sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

changed to use slprintf() instead of sprintf() just about

Browse Source 
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.

This should prevent any sprintf based security holes.
This commit is contained in:
Andrew Tridgell -
parent 6b0c1733d2
commit ee09e9dadb
33 changed files with 207 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
source/client/client.c
View File

@ -1496,9 +1496,11 @@ static void do_mget(file_info *finfo)
}
if (finfo->mode & aDIR)
sprintf(quest,"Get directory %s? ",CNV_LANG(finfo->name));
slprintf(quest,sizeof(pstring)-1,
"Get directory %s? ",CNV_LANG(finfo->name));
else
sprintf(quest,"Get file %s? ",CNV_LANG(finfo->name));
slprintf(quest,sizeof(pstring)-1,
"Get file %s? ",CNV_LANG(finfo->name));
if (prompt && !yesno(quest)) return;
@ -1572,7 +1574,9 @@ static void cmd_more(char *dum_in, char *dum_out)
strcpy(rname,cur_dir);
strcat(rname,"\\");
sprintf(tmpname,"%s/smbmore.%d",tmpdir(),(int)getpid());
slprintf(tmpname,
sizeof(fstring)-1,
"%s/smbmore.%d",tmpdir(),(int)getpid());
strcpy(lname,tmpname);
if (!next_token(NULL,rname+strlen(rname),NULL)) {
@ -1584,7 +1588,9 @@ static void cmd_more(char *dum_in, char *dum_out)
do_get(rname,lname,NULL);
pager=getenv("PAGER");
sprintf(pager_cmd,"%s %s",(pager? pager:PAGER), tmpname);
slprintf(pager_cmd,sizeof(pager_cmd)-1,
"%s %s",(pager? pager:PAGER), tmpname);
system(pager_cmd);
unlink(tmpname);
}
@ -2046,11 +2052,14 @@ static void cmd_mput(char *dum_in, char *dum_out)
pstring tmpname;
FILE *f;
sprintf(tmpname,"%s/ls.smb.%d",tmpdir(),(int)getpid());
slprintf(tmpname,sizeof(pstring)-1,
"%s/ls.smb.%d",tmpdir(),(int)getpid());
if (recurse)
sprintf(cmd,"find . -name \"%s\" -print > %s",p,tmpname);
slprintf(cmd,sizeof(pstring)-1,
"find . -name \"%s\" -print > %s",p,tmpname);
else
sprintf(cmd,"/bin/ls %s > %s",p,tmpname);
slprintf(cmd,sizeof(pstring)-1,
"/bin/ls %s > %s",p,tmpname);
system(cmd);
f = fopen(tmpname,"r");
@ -2069,7 +2078,8 @@ static void cmd_mput(char *dum_in, char *dum_out)
if (directory_exist(lname,&st))
{
if (!recurse) continue;
sprintf(quest,"Put directory %s? ",lname);
slprintf(quest,sizeof(pstring)-1,
"Put directory %s? ",lname);
if (prompt && !yesno(quest))
{
strcat(lname,"/");
@ -2091,7 +2101,8 @@ static void cmd_mput(char *dum_in, char *dum_out)
}
else
{
sprintf(quest,"Put file %s? ",lname);
slprintf(quest,sizeof(quest)-1,
"Put file %s? ",lname);
if (prompt && !yesno(quest)) continue;
strcpy(rname,cur_dir);
@ -3721,7 +3732,7 @@ static void usage(char *pname)
save_debuglevel = DEBUGLEVEL = atoi(optarg);
break;
case 'l':
sprintf(debugf,"%s.client",optarg);
slprintf(debugf,sizeof(debugf)-1, "%s.client",optarg);
break;
case 'p':
port = atoi(optarg);
@ -3814,7 +3825,8 @@ static void usage(char *pname)
if (*query_host && !nt_domain_logon)
{
int ret = 0;
sprintf(service,"\\\\%s\\IPC$",query_host);
slprintf(service,sizeof(service)-1,
"\\\\%s\\IPC$",query_host);
strupper(service);
connect_as_ipc = True;
if (cli_open_sockets(port))

2
source/client/clitar.c
View File

@ -2129,7 +2129,7 @@ int process_tar(char *inbuf, char *outbuf)
switch(tar_type) {
case 'x':
#ifdef 0
#if 0
do_tarput2();
#else
do_tarput();

4
source/client/smbmount.c
View File

@ -350,7 +350,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
string_replace(share_name, '\\', '/');
string_replace(share_name, ' ', '_');
sprintf(mount_command, "smbmnt %s -s %s", mount_point, share_name);
slprintf(mount_command, sizeof(mount_command)-1,"smbmnt %s -s %s", mount_point, share_name);
while(next_token(NULL, buf, NULL))
{
@ -830,7 +830,7 @@ static void usage(char *pname)
DEBUGLEVEL = atoi(optarg);
break;
case 'l':
sprintf(debugf,"%s.client",optarg);
slprintf(debugf,sizeof(debugf)-1,"%s.client",optarg);
break;
case 'p':
port = atoi(optarg);

1
source/include/includes.h
View File

@ -237,6 +237,7 @@ Here come some platform specific sections
#define USE_SETSID
#define HAVE_BZERO
#define HAVE_MEMMOVE
#define HAVE_VSNPRINTF
#define USE_SIGPROCMASK
#define USE_WAITPID
#define USE_SYSV_IPC

5
source/include/proto.h
View File

@ -1806,6 +1806,11 @@ BOOL machine_password_delete( char *domain, char *name );
BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
BOOL set_machine_account_password( unsigned char *md4_new_pwd);
/*The following definitions come from snprintf.c */
int vslprintf(char *str, int n, char *format, va_list ap);
int slprintf(char *str, int n, char *format, ...);
/*The following definitions come from status.c */
void Ucrit_addUsername(pstring username);

4
source/lib/charset.c
View File

@ -203,7 +203,9 @@ static codepage_p load_client_codepage( int client_codepage )
strcpy(codepage_file_name, CODEPAGEDIR);
strcat(codepage_file_name, "/");
strcat(codepage_file_name, "codepage.");
sprintf( &codepage_file_name[strlen(codepage_file_name)], "%03d",
slprintf(&codepage_file_name[strlen(codepage_file_name)],
sizeof(pstring)-(strlen(codepage_file_name)+1),
"%03d",
client_codepage);
if(!file_exist(codepage_file_name,&st))

4
source/lib/pidfile.c
View File

@ -37,7 +37,7 @@ void pidfile_create(char *name)
pstring pidFile;
int pid;
sprintf(pidFile, "%s/%s.pid", lp_lockdir(), name);
slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_lockdir(), name);
pid = pidfile_pid(name);
if (pid > 0 && process_exists(pid)) {
@ -76,7 +76,7 @@ int pidfile_pid(char *name)
pstring pidFile;
unsigned ret;
sprintf(pidFile, "%s/%s.pid", lp_lockdir(), name);
slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_lockdir(), name);
f = fopen(pidFile, "r");
if (!f) {

88
source/lib/slprintf.c Normal file
View File

@ -0,0 +1,88 @@
/*
Unix SMB/Netbios implementation.
Version 1.9.
snprintf replacement
Copyright (C) Andrew Tridgell 1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
extern int DEBUGLEVEL;
int vslprintf(char *str, int n, char *format, va_list ap)
{
#ifdef HAVE_VSNPRINTF
int ret = vsnprintf(str, n, format, ap);
if (ret >= 0) str[ret] = 0;
return ret;
#else
static char *buf;
static int len;
static int pagesize;
int ret;
if (!len || !buf || (len-pagesize) < n) {
pagesize = getpagesize();
len = (2+(n/pagesize))*pagesize;
/* note: we don't free the old memory (if any) as we don't
want a malloc lib to reuse the memory as it will
have the wrong permissions */
buf = memalign(pagesize, len);
if (buf) {
if (mprotect(buf+(len-pagesize), pagesize, PROT_READ) != 0) {
exit(1);
return -1;
}
}
}
if (!buf) {
exit(1);
}
ret = vsprintf(str, format, ap);
/* we will have got a seg fault here if we overflowed the buffer */
return ret;
#endif
}
#ifdef __STDC__
int slprintf(char *str, int n, char *format, ...)
{
#else
int slprintf(va_alist)
va_dcl
{
char *str, *format;
int n;
#endif
va_list ap;
int ret;
#ifdef __STDC__
va_start(ap, format);
#else
va_start(ap);
str = va_arg(ap,char *);
n = va_arg(ap,int);
format = va_arg(ap,char *);
#endif
ret = vslprintf(str,n,format,ap);
va_end(ap);
return ret;
}

2
source/lib/system.c
View File

@ -411,7 +411,7 @@ struct hostent *sys_gethostbyname(char *name)
if((strlen(name) + strlen(domain)) >= sizeof(query))
return(gethostbyname(name));
sprintf(query, "%s%s", name, domain);
slprintf(query, sizeof(query)-1, "%s%s", name, domain);
return(gethostbyname(query));
#else /* REDUCE_ROOT_DNS_LOOKUPS */
return(gethostbyname(name));

6
source/lib/util.c
View File

@ -226,7 +226,7 @@ static void check_log_size(void)
if (dbf && file_size(debugf) > maxlog) {
pstring name;
fclose(dbf); dbf = NULL;
sprintf(name,"%s.old",debugf);
slprintf(name,sizeof(name)-1,"%s.old",debugf);
sys_rename(debugf,name);
reopen_logs();
}
@ -313,7 +313,7 @@ va_dcl
va_start(ap);
format_str = va_arg(ap,char *);
#endif
vsprintf(msgbuf, format_str, ap);
vslprintf(msgbuf, sizeof(msgbuf)-1,format_str, ap);
va_end(ap);
msgbuf[255] = '\0';
@ -3839,7 +3839,7 @@ static char *automount_lookup(char *user_name)
if (strcmp(user_name, last_key))
{
sprintf(buffer, "[%s=%s]%s.%s", "key", user_name, nis_map, nis_domain);
slprintf(buffer, sizeof(buffer)-1, "[%s=%s]%s.%s", "key", user_name, nis_map, nis_domain);
DEBUG(5, ("NIS+ querystring: %s\n", buffer));
if (result = nis_list(buffer, RETURN_RESULT, NULL, NULL))

6
source/lib/util_hnd.c
View File

@ -115,7 +115,7 @@ BOOL open_lsa_policy_hnd(POLICY_HND *hnd)
memcpy(&(Policy[i].pol_hnd), hnd, sizeof(*hnd));
DEBUG(4,("Opened policy hnd[%x] ", i));
dump_data(4, hnd->data, sizeof(hnd->data));
dump_data(4, (char *)hnd->data, sizeof(hnd->data));
return True;
}
@ -143,14 +143,14 @@ int find_lsa_policy_by_hnd(POLICY_HND *hnd)
if (memcmp(&(Policy[i].pol_hnd), hnd, sizeof(*hnd)) == 0)
{
DEBUG(4,("Found policy hnd[%x] ", i));
dump_data(4, hnd->data, sizeof(hnd->data));
dump_data(4, (char *)hnd->data, sizeof(hnd->data));
return i;
}
}
DEBUG(4,("Policy not found: "));
dump_data(4, hnd->data, sizeof(hnd->data));
dump_data(4, (char *)hnd->data, sizeof(hnd->data));
return -1;
}

7
source/libsmb/clientgen.c
View File

@ -343,8 +343,8 @@ BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, int pipe_name_len,
data, data_count, max_data_count);
return (cli_receive_trans(cli, SMBtrans,
rparam, rparam_count,
rdata, rdata_count));
rparam, (int *)rparam_count,
rdata, (int *)rdata_count));
}
/****************************************************************************
@ -714,7 +714,8 @@ BOOL cli_send_tconX(struct cli_state *cli,
memcpy(pword, pass, passlen);
}
sprintf(fullshare, "\\\\%s\\%s", cli->desthost, share);
slprintf(fullshare, sizeof(fullshare)-1,
"\\\\%s\\%s", cli->desthost, share);
set_message(cli->outbuf,4,
2 + strlen(fullshare) + passlen + strlen(dev),True);

4
source/libsmb/nmblib.c
View File

@ -294,9 +294,9 @@ char *namestr(struct nmb_name *n)
char *p = ret[i];
if (!n->scope[0])
sprintf(p,"%s<%02x>",n->name,n->name_type);
slprintf(p,sizeof(fstring)-1, "%s<%02x>",n->name,n->name_type);
else
sprintf(p,"%s<%02x>.%s",n->name,n->name_type,n->scope);
slprintf(p,sizeof(fstring)-1, "%s<%02x>.%s",n->name,n->name_type,n->scope);
i = (i+1)%4;
return(p);

2
source/locking/shmem_sysv.c
View File

@ -666,7 +666,7 @@ struct shmem_ops *sysv_shm_open(int ronly)
shm_header_p = (struct ShmHeader *)shmat(shm_id, 0,
read_only?SHM_RDONLY:0);
if ((int)shm_header_p == -1) {
if ((long)shm_header_p == -1) {
DEBUG(0,("Can't attach to IPC area\n"));
global_unlock();
return NULL;

2
source/nmbd/nmbd.c
View File

@ -619,7 +619,7 @@ int main(int argc,char *argv[])
strupper(global_myname);
break;
case 'l':
sprintf(debugf,"%s.nmb",optarg);
slprintf(debugf,sizeof(debugf)-1, "%s.nmb",optarg);
break;
case 'i':
pstrcpy(scope,optarg);

16
source/nmbd/nmbd_serverlistdb.c
View File

@ -365,10 +365,10 @@ void write_browse_list(time_t t, BOOL force_write)
return;
}
sprintf(tmp, "\"%s\"", work->work_group);
slprintf(tmp,sizeof(tmp)-1, "\"%s\"", work->work_group);
fprintf(fp, "%-25s ", tmp);
fprintf(fp, "%08x ", SV_TYPE_DOMAIN_ENUM|SV_TYPE_NT|SV_TYPE_LOCAL_LIST_ONLY);
sprintf(tmp, "\"%s\" ", work->local_master_browser_name);
slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", work->local_master_browser_name);
fprintf(fp, "%-30s", tmp);
fprintf(fp, "\"%s\"\n", work->work_group);
@ -394,10 +394,10 @@ void write_browse_list(time_t t, BOOL force_write)
}
/* Output server details, plus what workgroup they're in. */
sprintf(tmp, "\"%s\"", my_netbios_names[i]);
slprintf(tmp, sizeof(tmp)-1, "\"%s\"", my_netbios_names[i]);
fprintf(fp, "%-25s ", tmp);
fprintf(fp, "%08x ", stype);
sprintf(tmp, "\"%s\" ", lp_serverstring());
slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", lp_serverstring());
fprintf(fp, "%-30s", tmp);
fprintf(fp, "\"%s\"\n", global_myworkgroup);
}
@ -413,11 +413,11 @@ void write_browse_list(time_t t, BOOL force_write)
if(wg_type)
{
sprintf(tmp, "\"%s\"", work->work_group);
slprintf(tmp, sizeof(tmp)-1, "\"%s\"", work->work_group);
fprintf(fp, "%-25s ", tmp);
fprintf(fp, "%08x ", wg_type);
sprintf(tmp, "\"%s\" ", work->local_master_browser_name);
slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", work->local_master_browser_name);
fprintf(fp, "%-30s", tmp);
fprintf(fp, "\"%s\"\n", work->work_group);
}
@ -437,10 +437,10 @@ void write_browse_list(time_t t, BOOL force_write)
if(serv_type)
{
/* Output server details, plus what workgroup they're in. */
sprintf(tmp, "\"%s\"", servrec->serv.name);
slprintf(tmp, sizeof(tmp)-1, "\"%s\"", servrec->serv.name);
fprintf(fp, "%-25s ", tmp);
fprintf(fp, "%08x ", serv_type);
sprintf(tmp, "\"%s\" ", servrec->serv.comment);
slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", servrec->serv.comment);
fprintf(fp, "%-30s", tmp);
fprintf(fp, "\"%s\"\n", work->work_group);
}

6
source/param/loadparm.c
View File

@ -1252,7 +1252,8 @@ BOOL lp_add_home(char *pszHomename, int iDefaultService, char *pszHomedir)
if (!(*(iSERVICE(i).comment)))
{
pstring comment;
sprintf(comment,"Home directory of %s",pszHomename);
slprintf(comment,sizeof(comment),
"Home directory of %s",pszHomename);
string_set(&iSERVICE(i).comment,comment);
}
iSERVICE(i).bAvailable = sDefault.bAvailable;
@ -1283,7 +1284,8 @@ static BOOL lp_add_ipc(void)
if (i < 0)
return(False);
sprintf(comment,"IPC Service (%s)", Globals.szServerString );
slprintf(comment,sizeof(comment),
"IPC Service (%s)", Globals.szServerString );
string_set(&iSERVICE(i).szPath,tmpdir());
string_set(&iSERVICE(i).szUsername,"");

20
source/passdb/smbpass.c
View File

@ -418,7 +418,7 @@ struct smb_passwd *getsmbpwent(void *vp)
p++;
if(*p == ':') {
p++;
if(*p && StrnCaseCmp( p, "LCT-", 4)) {
if(*p && StrnCaseCmp((char *)p, "LCT-", 4)) {
int i;
p += 4;
for(i = 0; i < 8; i++) {
@ -431,7 +431,7 @@ struct smb_passwd *getsmbpwent(void *vp)
* read into a time_t as the seconds since
* 1970 that the password was last changed.
*/
pw_buf.pass_last_set_time = (time_t)strtol(p, NULL, 16);
pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
}
}
}
@ -650,9 +650,9 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
} else {
i=0;
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
sprintf(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
else
sprintf(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
}
p += 32;
@ -665,9 +665,9 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
}
} else {
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
sprintf(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
else
sprintf(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
}
p += 32;
@ -946,7 +946,7 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
p++;
/* We should be pointing at the TLC entry. */
if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && StrnCaseCmp( p, "LCT-", 4)) {
if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && StrnCaseCmp((char *)p, "LCT-", 4)) {
p += 4;
for(i = 0; i < 8; i++) {
@ -1032,7 +1032,9 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
pwd->pass_last_set_time = time(NULL);
if(got_pass_last_set_time) {
sprintf(&ascii_p16[strlen(ascii_p16)], ":[%s]:TLC-%08X:",
slprintf(&ascii_p16[strlen(ascii_p16)],
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
":[%s]:TLC-%08X:",
encode_bits, (uint32)pwd->pass_last_set_time );
wr_len = strlen(ascii_p16);
}
@ -1073,7 +1075,7 @@ static void get_machine_account_file_name( char *domain, char *name, char *mac_f
mac_file_len = strlen(mac_file);
if (sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6 < 0)
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
DEBUG(0,("machine_password_lock: path %s too long to add machine details.\n",
mac_file));

2
source/printing/printing.c
View File

@ -1058,7 +1058,7 @@ int get_printqueue(int snum,int cnum,print_queue_struct **queue,
standard_sub(cnum,syscmd);
sprintf(outfile,"%s/lpq.%08x",tmpdir(),str_checksum(syscmd));
slprintf(outfile,sizeof(outfile)-1, "%s/lpq.%08x",tmpdir(),str_checksum(syscmd));
if (!lpq_cache_reset[snum] && cachetime && !stat(outfile,&sbuf))
{

8
source/rpc_client/cli_login.c
View File

@ -52,7 +52,7 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16])
/**************** Long-term Session key **************/
/* calculate the session key */
cred_session_key(&clnt_chal, &srv_chal, mach_pwd, cli->sess_key);
cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key);
bzero(cli->sess_key+8, 8);
/******************* Authenticate 2 ********************/
@ -113,7 +113,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__));
nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
nt_lm_owf_gen(password, (char *)nt_owf_user_pwd, (char *)lm_owf_user_pwd);
#ifdef DEBUG_PASSWORD
@ -134,7 +134,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
make_id_info1(&ctr->auth.id1, domain, 0,
smb_userid_low, 0,
username, cli->clnt_name_slash,
cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
(char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
/* Ensure we overwrite all the plaintext password
equivalents. */
@ -170,7 +170,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
make_id_info2(&ctr->auth.id2, domain, 0,
smb_userid_low, 0,
username, cli->clnt_name_slash,
lm_chal, lm_chal_resp, nt_chal_resp);
(uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp);
/* Send client sam-logon request - update credentials on success. */
return cli_net_sam_logon(cli, ctr, user_info3);

2
source/rpc_client/cli_netlogon.c
View File

@ -270,7 +270,7 @@ BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16])
/* store the parameters */
make_q_srv_pwset(&q_s, cli->srv_name_slash, cli->mach_acct, sec_chan_type,
global_myname, &new_clnt_cred, hashed_mach_pwd);
global_myname, &new_clnt_cred, (char *)hashed_mach_pwd);
/* turn parameters into data stream */
net_io_q_srv_pwset("", &q_s, &buf, 0);

8
source/rpc_client/cli_pipe.c
View File

@ -95,7 +95,7 @@ static BOOL rpc_read(struct cli_state *cli,
file_offset += num_read;
data += num_read;
cli_error(cli, &errclass, &err);
cli_error(cli, (int *)&errclass, (int *)&err);
if (errclass != 0)
return False;
@ -264,7 +264,7 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
prs_mem_free(&hps);
cli_error(cli, &errclass, &err);
cli_error(cli, (int *)&errclass, (int *)&err);
if (errclass != 0)
return False;
@ -492,10 +492,10 @@ static BOOL valid_pipe_name(char *pipe_name, RPC_IFACE *abstract, RPC_IFACE *tra
if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
{
DEBUG(5,("Bind Abstract Syntax: "));
dump_data(5, (uchar*)&(pipe_names[pipe_idx].abstr_syntax),
dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
sizeof(pipe_names[pipe_idx].abstr_syntax));
DEBUG(5,("Bind Transfer Syntax: "));
dump_data(5, (uchar*)&(pipe_names[pipe_idx].trans_syntax),
dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
sizeof(pipe_names[pipe_idx].trans_syntax));
/* copy the required syntaxes out so we can do the right bind */

4
source/rpc_parse/parse_net.c
View File

@ -742,8 +742,8 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name,
make_unistr2(&(id->uni_user_name ), user_name , len_user_name );
make_unistr2(&(id->uni_wksta_name ), wksta_name , len_wksta_name );
make_string2(&(id->nt_chal_resp ), nt_chal_resp , nt_chal_resp != NULL ? 24 : 0);
make_string2(&(id->lm_chal_resp ), lm_chal_resp , lm_chal_resp != NULL ? 24 : 0);
make_string2(&(id->nt_chal_resp ), (char *)nt_chal_resp , nt_chal_resp != NULL ? 24 : 0);
make_string2(&(id->lm_chal_resp ), (char *)lm_chal_resp , lm_chal_resp != NULL ? 24 : 0);
}
/*******************************************************************

4
source/rpc_parse/parse_prs.c
View File

@ -242,7 +242,7 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str)
ps->offset += i*2;
dump_data(5+depth, start, ps->offset);
dump_data(5+depth, (char *)start, ps->offset);
return True;
}
@ -283,7 +283,7 @@ BOOL prs_string(char *name, prs_struct *ps, int depth, char *str, uint16 len)
ps->offset += i+1;
dump_data(5+depth, start, ps->offset);
dump_data(5+depth, (char *)start, ps->offset);
return True;
}

6
source/rpc_server/srv_lsa_hnd.c
View File

@ -115,7 +115,7 @@ BOOL open_lsa_policy_hnd(POLICY_HND *hnd)
memcpy(&(Policy[i].pol_hnd), hnd, sizeof(*hnd));
DEBUG(4,("Opened policy hnd[%x] ", i));
dump_data(4, hnd->data, sizeof(hnd->data));
dump_data(4, (char *)hnd->data, sizeof(hnd->data));
return True;
}
@ -143,14 +143,14 @@ int find_lsa_policy_by_hnd(POLICY_HND *hnd)
if (memcmp(&(Policy[i].pol_hnd), hnd, sizeof(*hnd)) == 0)
{
DEBUG(4,("Found policy hnd[%x] ", i));
dump_data(4, hnd->data, sizeof(hnd->data));
dump_data(4, (char *)hnd->data, sizeof(hnd->data));
return i;
}
}
DEBUG(4,("Policy not found: "));
dump_data(4, hnd->data, sizeof(hnd->data));
dump_data(4, (char *)hnd->data, sizeof(hnd->data));
return -1;
}

12
source/rpc_server/srv_netlog.c
View File

@ -281,7 +281,7 @@ static void api_net_req_chal( int uid,
strcat(mach_acct, "$");
if (get_md4pw(vuser->dc.md4pw, mach_name, mach_acct))
if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct))
{
/* copy the client credentials */
memcpy(vuser->dc.clnt_chal.data , q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data));
@ -297,7 +297,7 @@ static void api_net_req_chal( int uid,
/* from client / server challenges and md4 password, generate sess key */
cred_session_key(&(vuser->dc.clnt_chal), &(vuser->dc.srv_chal),
vuser->dc.md4pw, vuser->dc.sess_key);
(char *)vuser->dc.md4pw, vuser->dc.sess_key);
}
else
{
@ -489,8 +489,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
memcpy(lm_pwd, id1->lm_owf.data, 16);
memcpy(nt_pwd, id1->nt_owf.data, 16);
SamOEMhash(lm_pwd, key, False);
SamOEMhash(nt_pwd, key, False);
SamOEMhash((uchar *)lm_pwd, key, False);
SamOEMhash((uchar *)nt_pwd, key, False);
#ifdef DEBUG_PASSWORD
DEBUG(100,("decrypt of lm owf password:"));
@ -526,7 +526,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
if (id2->hdr_nt_chal_resp.str_str_len == 24 &&
smb_pass->smb_nt_passwd != NULL)
{
if(smb_password_check(id2->nt_chal_resp.buffer,
if(smb_password_check((char *)id2->nt_chal_resp.buffer,
smb_pass->smb_nt_passwd,
id2->lm_chal))
return 0x0;
@ -543,7 +543,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
*/
if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
smb_password_check(id2->lm_chal_resp.buffer,
smb_password_check((char *)id2->lm_chal_resp.buffer,
smb_pass->smb_passwd,
id2->lm_chal))
{

2
source/smbd/message.c
View File

@ -53,7 +53,7 @@ static void msg_deliver(void)
}
/* put it in a temporary file */
sprintf(s,"%s/msg.XXXXXX",tmpdir());
slprintf(s,sizeof(s)-1, "%s/msg.XXXXXX",tmpdir());
fstrcpy(name,(char *)mktemp(s));
fd = open(name,O_WRONLY|O_CREAT|O_TRUNC|O_EXCL,0600);

14
source/smbd/password.c
View File

@ -1044,7 +1044,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass,
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("smb_password_ok: Checking NT MD4 password\n"));
if (smb_password_check(nt_pass, (uchar *)smb_pass->smb_nt_passwd, challenge))
if (smb_password_check((char *)nt_pass, (uchar *)smb_pass->smb_nt_passwd, challenge))
{
DEBUG(4,("smb_password_ok: NT MD4 password check succeeded\n"));
return(True);
@ -1063,7 +1063,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass,
return True;
}
if((smb_pass->smb_passwd != NULL) && smb_password_check(lm_pass, (uchar *)smb_pass->smb_passwd, challenge))
if((smb_pass->smb_passwd != NULL) && smb_password_check((char *)lm_pass, (uchar *)smb_pass->smb_passwd, challenge))
{
DEBUG(4,("smb_password_ok: LM MD4 password check succeeded\n"));
return(True);
@ -1153,7 +1153,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
return(False);
}
if(smb_password_ok( smb_pass, password, password))
if(smb_password_ok( smb_pass, (unsigned char *)password,(uchar *)password))
{
update_protected_database(user,True);
return(True);
@ -1704,7 +1704,7 @@ BOOL check_hosts_equiv(char *user)
char *home = get_home_dir(user);
if (home) {
extern int Client;
sprintf(rhostsfile, "%s/.rhosts", home);
slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
if (check_user_equiv(user,client_name(Client),rhostsfile))
return(True);
}
@ -1953,8 +1953,8 @@ BOOL domain_client_validate( char *user, char *domain,
DEBUG(3,("domain_client_validate: User passwords not in encrypted format.\n"));
generate_random_buffer( local_challenge, 8, False);
SMBencrypt( smb_apasswd, local_challenge, local_lm_response);
SMBNTencrypt( smb_ntpasswd, local_challenge, local_nt_reponse);
SMBencrypt( (uchar *)smb_apasswd, local_challenge, local_lm_response);
SMBNTencrypt((uchar *)smb_ntpasswd, local_challenge, local_nt_reponse);
smb_apasslen = 24;
smb_ntpasslen = 24;
smb_apasswd = (char *)local_lm_response;
@ -2127,7 +2127,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
/* We really don't care what LUID we give the user. */
generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False);
if(cli_nt_login_network(&cli, domain, user, smb_uid_low, local_challenge,
if(cli_nt_login_network(&cli, domain, user, smb_uid_low, (char *)local_challenge,
smb_apasswd, smb_ntpasswd, &ctr, &info3) == False) {
DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \
%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli)));

10
source/smbd/reply.c
View File

@ -1149,7 +1149,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
smb_setlen(outbuf,outsize - 4);
if ((! *directory) && dptr_path(dptr_num))
sprintf(directory,"(%s)",dptr_path(dptr_num));
slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
DEBUG(4,("%s %s mask=%s path=%s cnum=%d dtype=%d nument=%d of %d\n",
timestring(),
@ -1716,7 +1716,7 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
if(!mask_match(fname, mask, case_sensitive, False)) continue;
error = ERRnoaccess;
sprintf(fname,"%s/%s",directory,dname);
slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
if (!can_delete(fname,cnum,dirtype)) continue;
if (!sys_unlink(fname)) count++;
DEBUG(3,("reply_unlink : doing unlink on %s\n",fname));
@ -2622,7 +2622,7 @@ int reply_printopen(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
if (strlen(s) > 10) s[10] = 0;
sprintf(fname,"%s.XXXXXX",s);
slprintf(fname,sizeof(fname)-1, "%s.XXXXXX",s);
}
fnum = find_free_file();
@ -3238,7 +3238,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
if(!mask_match(fname, mask, case_sensitive, False)) continue;
error = ERRnoaccess;
sprintf(fname,"%s/%s",directory,dname);
slprintf(fname,sizeof(fname)-1,"%s/%s",directory,dname);
if (!can_rename(fname,cnum)) {
DEBUG(6,("rename %s refused\n", fname));
continue;
@ -3451,7 +3451,7 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
if(!mask_match(fname, mask, case_sensitive, False)) continue;
error = ERRnoaccess;
sprintf(fname,"%s/%s",directory,dname);
slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
strcpy(destname,newname);
if (resolve_wildcards(fname,destname) &&
copy_file(directory,newname,cnum,ofun,

8
source/smbd/server.c
View File

@ -563,7 +563,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
{
char *s;
fstring name2;
sprintf(name2,"%.6s.XXXXXX",remote_machine);
slprintf(name2,sizeof(name2)-1,"%.6s.XXXXXX",remote_machine);
/* sanitise the name */
for (s=name2 ; *s ; s++)
if (!issafe(*s)) *s = '_';
@ -754,8 +754,8 @@ int disk_free(char *path,int *bsize,int *dfree,int *dsize)
pstring syscmd;
pstring outfile;
sprintf(outfile,"%s/dfree.smb.%d",tmpdir(),(int)getpid());
sprintf(syscmd,"%s %s",df_command,path);
slprintf(outfile,sizeof(outfile)-1, "%s/dfree.smb.%d",tmpdir(),(int)getpid());
slprintf(syscmd,sizeof(syscmd)-1,"%s %s",df_command,path);
standard_sub_basic(syscmd);
ret = smbrun(syscmd,outfile,False);
@ -1439,7 +1439,7 @@ static void check_magic(int fnum,int cnum)
if (*lp_magicoutput(SNUM(cnum)))
pstrcpy(magic_output,lp_magicoutput(SNUM(cnum)));
else
sprintf(magic_output,"%s.out",fname);
slprintf(magic_output,sizeof(fname)-1, "%s.out",fname);
chmod(fname,0755);
ret = smbrun(fname,magic_output,False);

4
source/smbd/trans2.c
View File

@ -772,7 +772,7 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata));
if ((! *directory) && dptr_path(dptr_num))
sprintf(directory,"(%s)",dptr_path(dptr_num));
slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
DEBUG(4,("%s %s mask=%s directory=%s cnum=%d dirtype=%d numentries=%d\n",
timestring(),
@ -985,7 +985,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata));
if ((! *directory) && dptr_path(dptr_num))
sprintf(directory,"(%s)",dptr_path(dptr_num));
slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
DEBUG(3,("%s %s mask=%s directory=%s cnum=%d dirtype=%d numentries=%d\n",
timestring(),

2
source/smbd/uid.c
View File

@ -420,7 +420,7 @@ int smbrun(char *cmd,char *outfile,BOOL shared)
return(1);
}
sprintf(syscmd,"%s %d %d \"(%s 2>&1) > %s\"",
slprintf(syscmd,sizeof(syscmd)-1,"%s %d %d \"(%s 2>&1) > %s\"",
path,uid,gid,cmd,
outfile?outfile:"/dev/null");

2
source/utils/smbpasswd.c
View File

@ -174,7 +174,7 @@ static int join_domain( char *domain, char *remote)
fstrcpy(remote_machine, remote ? remote : "");
fstrcpy(machine_passwd, global_myname);
strlower(machine_passwd);
E_md4hash( machine_passwd, machine_passwd_hash);
E_md4hash((uchar *)machine_passwd, machine_passwd_hash);
generate_random_buffer( new_machine_passwd_hash, 16, True);