This commit fixes the security hole due to buffer overflows.

The main fix is just a couple of lines long, but I have now also put precautionary checks on a large number of other places in the code where unchecked string copies were being performed. An exploit via one of these copies is unlikely, but is is better to be safe. I also added a routine to log possible exploit attempts using the code that was posted for obtaining root access on a Samba server.
author: Andrew Tridgell <tridge@samba.org> 1997-09-26 12:39:45 +0000
committer: Andrew Tridgell <tridge@samba.org> 1997-09-26 12:39:45 +0000
commit: e8dd34b0d3ba704deff696c1683297536a494893 (patch)
tree: a53f2b1b66285c18b7696df87e0b1e3f520006bb /source/nameannounce.c
parent: c701db19e14d1b53103acbb8f7abe4c8bc2c3614 (diff)
download: samba-e8dd34b0d3ba704deff696c1683297536a494893.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/source/nameannounce.c b/source/nameannounce.c
index 684ef412581..84e3ad3fa77 100644
--- a/source/nameannounce.c
+++ b/source/nameannounce.c
@@ -174,11 +174,11 @@ void do_announce_host(int command,
 	SSVAL(p,27,BROWSER_ELECTION_VERSION);
 	SSVAL(p,29,BROWSER_CONSTANT); /* browse signature */
 
-	strcpy(p+31,server_comment);
+	pstrcpy(p+31,server_comment);
 	p += 31;
 	p = skip_string(p,1);
 
-    debug_browse_data(outbuf, PTR_DIFF(p,outbuf));
+	debug_browse_data(outbuf, PTR_DIFF(p,outbuf));
 
 	/* send the announcement */
 	send_mailslot_reply(False,BROWSE_MAILSLOT,ClientDGRAM,outbuf,
author	Andrew Tridgell <tridge@samba.org>	1997-09-26 12:39:45 +0000
committer	Andrew Tridgell <tridge@samba.org>	1997-09-26 12:39:45 +0000
commit	e8dd34b0d3ba704deff696c1683297536a494893 (patch)
tree	a53f2b1b66285c18b7696df87e0b1e3f520006bb /source/nameannounce.c
parent	c701db19e14d1b53103acbb8f7abe4c8bc2c3614 (diff)
download	samba-e8dd34b0d3ba704deff696c1683297536a494893.tar.gz