutent();
strcpy(u.ut_line, VT_Line);
fstrcpy(u.ut_line, VT_Line);
if((v = getutline(&u)) != NULL) {
strcpy(v->ut_user, "");
fstrcpy(v->ut_user, "");
v->ut_type = DEAD_PROCESS;
v->ut_time = time((time_t*)0);
pututline(v);

View File

@ -122,7 +122,7 @@ int main(int argc,char *argv[])
got_bcast = True;
break;
case 'i':
strcpy(scope,optarg);
fstrcpy(scope,optarg);
strupper(scope);
break;
case 'M':
@ -135,7 +135,7 @@ int main(int argc,char *argv[])
DEBUGLEVEL = atoi(optarg);
break;
case 's':
strcpy(servicesf, optarg);
pstrcpy(servicesf, optarg);
break;
case 'h':
usage();
@ -172,7 +172,7 @@ int main(int argc,char *argv[])
char *p;
struct in_addr ip;
strcpy(lookup,argv[i]);
fstrcpy(lookup,argv[i]);
if (find_master) {
if (*lookup == '-') {