From e28dd0f95b307fcbff2f06f73eb5fe7293b3c24c Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 12 Mar 2019 10:09:14 +0100 Subject: s3:client: Make sure we work on a copy of the title We can't be sure we can write to the input buffer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832 Signed-off-by: Andreas Schneider Reviewed-by: Bryan Mason Signed-off-by: Guenther Deschner (cherry picked from commit 129ae27946318a075e99c9e6d1bacf8963f72282) --- source3/client/smbspool.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index e94d5b33324..4d78db7f77c 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -66,7 +66,7 @@ static struct cli_state *smb_complete_connection(const char *, const char *, int, const char *, const char *, const char *, const char *, int, bool *need_auth); static struct cli_state *smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *, bool *need_auth); -static int smb_print(struct cli_state *, char *, FILE *); +static int smb_print(struct cli_state *, const char *, FILE *); static char *uri_unescape_alloc(const char *); #if 0 static bool smb_encrypt; @@ -655,7 +655,7 @@ kerberos_auth: static int /* O - 0 = success, non-0 = failure */ smb_print(struct cli_state * cli, /* I - SMB connection */ - char *title, /* I - Title/job name */ + const char *print_title, /* I - Title/job name */ FILE * fp) { /* I - File to print */ uint16_t fnum; /* File number */ @@ -663,12 +663,18 @@ smb_print(struct cli_state * cli, /* I - SMB connection */ tbytes; /* Total bytes read */ char buffer[8192], /* Buffer for copy */ *ptr; /* Pointer into title */ + char title[1024] = {0}; + int len; NTSTATUS nt_status; /* - * Sanitize the title... - */ + * Sanitize the title... + */ + len = snprintf(title, sizeof(title), "%s", print_title); + if (len != strlen(print_title)) { + return 2; + } for (ptr = title; *ptr; ptr++) { if (!isalnum((int) *ptr) && !isspace((int) *ptr)) { -- cgit v1.2.1