The branch, v3-0-test has been updated
via 56b012b1c4dc48434bf5ae9cb8459bd7ad33d2a1 (commit)
from 62a1c825b2cd702cc439c5f07fa36386b2260052 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 56b012b1c4dc48434bf5ae9cb8459bd7ad33d2a1
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Mon Nov 19 15:27:11 2007 -0800
Ensure every use of push_ascii checks for error -1 condition.
Ensure that is zero termination is requested that it is
applied if there's space.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/lib/charcnv.c | 9 ++++++++-
source/libsmb/clirap.c | 7 ++++++-
source/nmbd/nmbd_processlogon.c | 18 ++++++++++++++++++
source/smbd/lanman.c | 6 ++++++
4 files changed, 38 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/charcnv.c b/source/lib/charcnv.c
index 2341429..7b52830 100644
--- a/source/lib/charcnv.c
+++ b/source/lib/charcnv.c
@@ -871,6 +871,7 @@ size_t push_ascii(void *dest, const char *src, size_t
dest_len, int flags)
{
size_t src_len = strlen(src);
pstring tmpbuf;
+ size_t ret;
/* No longer allow a length of -1 */
if (dest_len == (size_t)-1)
@@ -885,7 +886,13 @@ size_t push_ascii(void *dest, const char *src, size_t
dest_len, int flags)
if (flags & (STR_TERMINATE | STR_TERMINATE_ASCII))
src_len++;
- return convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len,
True);
+ ret =convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len,
True);
+ if (ret == (size_t)-1 &&
+ (flags & (STR_TERMINATE | STR_TERMINATE_ASCII))
+ && dest_len > 0) {
+ ((char *)dest)[0] = '\0';
+ }
+ return ret;
}
size_t push_ascii_fstring(void *dest, const char *src)
diff --git a/source/libsmb/clirap.c b/source/libsmb/clirap.c
index 6008dfb..cada138 100644
--- a/source/libsmb/clirap.c
+++ b/source/libsmb/clirap.c
@@ -217,6 +217,7 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char
*workgroup, uint32 stype,
pstring param;
int uLevel = 1;
int count = -1;
+ size_t len;
errno = 0; /* reset */
@@ -236,7 +237,11 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char
*workgroup, uint32 stype,
SIVAL(p,0,stype);
p += 4;
- p += push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1,
STR_TERMINATE|STR_UPPER);
+ len = push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1,
STR_TERMINATE|STR_UPPER);
+ if (len == (size_t)-1) {
+ return false;
+ }
+ p += len;
if (cli_api(cli,
param, PTR_DIFF(p,param), 8, /* params, length, max
*/
diff --git a/source/nmbd/nmbd_processlogon.c b/source/nmbd/nmbd_processlogon.c
index 05e82a4..b0def40 100644
--- a/source/nmbd/nmbd_processlogon.c
+++ b/source/nmbd/nmbd_processlogon.c
@@ -450,6 +450,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x
lm_20 token=%x\n",
size = push_ascii(&q[1],
component,
sizeof(outbuf) -
PTR_DIFF(q+1, outbuf),
0);
+ if (size == (uint8)-1) {
+ return;
+ }
SCVAL(q, 0, size);
q += (size + 1);
}
@@ -470,6 +473,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x
lm_20 token=%x\n",
size = push_ascii(&q[1], hostname,
sizeof(outbuf) -
PTR_DIFF(q+1, outbuf),
0);
+ if (size == (uint8)-1) {
+ return;
+ }
SCVAL(q, 0, size);
q += (size + 1);
@@ -485,6 +491,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x
lm_20 token=%x\n",
size = push_ascii(&q[1], lp_workgroup(),
sizeof(outbuf) -
PTR_DIFF(q+1, outbuf),
STR_UPPER);
+ if (size == (uint8)-1) {
+ return;
+ }
SCVAL(q, 0, size);
q += (size + 1);
@@ -499,6 +508,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x
lm_20 token=%x\n",
size = push_ascii(&q[1], my_name,
sizeof(outbuf) -
PTR_DIFF(q+1, outbuf),
0);
+ if (size == (uint8)-1) {
+ return;
+ }
SCVAL(q, 0, size);
q += (size + 1);
@@ -514,6 +526,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x
lm_20 token=%x\n",
size = push_ascii(&q[1],
ascuser,
sizeof(outbuf) -
PTR_DIFF(q+1, outbuf),
0);
+ if (size == (uint8)-1) {
+ return;
+ }
SCVAL(q, 0, size);
q += (size + 1);
}
@@ -526,6 +541,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x
lm_20 token=%x\n",
size = push_ascii(&q[1],
"Default-First-Site-Name",
sizeof(outbuf) -
PTR_DIFF(q+1, outbuf),
0);
+ if (size == (uint8)-1) {
+ return;
+ }
SCVAL(q, 0, size);
q += (size + 1);
diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c
index 000b2f4..abdd4e9 100644
--- a/source/smbd/lanman.c
+++ b/source/smbd/lanman.c
@@ -82,6 +82,9 @@ static int CopyExpanded(connection_struct *conn,
current_user_info.domain,
buf, sizeof(buf));
l = push_ascii(*dst,buf,*n, STR_TERMINATE);
+ if (l == -1) {
+ return 0;
+ }
(*dst) += l;
(*n) -= l;
return l;
@@ -94,6 +97,9 @@ static int CopyAndAdvance(char **dst, char *src, int *n)
return 0;
}
l = push_ascii(*dst,src,*n, STR_TERMINATE);
+ if (l == -1) {
+ return 0;
+ }
(*dst) += l;
(*n) -= l;
return l;
--
Samba Shared Repository
