changed to use slprintf() instead of sprintf() just about

everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit 6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f)
author: Andrew Tridgell <tridge@samba.org> 1998-05-11 06:35:45 +0000
committer: Andrew Tridgell <tridge@samba.org> 1998-05-11 06:35:45 +0000
commit: ffc88e2d26217f99c34ce24c0836bec3c809ca1a (patch)
tree: 7dc37c9ec11022d7fe5735d98e36fae7f3ffc7a7
parent: 839e47c5a62fb42d3e0b2e083ad23243e9cec566 (diff)
download: samba-ffc88e2d26217f99c34ce24c0836bec3c809ca1a.tar.gz
samba-ffc88e2d26217f99c34ce24c0836bec3c809ca1a.tar.xz
samba-ffc88e2d26217f99c34ce24c0836bec3c809ca1a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c
index b96c7d0ec7..78c1fa4f19 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -329,7 +329,7 @@ static void commit_parameters(int snum)
 	char *v;
 
 	while ((parm = lp_next_parameter(snum, &i, 1))) {
-		sprintf(label, "parm_%s", make_parm_name(parm->label));
+		slprintf(label, sizeof(label)-1, "parm_%s", make_parm_name(parm->label));
 		if ((v = cgi_variable(label))) {
 			if (parm->flags & FLAG_HIDE) continue;
 			commit_parameter(snum, parm, v);
author	Andrew Tridgell <tridge@samba.org>	1998-05-11 06:35:45 +0000
committer	Andrew Tridgell <tridge@samba.org>	1998-05-11 06:35:45 +0000
commit	ffc88e2d26217f99c34ce24c0836bec3c809ca1a (patch)
tree	7dc37c9ec11022d7fe5735d98e36fae7f3ffc7a7
parent	839e47c5a62fb42d3e0b2e083ad23243e9cec566 (diff)
download	samba-ffc88e2d26217f99c34ce24c0836bec3c809ca1a.tar.gz samba-ffc88e2d26217f99c34ce24c0836bec3c809ca1a.tar.xz samba-ffc88e2d26217f99c34ce24c0836bec3c809ca1a.zip