diff options
| author | Andrew Tridgell <tridge@samba.org> | 1998-08-31 03:11:42 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1998-08-31 03:11:42 +0000 |
| commit | 3eade55dc7c842bdc50205c330802d211fae54d3 (patch) | |
| tree | 09bca34d4463927d2930e9e926165d378ecb870f /source | |
| parent | 7d455ee637b6ff70c95845f89d71573ca07b83f3 (diff) | |
| download | samba-3eade55dc7c842bdc50205c330802d211fae54d3.tar.gz | |
bounds check next_token() to prevent possible buffer overflows
Diffstat (limited to 'source')
| -rw-r--r-- | source/client/client.c | 49 | ||||
| -rw-r--r-- | source/client/clitar.c | 10 | ||||
| -rw-r--r-- | source/client/smbmount.c | 10 | ||||
| -rw-r--r-- | source/include/proto.h | 2 | ||||
| -rw-r--r-- | source/lib/interface.c | 2 | ||||
| -rw-r--r-- | source/lib/username.c | 2 | ||||
| -rw-r--r-- | source/lib/util.c | 26 | ||||
| -rw-r--r-- | source/libsmb/namequery.c | 10 | ||||
| -rw-r--r-- | source/nmbd/nmbd.c | 4 | ||||
| -rw-r--r-- | source/nmbd/nmbd_sendannounce.c | 4 | ||||
| -rw-r--r-- | source/nmbd/nmbd_synclists.c | 10 | ||||
| -rw-r--r-- | source/nmbd/nmbd_winsserver.c | 14 | ||||
| -rw-r--r-- | source/printing/printing.c | 27 | ||||
| -rw-r--r-- | source/rpc_client/cli_netlogon.c | 5 | ||||
| -rw-r--r-- | source/rpc_parse/parse_net.c | 4 | ||||
| -rw-r--r-- | source/rpc_server/srv_util.c | 10 | ||||
| -rw-r--r-- | source/smbd/chgpasswd.c | 4 | ||||
| -rw-r--r-- | source/smbd/groupname.c | 4 | ||||
| -rw-r--r-- | source/smbd/ipc.c | 26 | ||||
| -rw-r--r-- | source/smbd/password.c | 4 | ||||
| -rw-r--r-- | source/utils/make_smbcodepage.c | 8 |
21 files changed, 128 insertions, 107 deletions
diff --git a/source/client/client.c b/source/client/client.c index 9a4806b7a2f..855d4cc2deb 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -448,7 +448,7 @@ static void cmd_cd(char *inbuf,char *outbuf) { fstring buf; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) do_cd(buf); else DEBUG(0,("Current directory is %s\n",CNV_LANG(cur_dir))); @@ -1033,7 +1033,7 @@ static void cmd_dir(char *inbuf,char *outbuf) if(mask[strlen(mask)-1]!='\\') pstrcat(mask,"\\"); - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if (*p == '\\') pstrcpy(mask,p); @@ -1463,14 +1463,14 @@ static void cmd_get(char *dum_in, char *dum_out) p = rname + strlen(rname); - if (!next_token(NULL,p,NULL)) { + if (!next_token(NULL,p,NULL,sizeof(rname)-strlen(rname))) { DEBUG(0,("get <filename>\n")); return; } pstrcpy(lname,p); dos_clean_name(rname); - next_token(NULL,lname,NULL); + next_token(NULL,lname,NULL,sizeof(lname)); do_get(rname,lname,NULL); } @@ -1577,7 +1577,7 @@ static void cmd_more(char *dum_in, char *dum_out) "%s/smbmore.%d",tmpdir(),(int)getpid()); fstrcpy(lname,tmpname); - if (!next_token(NULL,rname+strlen(rname),NULL)) { + if (!next_token(NULL,rname+strlen(rname),NULL,sizeof(rname)-strlen(rname))) { DEBUG(0,("more <filename>\n")); return; } @@ -1612,7 +1612,7 @@ static void cmd_mget(char *inbuf,char *outbuf) abort_mget = False; - while (next_token(NULL,p,NULL)) + while (next_token(NULL,p,NULL,sizeof(buf))) { pstrcpy(mget_mask,cur_dir); if(mget_mask[strlen(mget_mask)-1]!='\\') @@ -1692,7 +1692,7 @@ static void cmd_mkdir(char *inbuf,char *outbuf) pstrcpy(mask,cur_dir); - if (!next_token(NULL,p,NULL)) + if (!next_token(NULL,p,NULL,sizeof(buf))) { if (!recurse) DEBUG(0,("mkdir <dirname>\n")); @@ -1983,14 +1983,14 @@ static void cmd_put(char *dum_in, char *dum_out) pstrcat(rname,"\\"); - if (!next_token(NULL,p,NULL)) + if (!next_token(NULL,p,NULL,sizeof(buf))) { DEBUG(0,("put <filename>\n")); return; } pstrcpy(lname,p); - if (next_token(NULL,p,NULL)) + if (next_token(NULL,p,NULL,sizeof(buf))) pstrcat(rname,p); else pstrcat(rname,lname); @@ -2040,7 +2040,7 @@ static BOOL seek_list(FILE *f,char *name) static void cmd_select(char *dum_in, char *dum_out) { pstrcpy(fileselection,""); - next_token(NULL,fileselection,NULL); + next_token(NULL,fileselection,NULL,sizeof(fileselection)); } @@ -2058,7 +2058,7 @@ static void cmd_mput(char *dum_in, char *dum_out) finfo = def_finfo; - while (next_token(NULL,p,NULL)) + while (next_token(NULL,p,NULL,sizeof(buf))) { struct stat st; pstring cmd; @@ -2197,14 +2197,14 @@ static void cmd_cancel(char *inbuf,char *outbuf ) DEBUG(0,("Trying to cancel print jobs without -P may fail\n")); } - if (!next_token(NULL,buf,NULL)) { + if (!next_token(NULL,buf,NULL,sizeof(buf))) { printf("cancel <jobid> ...\n"); return; } do { job = atoi(buf); do_cancel(job); - } while (next_token(NULL,buf,NULL)); + } while (next_token(NULL,buf,NULL,sizeof(buf))); } @@ -2228,7 +2228,7 @@ static void cmd_print(char *inbuf,char *outbuf ) DEBUG(0,("Trying to print without -P may fail\n")); } - if (!next_token(NULL,lname,NULL)) + if (!next_token(NULL,lname,NULL, sizeof(lname))) { DEBUG(0,("print <filename>\n")); return; @@ -2699,7 +2699,7 @@ static void cmd_del(char *inbuf,char *outbuf ) pstrcpy(mask,cur_dir); - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0,("del <filename>\n")); return; @@ -2721,7 +2721,7 @@ static void cmd_rmdir(char *inbuf,char *outbuf ) pstrcpy(mask,cur_dir); - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0,("rmdir <dirname>\n")); return; @@ -2763,7 +2763,8 @@ static void cmd_rename(char *inbuf,char *outbuf ) pstrcpy(src,cur_dir); pstrcpy(dest,cur_dir); - if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf)) || + !next_token(NULL,buf2,NULL, sizeof(buf2))) { DEBUG(0,("rename <src> <dest>\n")); return; @@ -2817,7 +2818,7 @@ static void cmd_newer(char *dum_in, char *dum_out) BOOL ok; struct stat sbuf; - ok = next_token(NULL,buf,NULL); + ok = next_token(NULL,buf,NULL,sizeof(buf)); if (ok && (sys_stat(buf,&sbuf) == 0)) { newer_than = sbuf.st_mtime; @@ -2838,7 +2839,7 @@ static void cmd_archive(char *dum_in, char *dum_out) { fstring buf; - if (next_token(NULL,buf,NULL)) { + if (next_token(NULL,buf,NULL,sizeof(buf))) { archive_level = atoi(buf); } else DEBUG(0,("Archive level is %d\n",archive_level)); @@ -2884,7 +2885,7 @@ static void cmd_printmode(char *dum_in, char *dum_out) fstring buf; fstring mode; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if (strequal(buf,"text")) printmode = 0; @@ -2921,7 +2922,7 @@ static void cmd_lcd(char *dum_in, char *dum_out) fstring buf; pstring d; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) sys_chdir(buf); DEBUG(2,("the local directory is now %s\n",GetWd(d))); } @@ -3299,7 +3300,7 @@ void cmd_help(char *dum_in, char *dum_out) int i=0,j; fstring buf; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if ((i = process_tok(buf)) >= 0) DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description)); @@ -3398,7 +3399,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) @@ -3438,7 +3439,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) diff --git a/source/client/clitar.c b/source/client/clitar.c index 395f31edcf7..47903d20beb 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -2073,7 +2073,7 @@ void cmd_block(char *dum_in, char *dum_out) fstring buf; int block; - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0, ("blocksize <n>\n")); return; @@ -2097,7 +2097,7 @@ void cmd_tarmode(char *dum_in, char *dum_out) { fstring buf; - while (next_token(NULL,buf,NULL)) { + while (next_token(NULL,buf,NULL,sizeof(buf))) { if (strequal(buf, "full")) tar_inc=False; else if (strequal(buf, "inc")) @@ -2143,7 +2143,7 @@ void cmd_setmode(char *dum_in, char *dum_out) attra[0] = attra[1] = 0; - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0, ("setmode <filename> <perm=[+|-]rsha>\n")); return; @@ -2152,7 +2152,7 @@ void cmd_setmode(char *dum_in, char *dum_out) safe_strcpy(fname, cur_dir, sizeof(pstring)); safe_strcat(fname, buf, sizeof(pstring)); - while (next_token(NULL,buf,NULL)) { + while (next_token(NULL,buf,NULL,sizeof(buf))) { q=buf; while(*q) @@ -2194,7 +2194,7 @@ void cmd_tar(char *inbuf, char *outbuf) char **argl; int argcl; - if (!next_token(NULL,buf,NULL)) + if (!next_token(NULL,buf,NULL,sizeof(buf))) { DEBUG(0,("tar <c|x>[IXbga] <filename>\n")); return; diff --git a/source/client/smbmount.c b/source/client/smbmount.c index 9bc7cba6f65..95aeecde3c5 100644 --- a/source/client/smbmount.c +++ b/source/client/smbmount.c @@ -326,7 +326,7 @@ static void cmd_mount(char *inbuf,char *outbuf) int retval; char mount_point[MAXPATHLEN+1]; - if (!next_token(NULL, mpoint, NULL)) + if (!next_token(NULL, mpoint, NULL, sizeof(mpoint))) { DEBUG(0,("You must supply a mount point\n")); return; @@ -350,7 +350,7 @@ static void cmd_mount(char *inbuf,char *outbuf) slprintf(mount_command, sizeof(mount_command)-1,"smbmnt %s -s %s", mount_point, share_name); - while(next_token(NULL, buf, NULL)) + while(next_token(NULL, buf, NULL, sizeof(buf))) { pstrcat(mount_command, " "); pstrcat(mount_command, buf); @@ -429,7 +429,7 @@ void cmd_help(char *dum_in, char *dum_out) int i=0,j; fstring buf; - if (next_token(NULL,buf,NULL)) + if (next_token(NULL,buf,NULL,sizeof(buf))) { if ((i = process_tok(buf)) >= 0) DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description)); @@ -527,7 +527,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) @@ -567,7 +567,7 @@ static BOOL process(char *base_directory) /* and get the first part of the command */ { char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; + if (!next_token(&ptr,tok,NULL,sizeof(tok))) continue; } if ((i = process_tok(tok)) >= 0) diff --git a/source/include/proto.h b/source/include/proto.h index ae38ece1a26..8ee95483c5c 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -216,7 +216,7 @@ BOOL user_in_list(char *user,char *list); char *tmpdir(void); BOOL is_a_socket(int fd); -BOOL next_token(char **ptr,char *buff,char *sep); +BOOL next_token(char **ptr,char *buff,char *sep, int bufsize); char **toktocliplist(int *ctok, char *sep); void *mem_dup( void *from, int size ); void array_promote(char *array,int elsize,int element); diff --git a/source/lib/interface.c b/source/lib/interface.c index 8cc5cfb0b16..581a2135bd8 100644 --- a/source/lib/interface.c +++ b/source/lib/interface.c @@ -136,7 +136,7 @@ static void interpret_interfaces(char *s, struct interface **interfaces, allones_ip = *interpret_addr2("255.255.255.255"); loopback_ip = *interpret_addr2("127.0.0.1"); - while (next_token(&ptr,token,NULL)) { + while (next_token(&ptr,token,NULL,sizeof(token))) { /* parse it into an IP address/netmasklength pair */ char *p = strchr(token,'/'); if (p) *p++ = 0; diff --git a/source/lib/username.c b/source/lib/username.c index a9d391f11a5..f56f7efce2e 100644 --- a/source/lib/username.c +++ b/source/lib/username.c @@ -297,7 +297,7 @@ BOOL user_in_list(char *user,char *list) pstring tok; char *p=list; - while (next_token(&p,tok,LIST_SEP)) + while (next_token(&p,tok,LIST_SEP, sizeof(tok))) { /* * Check raw username. diff --git a/source/lib/util.c b/source/lib/util.c index 5b8428b546d..a52228c997e 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -131,10 +131,11 @@ static char *last_ptr=NULL; Based on a routine by GJC@VILLAGE.COM. Extensively modified by Andrew.Tridgell@anu.edu.au ****************************************************************************/ -BOOL next_token(char **ptr,char *buff,char *sep) +BOOL next_token(char **ptr,char *buff,char *sep, int bufsize) { char *s; BOOL quoted; + int len=1; if (!ptr) ptr = &last_ptr; if (!ptr) return(False); @@ -151,12 +152,14 @@ BOOL next_token(char **ptr,char *buff,char *sep) if (! *s) return(False); /* copy over the token */ - for (quoted = False; *s && (quoted || !strchr(sep,*s)); s++) + for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) { - if (*s == '\"') - quoted = !quoted; - else - *buff++ = *s; + if (*s == '\"') { + quoted = !quoted; + } else { + len++; + *buff++ = *s; + } } *ptr = (*s) ? s+1 : s; @@ -291,7 +294,7 @@ void set_socket_options(int fd, char *options) { fstring tok; - while (next_token(&options,tok," \t,")) + while (next_token(&options,tok," \t,", sizeof(tok))) { int ret=0,i; int value = 1; @@ -2618,7 +2621,7 @@ BOOL in_list(char *s,char *list,BOOL casesensitive) if (!list) return(False); - while (next_token(&p,tok,LIST_SEP)) + while (next_token(&p,tok,LIST_SEP,sizeof(tok))) { if (casesensitive) { if (strcmp(tok,s) == 0) @@ -5085,7 +5088,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr) } p += 2; - if(!next_token(&p, tok, "-")) { + if(!next_token(&p, tok, "-", sizeof(tok))) { DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); return False; } @@ -5093,7 +5096,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr) /* Get the revision number. */ sidout->sid_rev_num = atoi(tok); - if(!next_token(&p, tok, "-")) { + if(!next_token(&p, tok, "-", sizeof(tok))) { DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); return False; } @@ -5111,7 +5114,8 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr) sidout->num_auths = 0; - while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) { + while(next_token(&p, tok, "-", sizeof(tok)) && + sidout->num_auths < MAXSUBAUTHS) { /* * NOTE - the subauths are in native machine-endian format. They * are converted to little-endian when linearized onto the wire. diff --git a/source/libsmb/namequery.c b/source/libsmb/namequery.c index 8b0d68ce6a4..5e189020ad8 100644 --- a/source/libsmb/namequery.c +++ b/source/libsmb/namequery.c @@ -347,13 +347,13 @@ BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr ptr = line; - if (next_token(&ptr,ip ,NULL)) + if (next_token(&ptr,ip ,NULL,sizeof(ip))) ++count; - if (next_token(&ptr,name ,NULL)) + if (next_token(&ptr,name ,NULL, sizeof(name))) ++count; - if (next_token(&ptr,flags,NULL)) + if (next_token(&ptr,flags,NULL, sizeof(flags))) ++count; - if (next_token(&ptr,extra,NULL)) + if (next_token(&ptr,extra,NULL, sizeof(extra))) ++count; if (count <= 0) @@ -452,7 +452,7 @@ BOOL resolve_name(char *name, struct in_addr *return_ip) ptr = name_resolve_list; if (!ptr || !*ptr) ptr = "host"; - while (next_token(&ptr, tok, LIST_SEP)) { + while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) { if(strequal(tok, "host") || strequal(tok, "hosts")) { /* diff --git a/source/nmbd/nmbd.c b/source/nmbd/nmbd.c index 9210ce4dcf8..feb9c2420e3 100644 --- a/source/nmbd/nmbd.c +++ b/source/nmbd/nmbd.c @@ -468,7 +468,7 @@ static BOOL init_structs(void) */ /* Work out the max number of netbios aliases that we have */ ptr = lp_netbios_aliases(); - for( namecount=0; next_token(&ptr,nbname,NULL); namecount++ ) + for( namecount=0; next_token(&ptr,nbname,NULL, sizeof(nbname)); namecount++ ) ; if ( *global_myname ) namecount++; @@ -487,7 +487,7 @@ static BOOL init_structs(void) my_netbios_names[namecount++] = global_myname; ptr = lp_netbios_aliases(); - while ( next_token( &ptr, nbname, NULL ) ) + while ( next_token( &ptr, nbname, NULL, sizeof(nbname) ) ) { strupper( nbname ); /* Look for duplicates */ diff --git a/source/nmbd/nmbd_sendannounce.c b/source/nmbd/nmbd_sendannounce.c index d43d2878e3e..38c8deafe72 100644 --- a/source/nmbd/nmbd_sendannounce.c +++ b/source/nmbd/nmbd_sendannounce.c @@ -506,7 +506,7 @@ void announce_remote(time_t t) comment = lp_serverstring(); - for (ptr=s; next_token(&ptr,s2,NULL); ) + for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d/WORKGROUP with WORKGROUP being optional */ @@ -596,7 +596,7 @@ for workgroup %s on subnet %s.\n", global_myworkgroup, FIRST_SUBNET->subnet_name strupper(p); p = skip_string(p,1); - for (ptr=s; next_token(&ptr,s2,NULL); ) + for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d */ addr = *interpret_addr2(s2); diff --git a/source/nmbd/nmbd_synclists.c b/source/nmbd/nmbd_synclists.c index b62d9b7569e..432b6dcbe29 100644 --- a/source/nmbd/nmbd_synclists.c +++ b/source/nmbd/nmbd_synclists.c @@ -150,6 +150,8 @@ void sync_browse_lists(struct work_record *work, CatchChild(); if ((s->pid = fork())) return; + BlockSignals( False, SIGTERM ); + DEBUG(2,("Initiating browse sync for %s to %s(%s)\n", work->work_group, name, inet_ntoa(ip))); @@ -239,11 +241,9 @@ static void complete_sync(struct sync_record *s) ptr = line; - DEBUG(9,("sync line [%s]\n", line)); - - if (!next_token(&ptr,server,NULL) || - !next_token(&ptr,type_str,NULL) || - !next_token(&ptr,comment,NULL)) { + if (!next_token(&ptr,server,NULL,sizeof(server)) || + !next_token(&ptr,type_str,NULL, sizeof(type_str)) || + !next_token(&ptr,comment,NULL, sizeof(comment))) { continue; } diff --git a/source/nmbd/nmbd_winsserver.c b/source/nmbd/nmbd_winsserver.c index d891124d064..2fcc95e1d69 100644 --- a/source/nmbd/nmbd_winsserver.c +++ b/source/nmbd/nmbd_winsserver.c @@ -211,13 +211,13 @@ BOOL initialise_wins(void) * time to actually parse them into the ip_list array. */ - if (!next_token(&ptr,name_str,NULL)) + if (!next_token(&ptr,name_str,NULL,sizeof(name_str))) { DEBUG(0,("initialise_wins: Failed to parse name when parsing line %s\n", line )); continue; } - if (!next_token(&ptr,ttl_str,NULL)) + if (!next_token(&ptr,ttl_str,NULL,sizeof(ttl_str))) { DEBUG(0,("initialise_wins: Failed to parse time to live when parsing line %s\n", line )); continue; @@ -229,7 +229,7 @@ BOOL initialise_wins(void) num_ips = 0; do { - got_token = next_token(&ptr,ip_str,NULL); + got_token = next_token(&ptr,ip_str,NULL,sizeof(ip_str)); was_ip = False; if(got_token && strchr(ip_str, '.')) @@ -260,16 +260,16 @@ BOOL initialise_wins(void) /* Reset and re-parse the line. */ ptr = line; - next_token(&ptr,name_str,NULL); - next_token(&ptr,ttl_str,NULL); + next_token(&ptr,name_str,NULL,sizeof(name_str)); + next_token(&ptr,ttl_str,NULL,sizeof(ttl_str)); for(i = 0; i < num_ips; i++) { - next_token(&ptr, ip_str, NULL); + next_token(&ptr, ip_str, NULL, sizeof(ip_str)); ip_list[i] = *interpret_addr2(ip_str); if (ip_equal(ip_list[i], ipzero)) source = SELF_NAME; } - next_token(&ptr,nb_flags_str,NULL); + next_token(&ptr,nb_flags_str,NULL, sizeof(nb_flags_str)); /* * Deal with SELF or REGISTER name encoding. Default is REGISTER diff --git a/source/printing/printing.c b/source/printing/printing.c index 2c7197f9db5..fae4c1cc05e 100644 --- a/source/printing/printing.c +++ b/source/printing/printing.c @@ -228,7 +228,10 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first) string_sub(line,"(","\""); string_sub(line,")","\""); - for (count=0; count<NTOK && next_token(&line,tok[count],NULL); count++) ; + for (count=0; + count<NTOK && + next_token(&line,tok[count],NULL, sizeof(tok[count])); + count++) ; /* we must get NTOK tokens */ if (count < NTOK) @@ -398,7 +401,10 @@ A long spool-path will just waste significant chars of the file name. string_sub(line,"(","\""); string_sub(line,")","\""); - for (count=0; count<LPRNG_NTOK && next_token(&line,tok[count],NULL); count++) ; + for (count=0; + count<LPRNG_NTOK && + next_token(&line,tok[count],NULL, sizeof(tok[count])); + count++) ; /* we must get LPRNG_NTOK tokens */ if (count < LPRNG_NTOK) @@ -471,7 +477,10 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) string_sub(line,"(","\""); string_sub(line,")","\""); - for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; + count<10 && + next_token(&line,tok[count],NULL, sizeof(tok[count])); + count++) ; /* we must get 6 tokens */ if (count < 10) @@ -585,7 +594,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first) string_sub(line,"(","\""); string_sub(line,")","\""); - for (count=0; count<2 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; count<2 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; /* we must get 2 tokens */ if (count < 2) return(False); @@ -621,7 +630,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first) /* handle the dash in the job id */ string_sub(line,"-"," "); - for (count=0; count<12 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; /* we must get 8 tokens */ if (count < 8) return(False); @@ -671,7 +680,7 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first) /* handle the dash in the job id */ string_sub(line,"-"," "); - for (count=0; count<9 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; count<9 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; /* we must get 7 tokens */ if (count < 7) @@ -735,7 +744,7 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first) - for (count=0; count<7 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; count<7 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; /* we must get 7 tokens */ if (count < 7) @@ -790,7 +799,7 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first) string_sub(line,"(","\""); string_sub(line,")","\""); - for (count=0; count<11 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; count<11 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; /* we must get 11 tokens */ if (count < 11) @@ -858,7 +867,7 @@ static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first) /* mung all the ":"s to spaces*/ string_sub(line,":"," "); - for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ; + for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ; /* we must get 9 tokens */ if (count < 9) diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c index ebe35abbcb9..59d85db6751 100644 --- a/source/rpc_client/cli_netlogon.c +++ b/source/rpc_client/cli_netlogon.c @@ -609,8 +609,9 @@ account password for domain %s.\n", domain)); */ generate_random_buffer( new_trust_passwd_hash, 16, True); - while(remote_machine_list && next_token( &remote_machine_list, - remote_machine, LIST_SEP)) { + while(remote_machine_list && + next_token(&remote_machine_list, remote_machine, + LIST_SEP, sizeof(remote_machine))) { strupper(remote_machine); if(modify_trust_password( domain, remote_machine, old_trust_passwd_hash, new_trust_passwd_hash)) { diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 744bd455c95..182b3495db4 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -558,7 +558,9 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids) if (sids_str == NULL || *sids_str == 0) return 0; - for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++) + for (count = 0, ptr = sids_str; + next_token(&ptr, s2, NULL, sizeof(s2)) && count < max_sids; + count++) { DOM_SID tmpsid; string_to_sid(&tmpsid, s2); diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c index 6c47db04bf4..0a7728aa3aa 100644 --- a/source/rpc_server/srv_util.c +++ b/source/rpc_server/srv_util.c @@ -137,7 +137,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids) if (gids_str == NULL || *gids_str == 0) return 0; - for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++) + for (count = 0, ptr = gids_str; + next_token(&ptr, s2, NULL, sizeof(s2)); + count++) ; gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); @@ -147,8 +149,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids) return 0; } - for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && - count < LSA_MAX_GROUPS; count++) + for (count = 0, ptr = gids_str; + next_token(&ptr, s2, NULL, sizeof(s2)) && + count < LSA_MAX_GROUPS; + count++) { /* the entries are of the form GID/ATTR, ATTR being optional.*/ char *attr; diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index ee6a2d14f42..aebdde6d34c 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -262,7 +262,7 @@ static int talktochild(int master, char *chatsequence) *buf = 0; sleep(1); - while (next_token(&ptr,chatbuf,NULL)) { + while (next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) { BOOL ok=True; count++; pwd_sub(chatbuf); @@ -277,7 +277,7 @@ static int talktochild(int master, char *chatsequence) return(False); } - if (!next_token(&ptr,chatbuf,NULL)) break; + if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break; pwd_sub(chatbuf); if (!strequal(chatbuf,".")) writestring(master,chatbuf); diff --git a/source/smbd/groupname.c b/source/smbd/groupname.c index 689fdbbbd90..3183c5c83c3 100644 --- a/source/smbd/groupname.c +++ b/source/smbd/groupname.c @@ -125,10 +125,10 @@ void load_groupname_map(void) if (!*s || strchr("#;",*s)) continue; - if(!next_token(&s,unixname, "\t\n\r=")) + if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) continue; - if(!next_token(&s,windows_name, "\t\n\r=")) + if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name))) continue; trim_string(unixname, " ", " "); diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 70c2668d92e..7c0a51f7859 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -658,7 +658,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, p = q; /* reset string pointer */ fgets(p,8191,f); p[strlen(p)-1]='\0'; - if (next_token(&p,tok,":") && + if (next_token(&p,tok,":",sizeof(tok)) && (strlen(lp_printerdriver(snum)) == strlen(tok)) && (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) ok=1; @@ -666,9 +666,9 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, fclose(f); /* driver file name */ - if (ok && !next_token(&p,driver,":")) ok = 0; + if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0; /* data file name */ - if (ok && !next_token(&p,datafile,":")) ok = 0; + if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0; /* * for the next tokens - which may be empty - I have to check for empty * tokens first because the next_token function will skip all empty @@ -679,7 +679,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, if (*p == ':') { *helpfile = '\0'; p++; - } else if (!next_token(&p,helpfile,":")) ok = 0; + } else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0; } if (ok) { @@ -687,11 +687,11 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, if (*p == ':') { *langmon = '\0'; p++; - } else if (!next_token(&p,langmon,":")) ok = 0; + } else if (!next_token(&p,langmon,":",sizeof(langmon))) ok = 0; } /* default data type */ - if (ok && !next_token(&p,datatype,":")) ok = 0; + if (ok && !next_token(&p,datatype,":",sizeof(datatype))) ok = 0; if (ok) { PACKI(desc,"W",0x0400); /* don't know */ @@ -714,7 +714,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, /* no need to check return value here - it was already tested in * get_printerdrivernumber */ - next_token(&p,tok,","); + next_token(&p,tok,",",sizeof(tok)); PACKS(desc,"z",tok); /* driver files to copy */ DEBUG(3,("file:%s:\n",tok)); } @@ -755,7 +755,7 @@ int get_printerdrivernumber(int snum) { p = q; /* reset string pointer */ fgets(p,8191,f); - if (next_token(&p,tok,":") && + if (next_token(&p,tok,":",sizeof(tok)) && (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) ok=1; } @@ -771,7 +771,7 @@ int get_printerdrivernumber(int snum) return(0); /* count the number of files */ - while (next_token(&p,tok,",")) + while (next_token(&p,tok,",",sizeof(tok))) i++; } free(q); @@ -1021,10 +1021,10 @@ static int get_server_info(uint32 servertype, } s = &(*servers)[count]; - if (!next_token(&ptr,s->name , NULL)) continue; - if (!next_token(&ptr,stype , NULL)) continue; - if (!next_token(&ptr,s->comment, NULL)) continue; - if (!next_token(&ptr,s->domain , NULL)) { + if (!next_token(&ptr,s->name , NULL, sizeof(s->name))) continue; + if (!next_token(&ptr,stype , NULL, sizeof(stype))) continue; + if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue; + if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) { /* this allows us to cope with an old nmbd */ pstrcpy(s->domain,global_myworkgroup); } diff --git a/source/smbd/password.c b/source/smbd/password.c index 4ee9e8705d5..dadbcad11e0 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -934,7 +934,7 @@ struct cli_state *server_cryptkey(void) return NULL; p = lp_passwordserver(); - while(p && next_token( &p, desthost, LIST_SEP)) { + while(p && next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { standard_sub_basic(desthost); strupper(desthost); @@ -1214,7 +1214,7 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup )); */ p = lp_passwordserver(); - while(p && next_token( &p, remote_machine, LIST_SEP)) { + while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) { standard_sub_basic(remote_machine); strupper(remote_machine); diff --git a/source/utils/make_smbcodepage.c b/source/utils/make_smbcodepage.c index 86c9df3a18a..155ed5aeb53 100644 --- a/source/utils/make_smbcodepage.c +++ b/source/utils/make_smbcodepage.c @@ -244,7 +244,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu unsigned char b = 0; /* Get the 'lower' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse first value"); if(!parse_byte( token_buf, &b)) parse_error(buf, "first value doesn't resolve to a byte"); @@ -253,7 +253,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4),b); /* Get the 'upper' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse second value"); if(!parse_byte( token_buf, &b)) parse_error(buf, "second value doesn't resolve to a byte"); @@ -262,7 +262,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 1,b); /* Get the 'upper to lower' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse third value"); if(!parse_bool( token_buf, &b)) parse_error(buf, "third value doesn't resolve to a boolean"); @@ -271,7 +271,7 @@ definition file. File %s has %d.\n", prog_name, MAXCODEPAGELINES, input_file, nu SCVAL(output_buf,CODEPAGE_HEADER_SIZE+(i*4) + 2,b); /* Get the 'lower to upper' value. */ - if(!next_token(&p, token_buf, NULL)) + if(!next_token(&p, token_buf, NULL, sizeof(token_buf))) parse_error(buf, "cannot parse fourth value"); if(!parse_bool( token_buf, &b)) parse_error(buf, "fourth value doesn't resolve to a boolean"); |