diff options
author | Andreas Schneider <asn@samba.org> | 2019-03-12 10:09:14 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-03-26 07:49:18 +0000 |
commit | e28dd0f95b307fcbff2f06f73eb5fe7293b3c24c (patch) | |
tree | 6ea9b7d731a68ea9d226fb2c123f4967703bd82e | |
parent | f284a5c10f7c8df63f1303f8aa695ec09f7ea711 (diff) | |
download | samba-e28dd0f95b307fcbff2f06f73eb5fe7293b3c24c.tar.gz |
s3:client: Make sure we work on a copy of the title
We can't be sure we can write to the input buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 129ae27946318a075e99c9e6d1bacf8963f72282)
-rw-r--r-- | source3/client/smbspool.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index e94d5b33324..4d78db7f77c 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -66,7 +66,7 @@ static struct cli_state *smb_complete_connection(const char *, const char *, int, const char *, const char *, const char *, const char *, int, bool *need_auth); static struct cli_state *smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *, bool *need_auth); -static int smb_print(struct cli_state *, char *, FILE *); +static int smb_print(struct cli_state *, const char *, FILE *); static char *uri_unescape_alloc(const char *); #if 0 static bool smb_encrypt; @@ -655,7 +655,7 @@ kerberos_auth: static int /* O - 0 = success, non-0 = failure */ smb_print(struct cli_state * cli, /* I - SMB connection */ - char *title, /* I - Title/job name */ + const char *print_title, /* I - Title/job name */ FILE * fp) { /* I - File to print */ uint16_t fnum; /* File number */ @@ -663,12 +663,18 @@ smb_print(struct cli_state * cli, /* I - SMB connection */ tbytes; /* Total bytes read */ char buffer[8192], /* Buffer for copy */ *ptr; /* Pointer into title */ + char title[1024] = {0}; + int len; NTSTATUS nt_status; /* - * Sanitize the title... - */ + * Sanitize the title... + */ + len = snprintf(title, sizeof(title), "%s", print_title); + if (len != strlen(print_title)) { + return 2; + } for (ptr = title; *ptr; ptr++) { if (!isalnum((int) *ptr) && !isspace((int) *ptr)) { |