diff options
| -rw-r--r-- | source3/lib/messages.c | 6 | ||||
| -rw-r--r-- | source3/smbd/connection.c | 3 | ||||
| -rw-r--r-- | source3/utils/status.c | 6 | ||||
| -rw-r--r-- | source3/web/statuspage.c | 22 |
4 files changed, 30 insertions, 7 deletions
diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 3b45a9c305..b18cebf6cf 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -361,9 +361,13 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void struct connections_data crec; struct msg_all *msg_all = (struct msg_all *)state; + if (dbuf.dsize != sizeof(crec)) + return 0; + memcpy(&crec, dbuf.dptr, sizeof(crec)); - if (crec.cnum != -1) return 0; + if (crec.cnum != -1) + return 0; /* if the msg send fails because the pid was not found (i.e. smbd died), * the msg has already been deleted from the messages.tdb.*/ diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 47579fa5f7..5a3fcc2975 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -79,6 +79,9 @@ static int count_fn( TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *u struct connections_data crec; struct count_stat *cs = (struct count_stat *)udp; + if (dbuf.dsize != sizeof(crec)) + return 0; + memcpy(&crec, dbuf.dptr, sizeof(crec)); if (crec.cnum == -1) diff --git a/source3/utils/status.c b/source3/utils/status.c index 243ccdd755..55c3c1bad1 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -186,9 +186,13 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *st struct session_record *ptr; struct connections_data crec; + if (dbuf.dsize != sizeof(crec)) + return 0; + memcpy(&crec, dbuf.dptr, sizeof(crec)); - if (crec.cnum == -1) return 0; + if (crec.cnum == -1) + return 0; if (!process_exists(crec.pid) || !Ucrit_checkUsername(uidtoname(crec.uid))) { return 0; diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c index 27a40d1695..51f2e8f00e 100644 --- a/source3/web/statuspage.c +++ b/source3/web/statuspage.c @@ -1,6 +1,6 @@ /* Unix SMB/Netbios implementation. - Version 1.9. + Version 2.2. web status page Copyright (C) Andrew Tridgell 1997-1998 @@ -76,6 +76,10 @@ static void print_share_mode(share_mode_entry *e, char *fname) static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state) { struct connections_data crec; + + if (dbuf.dsize != sizeof(crec)) + return 0; + memcpy(&crec, dbuf.dptr, sizeof(crec)); if (crec.cnum == -1 && process_exists(crec.pid)) { @@ -92,10 +96,14 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* st static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state) { struct connections_data crec; + + if (dbuf.dsize != sizeof(crec)) + return 0; + memcpy(&crec, dbuf.dptr, sizeof(crec)); - if (crec.cnum != -1 || !process_exists(crec.pid) || - (crec.pid == smbd_pid)) return 0; + if (crec.cnum != -1 || !process_exists(crec.pid) || (crec.pid == smbd_pid)) + return 0; printf("<tr><td>%d</td><td>%s</td><td>%s</td><td>%s</td>\n", (int)crec.pid, @@ -114,9 +122,14 @@ static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* st static int traverse_fn3(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state) { struct connections_data crec; + + if (dbuf.dsize != sizeof(crec)) + return 0; + memcpy(&crec, dbuf.dptr, sizeof(crec)); - if (crec.cnum == -1 || !process_exists(crec.pid)) return 0; + if (crec.cnum == -1 || !process_exists(crec.pid)) + return 0; printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%d</td><td>%s</td><td>%s</td></tr>\n", crec.name,uidtoname(crec.uid), @@ -278,4 +291,3 @@ void status_page(void) printf("//-->\n</script>\n"); } } - |