changed to use slprintf() instead of sprintf() just about

everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes.
author: Andrew Tridgell <tridge@samba.org> 1998-05-11 06:38:36 +0000
committer: Andrew Tridgell <tridge@samba.org> 1998-05-11 06:38:36 +0000
commit: ee09e9dadb69aaba5a751dd20ccc6d587d841bd6 (patch)
tree: b7d08dcf7d06d74c7bba90655f720c14cff8981a /source/lib/charset.c
parent: 6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f (diff)
download: samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.tar.gz
samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.tar.xz
samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/source/lib/charset.c b/source/lib/charset.c
index fe170bdcf5b..d8ce38f3968 100644
--- a/source/lib/charset.c
+++ b/source/lib/charset.c
@@ -203,7 +203,9 @@ static codepage_p load_client_codepage( int client_codepage )
   strcpy(codepage_file_name, CODEPAGEDIR);
   strcat(codepage_file_name, "/");
   strcat(codepage_file_name, "codepage.");
-  sprintf( &codepage_file_name[strlen(codepage_file_name)], "%03d",
+  slprintf(&codepage_file_name[strlen(codepage_file_name)], 
+	   sizeof(pstring)-(strlen(codepage_file_name)+1),
+	   "%03d",
            client_codepage);
 
   if(!file_exist(codepage_file_name,&st))
author	Andrew Tridgell <tridge@samba.org>	1998-05-11 06:38:36 +0000
committer	Andrew Tridgell <tridge@samba.org>	1998-05-11 06:38:36 +0000
commit	ee09e9dadb69aaba5a751dd20ccc6d587d841bd6 (patch)
tree	b7d08dcf7d06d74c7bba90655f720c14cff8981a /source/lib/charset.c
parent	6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f (diff)
download	samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.tar.gz samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.tar.xz samba-ee09e9dadb69aaba5a751dd20ccc6d587d841bd6.zip