diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-09-26 12:39:45 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-09-26 12:39:45 +0000 |
commit | e8dd34b0d3ba704deff696c1683297536a494893 (patch) | |
tree | a53f2b1b66285c18b7696df87e0b1e3f520006bb /source/nameannounce.c | |
parent | c701db19e14d1b53103acbb8f7abe4c8bc2c3614 (diff) | |
download | samba-e8dd34b0d3ba704deff696c1683297536a494893.tar.gz |
This commit fixes the security hole due to buffer overflows.
The main fix is just a couple of lines long, but I have now also put
precautionary checks on a large number of other places in the code
where unchecked string copies were being performed. An exploit via one
of these copies is unlikely, but is is better to be safe.
I also added a routine to log possible exploit attempts using the code
that was posted for obtaining root access on a Samba server.
Diffstat (limited to 'source/nameannounce.c')
-rw-r--r-- | source/nameannounce.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source/nameannounce.c b/source/nameannounce.c index 684ef412581..84e3ad3fa77 100644 --- a/source/nameannounce.c +++ b/source/nameannounce.c @@ -174,11 +174,11 @@ void do_announce_host(int command, SSVAL(p,27,BROWSER_ELECTION_VERSION); SSVAL(p,29,BROWSER_CONSTANT); /* browse signature */ - strcpy(p+31,server_comment); + pstrcpy(p+31,server_comment); p += 31; p = skip_string(p,1); - debug_browse_data(outbuf, PTR_DIFF(p,outbuf)); + debug_browse_data(outbuf, PTR_DIFF(p,outbuf)); /* send the announcement */ send_mailslot_reply(False,BROWSE_MAILSLOT,ClientDGRAM,outbuf, |