summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/include/includes.h23
-rw-r--r--source3/include/safe_string.h31
-rw-r--r--source3/printing/nt_printing.c2
-rw-r--r--source3/smbd/lanman.c60
4 files changed, 35 insertions, 81 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 5192c379018..9079c3aa826 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -699,29 +699,6 @@ struct timespec {
#include "ctdbd_conn.h"
#include "talloc_stack.h"
-/*
- * Type for wide character dirent structure.
- * Only d_name is defined by POSIX.
- */
-
-typedef struct smb_wdirent {
- wpstring d_name;
-} SMB_STRUCT_WDIRENT;
-
-/*
- * Type for wide character passwd structure.
- */
-
-typedef struct smb_wpasswd {
- wfstring pw_name;
- char *pw_passwd;
- uid_t pw_uid;
- gid_t pw_gid;
- wpstring pw_gecos;
- wpstring pw_dir;
- wpstring pw_shell;
-} SMB_STRUCT_WPASSWD;
-
/* used in net.c */
struct functable {
const char *funcname;
diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 7a60ad695e0..53ee7d312e3 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -86,26 +86,6 @@ size_t __unsafe_string_function_usage_here_char__(void);
#define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *))
-#define fstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(fstring)) \
- ? __unsafe_string_function_usage_here_char__() \
- : (((d)[sizeof(fstring)-1]) = '\0'))
-#define pstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(pstring)) \
- ? __unsafe_string_function_usage_here_char__() \
- : (((d)[sizeof(pstring)-1]) = '\0'))
-
-#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
- ? __unsafe_string_function_usage_here__() \
- : safe_strcpy_w((d),(s),sizeof(wpstring)))
-#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
- ? __unsafe_string_function_usage_here__() \
- : safe_strcat_w((d),(s),sizeof(wpstring)))
-#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
- ? __unsafe_string_function_usage_here__() \
- : safe_strcpy_w((d),(s),sizeof(wfstring)))
-#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
- ? __unsafe_string_function_usage_here__() \
- : safe_strcat_w((d),(s),sizeof(wfstring)))
-
#define push_pstring_base(dest, src, pstring_base) \
(CHECK_STRING_SIZE(pstring_base, sizeof(pstring)) \
? __unsafe_string_function_usage_here_size_t__() \
@@ -113,14 +93,6 @@ size_t __unsafe_string_function_usage_here_char__(void);
#else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
-#define fstrterminate(d) (((d)[sizeof(fstring)-1]) = '\0')
-#define pstrterminate(d) (((d)[sizeof(pstring)-1]) = '\0')
-
-#define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring))
-#define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring))
-#define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring))
-#define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring))
-
#define push_pstring_base(dest, src, pstring_base) \
push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE)
@@ -143,9 +115,6 @@ size_t __unsafe_string_function_usage_here_char__(void);
/* the addition of the DEVELOPER checks in safe_strcpy means we must
* update a lot of code. To make this a little easier here are some
* functions that provide the lengths with less pain */
-#define pstrcpy_base(dest, src, pstring_base) \
- safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
-
/* Inside the _fn variants of these is a call to clobber_region(), -
* which might destroy the stack on a buggy function. We help the
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index afa4bc2fd53..55dd63be78c 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3956,7 +3956,7 @@ static WERROR get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 *info, const char
DEBUG(10,("get_a_printer_2_default: driver name set to [%s]\n", info->drivername));
- pstrcpy(info->comment, "");
+ strlcpy(info->comment, "", sizeof(info->comment));
fstrcpy(info->printprocessor, "winprint");
fstrcpy(info->datatype, "RAW");
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 17ab891c645..b194fc62313 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -2130,6 +2130,7 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
NTSTATUS result;
DOM_SID user_sid;
enum lsa_SidType type;
+ char *endp = NULL;
TALLOC_CTX *mem_ctx;
if (!str1 || !str2 || !UserName || !p) {
@@ -2168,6 +2169,7 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
+ endp = *rdata + *rdata_len;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
@@ -2181,7 +2183,7 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
return False;
}
- /* Lookup the user information; This should only be one of
+ /* Lookup the user information; This should only be one of
our accounts (not remote domains) */
become_root(); /* ROOT BLOCK */
@@ -2218,12 +2220,11 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
}
for (i=0; i<num_groups; i++) {
-
const char *grp_name;
-
+
if ( lookup_sid(mem_ctx, &sids[i], NULL, &grp_name, NULL) ) {
- pstrcpy(p, grp_name);
- p += 21;
+ strlcpy(p, grp_name, PTR_DIFF(endp,p));
+ p += 21;
count++;
}
}
@@ -2264,6 +2265,7 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid,
char *str1 = get_safe_str_ptr(param,tpscnt,param,2);
char *str2 = skip_string(param,tpscnt,str1);
char *p = skip_string(param,tpscnt,str2);
+ char *endp = NULL;
if (!str1 || !str2 || !p) {
return False;
@@ -2278,7 +2280,7 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid,
* e -> return parameter number of entries
* h -> return parameter total number of users
*/
-
+
resume_context = get_safe_SVAL(param,tpscnt,p,0,-1);
cli_buf_size= get_safe_SVAL(param,tpscnt,p,2,0);
DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n",
@@ -2301,6 +2303,7 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid,
}
p = *rdata;
+ endp = *rdata + *rdata_len;
become_root();
search = pdb_search_users(ACB_NORMAL);
@@ -2319,13 +2322,13 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid,
for (i=0; i<num_users; i++) {
const char *name = users[i].account_name;
-
+
if(((PTR_DIFF(p,*rdata)+21)<=*rdata_len)&&(strlen(name)<=21)) {
- pstrcpy(p,name);
+ strlcpy(p,name,PTR_DIFF(endp,p));
DEBUG(10,("api_RNetUserEnum:adding entry %d username "
"%s\n",count_sent,p));
- p += 21;
- count_sent++;
+ p += 21;
+ count_sent++;
} else {
/* set overflow error */
DEBUG(10,("api_RNetUserEnum:overflow on entry %d "
@@ -3035,6 +3038,7 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
char *str2 = skip_string(param,tpscnt,str1);
char *p = skip_string(param,tpscnt,str2);
char *p2;
+ char *endp;
int level = get_safe_SVAL(param,tpscnt,p,0,-1);
if (!str1 || !str2 || !p) {
@@ -3064,13 +3068,15 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
+ endp = *rdata + *rdata_len;
+
p2 = get_safe_ptr(*rdata,*rdata_len,p,22);
if (!p2) {
return False;
}
SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */
- pstrcpy(p2,get_local_machine_name());
+ strlcpy(p2,get_local_machine_name(),PTR_DIFF(endp,p2));
strupper_m(p2);
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
@@ -3079,7 +3085,7 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata));
- pstrcpy(p2,current_user_info.smb_name);
+ strlcpy(p2,current_user_info.smb_name,PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3087,7 +3093,7 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */
- pstrcpy(p2,lp_workgroup());
+ strlcpy(p2,lp_workgroup(),PTR_DIFF(endp,p2));
strupper_m(p2);
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
@@ -3100,7 +3106,7 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
p += 2;
SIVAL(p,0,PTR_DIFF(p2,*rdata));
- pstrcpy(p2,lp_workgroup()); /* don't know. login domain?? */
+ strlcpy(p2,lp_workgroup(),PTR_DIFF(endp,p2)); /* don't know. login domain?? */
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3108,7 +3114,7 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */
- pstrcpy(p2,"");
+ strlcpy(p2,"",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3305,6 +3311,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
char *p = skip_string(param,tpscnt,UserName);
int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
char *p2;
+ char *endp;
const char *level_string;
/* get NIS home of a previously validated user - simeon */
@@ -3355,6 +3362,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
SSVAL(*rparam,2,0); /* converter word */
p = *rdata;
+ endp = *rdata + *rdata_len;
p2 = get_safe_ptr(*rdata,*rdata_len,p,usri11_end);
if (!p2) {
return False;
@@ -3370,14 +3378,14 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
if (uLevel >= 10) {
SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */
- pstrcpy(p2,"Comment");
+ strlcpy(p2,"Comment",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
}
SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */
- pstrcpy(p2,"UserComment");
+ strlcpy(p2,"UserComment",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3385,7 +3393,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
/* EEK! the cifsrap.txt doesn't have this in!!!! */
SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
- pstrcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName));
+ strlcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName),PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3398,13 +3406,13 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */
SIVALS(p,usri11_password_age,-1); /* password age */
SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
- pstrcpy(p2, vuser && vuser->homedir ? vuser->homedir : "");
+ strlcpy(p2, vuser && vuser->homedir ? vuser->homedir : "",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
}
SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */
- pstrcpy(p2,"");
+ strlcpy(p2,"",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3414,7 +3422,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */
SSVALS(p,usri11_num_logons,-1); /* num logons */
SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */
- pstrcpy(p2,"\\\\*");
+ strlcpy(p2,"\\\\*",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3422,7 +3430,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
SSVAL(p,usri11_country_code,0); /* country code */
SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */
- pstrcpy(p2,"");
+ strlcpy(p2,"",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3449,7 +3457,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
SSVAL(p,42,
conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
- pstrcpy(p2, vuser && vuser->homedir ? vuser->homedir : "");
+ strlcpy(p2, vuser && vuser->homedir ? vuser->homedir : "",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3458,7 +3466,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
*p2++ = 0;
SSVAL(p,52,0); /* flags */
SIVAL(p,54,PTR_DIFF(p2,*rdata)); /* script_path */
- pstrcpy(p2,vuser && vuser->logon_script ? vuser->logon_script : "");
+ strlcpy(p2,vuser && vuser->logon_script ? vuser->logon_script : "",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
@@ -3466,14 +3474,14 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
if (uLevel == 2) {
SIVAL(p,60,0); /* auth_flags */
SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
- pstrcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName));
+ strlcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName),PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
}
SIVAL(p,68,0); /* urs_comment */
SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */
- pstrcpy(p2,"");
+ strlcpy(p2,"",PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
View Lorry Controller Status