diff options
| author | Andreas Schneider <asn@samba.org> | 2019-03-12 10:09:14 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2019-03-22 09:55:35 +0000 |
| commit | e07b8444f53337f89b1641e7fe3553fa74d1f663 (patch) | |
| tree | 9dbd62c58f2e1a5bb34be5e8fbc649785e8e3c1f /source3/client | |
| parent | 590fd475878230420c7f74feed839f15619cc726 (diff) | |
| download | samba-e07b8444f53337f89b1641e7fe3553fa74d1f663.tar.gz | |
s3:client: Make sure we work on a copy of the title
We can't be sure we can write to the input buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 129ae27946318a075e99c9e6d1bacf8963f72282)
Diffstat (limited to 'source3/client')
| -rw-r--r-- | source3/client/smbspool.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index 3dbf6be014b..94c7ea368a2 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -66,7 +66,7 @@ static struct cli_state *smb_complete_connection(const char *, const char *, int, const char *, const char *, const char *, const char *, int, bool *need_auth); static struct cli_state *smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *, bool *need_auth); -static int smb_print(struct cli_state *, char *, FILE *); +static int smb_print(struct cli_state *, const char *, FILE *); static char *uri_unescape_alloc(const char *); #if 0 static bool smb_encrypt; @@ -655,7 +655,7 @@ kerberos_auth: static int /* O - 0 = success, non-0 = failure */ smb_print(struct cli_state * cli, /* I - SMB connection */ - char *title, /* I - Title/job name */ + const char *print_title, /* I - Title/job name */ FILE * fp) { /* I - File to print */ uint16_t fnum; /* File number */ @@ -663,12 +663,18 @@ smb_print(struct cli_state * cli, /* I - SMB connection */ tbytes; /* Total bytes read */ char buffer[8192], /* Buffer for copy */ *ptr; /* Pointer into title */ + char title[1024] = {0}; + int len; NTSTATUS nt_status; /* - * Sanitize the title... - */ + * Sanitize the title... + */ + len = snprintf(title, sizeof(title), "%s", print_title); + if (len != strlen(print_title)) { + return 2; + } for (ptr = title; *ptr; ptr++) { if (!isalnum((int) *ptr) && !isspace((int) *ptr)) { |