diff options
author | Andrew Tridgell <tridge@samba.org> | 1998-05-11 06:38:36 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1998-05-11 06:38:36 +0000 |
commit | ee09e9dadb69aaba5a751dd20ccc6d587d841bd6 (patch) | |
tree | b7d08dcf7d06d74c7bba90655f720c14cff8981a /source/libsmb/clientgen.c | |
parent | 6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f (diff) | |
download | samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.tar.gz |
changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
Diffstat (limited to 'source/libsmb/clientgen.c')
-rw-r--r-- | source/libsmb/clientgen.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c index d72040505f1..8b4001827c0 100644 --- a/source/libsmb/clientgen.c +++ b/source/libsmb/clientgen.c @@ -343,8 +343,8 @@ BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, int pipe_name_len, data, data_count, max_data_count); return (cli_receive_trans(cli, SMBtrans, - rparam, rparam_count, - rdata, rdata_count)); + rparam, (int *)rparam_count, + rdata, (int *)rdata_count)); } /**************************************************************************** @@ -714,7 +714,8 @@ BOOL cli_send_tconX(struct cli_state *cli, memcpy(pword, pass, passlen); } - sprintf(fullshare, "\\\\%s\\%s", cli->desthost, share); + slprintf(fullshare, sizeof(fullshare)-1, + "\\\\%s\\%s", cli->desthost, share); set_message(cli->outbuf,4, 2 + strlen(fullshare) + passlen + strlen(dev),True); |