diff options
| author | Andrew Tridgell <tridge@samba.org> | 2003-02-07 04:10:25 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2003-02-07 04:10:25 +0000 |
| commit | 2f727ca7d5bb000ecba4137d26debbb03d6cbdfd (patch) | |
| tree | ec2a117fc365bd79122caf58935500c328da0846 | |
| parent | 0d6591238b64d333bc1a0e7404e361215de552ab (diff) | |
| download | samba-2f727ca7d5bb000ecba4137d26debbb03d6cbdfd.tar.gz | |
merge from head
| -rw-r--r-- | source/lib/util_str.c | 14 | ||||
| -rw-r--r-- | source/smbd/filename.c | 22 |
2 files changed, 23 insertions, 13 deletions
diff --git a/source/lib/util_str.c b/source/lib/util_str.c index c5f1608141a..215979f0179 100644 --- a/source/lib/util_str.c +++ b/source/lib/util_str.c @@ -929,18 +929,20 @@ char *safe_strcat(char *dest, const char *src, size_t maxlength) if (!src) return dest; - + src_len = strlen(src); dest_len = strlen(dest); if (src_len + dest_len > maxlength) { DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n", - (int)(src_len + dest_len - maxlength), src)); - if (dest_len >= maxlength) - return dest; - src_len = maxlength - dest_len; + (int)(src_len + dest_len - maxlength), src)); + if (maxlength > dest_len) { + memcpy(&dest[dest_len], src, maxlength - dest_len); + } + dest[maxlength] = 0; + return NULL; } - + memcpy(&dest[dest_len], src, src_len); dest[dest_len + src_len] = 0; return dest; diff --git a/source/smbd/filename.c b/source/smbd/filename.c index fd4377c54fd..0922aceb3c6 100644 --- a/source/smbd/filename.c +++ b/source/smbd/filename.c @@ -33,7 +33,8 @@ extern BOOL short_case_preserve; extern fstring remote_machine; extern BOOL use_mangled_map; -static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL docache); +static BOOL scan_directory(char *path, char *name,size_t maxlength, + connection_struct *conn,BOOL docache); /**************************************************************************** Check if two filenames are equal. @@ -272,7 +273,11 @@ BOOL unix_convert(char *name,connection_struct *conn,char *saved_last_component, * Try to find this part of the path in the directory. */ - if (ms_has_wild(start) || !scan_directory(dirpath, start, conn, end?True:False)) { + if (ms_has_wild(start) || + !scan_directory(dirpath, start, + sizeof(pstring) - 1 - (start - name), + conn, + end?True:False)) { if (end) { /* * An intermediate part of the name can't be found. @@ -321,8 +326,10 @@ BOOL unix_convert(char *name,connection_struct *conn,char *saved_last_component, */ if (end) { end = start + strlen(start); - pstrcat(start,"/"); - pstrcat(start,rest); + if (!safe_strcat(start, "/", sizeof(pstring) - 1 - (start - name)) || + !safe_strcat(start, rest, sizeof(pstring) - 1 - (start - name))) { + return False; + } *end = '\0'; } else { /* @@ -434,7 +441,8 @@ BOOL check_name(char *name,connection_struct *conn) If the name looks like a mangled name then try via the mangling functions ****************************************************************************/ -static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL docache) +static BOOL scan_directory(char *path, char *name,size_t maxlength, + connection_struct *conn,BOOL docache) { void *cur_dir; char *dname; @@ -447,7 +455,7 @@ static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL d path = "."; if (docache && (dname = DirCacheCheck(path,name,SNUM(conn)))) { - pstrcpy(name, dname); + safe_strcpy(name, dname, maxlength); return(True); } @@ -487,7 +495,7 @@ static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL d /* we've found the file, change it's name and return */ if (docache) DirCacheAdd(path,name,dname,SNUM(conn)); - pstrcpy(name, dname); + safe_strcpy(name, dname, maxlength); CloseDir(cur_dir); return(True); } |