From 737599268fb8959c83fe50158fe1ea3d8c2f0603 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Tue, 1 Nov 2016 14:18:38 +1300 Subject: smbclient: fix string formatting in print command At one time, the variables lname and rname were char arrays, but now they are pointers. When they were arrays, sizeof(rname) was the length of the array, but now it gives the size of the pointer which is not what we want. In the case where the filename is -, rname was alloced as size 1, which could never fit the name it wanted to have contain ("stdin-"). Signed-off-by: Douglas Bagnall Reviewed-by: Jeremy Allison --- source4/client/client.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/client/client.c b/source4/client/client.c index 4807123b50f..cfc85cde2aa 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -1534,15 +1534,26 @@ static int cmd_print(struct smbclient_context *ctx, const char **args) } lname = talloc_strdup(ctx, args[1]); + if (lname == NULL) { + d_printf("Out of memory in cmd_print\n"); + return 1; + } - rname = talloc_strdup(ctx, lname); - p = strrchr_m(rname,'/'); - if (p) { - slprintf(rname, sizeof(rname)-1, "%s-%d", p+1, (int)getpid()); + if (strequal(lname, "-")) { + rname = talloc_asprintf(ctx, "stdin-%d", (int)getpid()); + } else { + p = strrchr_m(lname, '/'); + if (p) { + rname = talloc_asprintf(ctx, "%s-%d", p + 1, + (int)getpid()); + } else { + rname = talloc_strdup(ctx, lname); + } } - if (strequal(lname,"-")) { - slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)getpid()); + if (rname == NULL) { + d_printf("Out of memory in cmd_print (stdin)\n"); + return 1; } return do_put(ctx, rname, lname, false); -- cgit v1.2.1