diff options
| author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
| commit | 2d774454005f0b54e5684cf618da7060594dfcbb (patch) | |
| tree | d3e7831d1d5eb0cc21a78dadb51d63a82c269d2d /source/smbd | |
| parent | c760ebbf127796427c4602aae61952df938c6def (diff) | |
| download | samba-2d774454005f0b54e5684cf618da7060594dfcbb.tar.gz samba-2d774454005f0b54e5684cf618da7060594dfcbb.tar.xz samba-2d774454005f0b54e5684cf618da7060594dfcbb.zip | |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
Diffstat (limited to 'source/smbd')
| -rw-r--r-- | source/smbd/chgpasswd.c | 4 | ||||
| -rw-r--r-- | source/smbd/connection.c | 12 | ||||
| -rw-r--r-- | source/smbd/dir.c | 14 | ||||
| -rw-r--r-- | source/smbd/ipc.c | 60 | ||||
| -rw-r--r-- | source/smbd/mangle.c | 16 | ||||
| -rw-r--r-- | source/smbd/password.c | 50 | ||||
| -rw-r--r-- | source/smbd/quotas.c | 14 | ||||
| -rw-r--r-- | source/smbd/reply.c | 112 | ||||
| -rw-r--r-- | source/smbd/server.c | 56 | ||||
| -rw-r--r-- | source/smbd/trans2.c | 38 | ||||
| -rw-r--r-- | source/smbd/vt_mode.c | 10 |
11 files changed, 193 insertions, 193 deletions
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index e466455aeb8..d900b54c1fe 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -62,7 +62,7 @@ static int findpty(char **slave) #if defined(SVR4) || defined(SUNOS5) extern char *ptsname(); #else /* defined(SVR4) || defined(SUNOS5) */ - static char line[12]; + static fstring line; void *dirp; char *dpname; #endif /* defined(SVR4) || defined(SUNOS5) */ @@ -75,7 +75,7 @@ static int findpty(char **slave) return (master); } #else /* defined(SVR4) || defined(SUNOS5) */ - strcpy( line, "/dev/ptyXX" ); + fstrcpy( line, "/dev/ptyXX" ); dirp = OpenDir(-1, "/dev", True); if (!dirp) return(-1); diff --git a/source/smbd/connection.c b/source/smbd/connection.c index 5cf8b800f2c..64b3f153cff 100644 --- a/source/smbd/connection.c +++ b/source/smbd/connection.c @@ -48,9 +48,9 @@ BOOL yield_connection(int cnum,char *name,int max_connections) pstrcpy(fname,lp_lockdir()); trim_string(fname,"","/"); - strcat(fname,"/"); - strcat(fname,name); - strcat(fname,".LCK"); + pstrcat(fname,"/"); + pstrcat(fname,name); + pstrcat(fname,".LCK"); fd = open(fname,O_RDWR); if (fd == -1) { @@ -133,9 +133,9 @@ BOOL claim_connection(int cnum,char *name,int max_connections,BOOL Clear) if (!directory_exist(fname,NULL)) mkdir(fname,0755); - strcat(fname,"/"); - strcat(fname,name); - strcat(fname,".LCK"); + pstrcat(fname,"/"); + pstrcat(fname,name); + pstrcat(fname,".LCK"); if (!file_exist(fname,NULL)) { fd = open(fname,O_RDWR|O_CREAT|O_EXCL, 0644); diff --git a/source/smbd/dir.c b/source/smbd/dir.c index a34406cc65a..37fcd057430 100644 --- a/source/smbd/dir.c +++ b/source/smbd/dir.c @@ -469,10 +469,10 @@ BOOL get_dir_entry(int cnum,char *mask,int dirtype,char *fname,int *size,int *mo *path = 0; pstrcpy(path,Connections[cnum].dirpath); if(needslash) - strcat(path,"/"); + pstrcat(path,"/"); pstrcpy(pathreal,path); - strcat(path,fname); - strcat(pathreal,dname); + pstrcat(path,fname); + pstrcat(pathreal,dname); if (sys_stat(pathreal,&sbuf) != 0) { DEBUG(5,("Couldn't stat 1 [%s]\n",path)); @@ -552,7 +552,7 @@ void *OpenDir(int cnum, char *name, BOOL use_veto) dirp->mallocsize = s; dirp->current = dirp->data; } - strcpy(dirp->data+used,n); + pstrcpy(dirp->data+used,n); used += l; dirp->numentries++; } @@ -671,9 +671,9 @@ void DirCacheAdd( char *path, char *name, char *dname, int snum ) return; /* so just return as if nothing happened. */ /* Set pointers correctly and load values. */ - entry->path = strcpy( (char *)&entry[1], path); - entry->name = strcpy( &(entry->path[pathlen]), name); - entry->dname = strcpy( &(entry->name[namelen]), dname); + entry->path = pstrcpy( (char *)&entry[1], path); + entry->name = pstrcpy( &(entry->path[pathlen]), name); + entry->dname = pstrcpy( &(entry->name[namelen]), dname); entry->snum = snum; /* Add the new entry to the linked list. */ diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 8be9c10a13f..7b82894c7f5 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -491,7 +491,7 @@ static void PackDriverData(struct pack_desc* desc) SIVAL(drivdata,0,sizeof drivdata); /* cb */ SIVAL(drivdata,4,1000); /* lVersion */ memset(drivdata+8,0,32); /* szDeviceName */ - strcpy(drivdata+8,"NULL"); + pstrcpy(drivdata+8,"NULL"); PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */ } @@ -650,7 +650,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, FILE *f; pstring fname; - strcpy(fname,lp_driverfile()); + pstrcpy(fname,lp_driverfile()); f=fopen(fname,"r"); if (!f) { DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); @@ -748,7 +748,7 @@ int get_printerdrivernumber(int snum) FILE *f; pstring fname; - strcpy(fname,lp_driverfile()); + pstrcpy(fname,lp_driverfile()); DEBUG(4,("In get_printerdrivernumber: %s\n",fname)); f=fopen(fname,"r"); @@ -993,8 +993,8 @@ static int get_server_info(uint32 servertype, pstrcpy(fname,lp_lockdir()); trim_string(fname,NULL,"/"); - strcat(fname,"/"); - strcat(fname,SERVER_LIST); + pstrcat(fname,"/"); + pstrcat(fname,SERVER_LIST); f = fopen(fname,"r"); @@ -1036,7 +1036,7 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->comment, NULL)) continue; if (!next_token(&ptr,s->domain , NULL)) { /* this allows us to cope with an old nmbd */ - strcpy(s->domain,global_myworkgroup); + pstrcpy(s->domain,global_myworkgroup); } if (sscanf(stype,"%X",&s->type) != 1) { @@ -2115,18 +2115,18 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */ - strcpy(p2,local_machine); + pstrcpy(p2,local_machine); strupper(p2); p2 = skip_string(p2,1); p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); - strcpy(p2,sesssetup_user); + pstrcpy(p2,sesssetup_user); p2 = skip_string(p2,1); p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */ - strcpy(p2,global_myworkgroup); + pstrcpy(p2,global_myworkgroup); strupper(p2); p2 = skip_string(p2,1); p += 4; @@ -2136,12 +2136,12 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data, p += 2; SIVAL(p,0,PTR_DIFF(p2,*rdata)); - strcpy(p2,global_myworkgroup); /* don't know. login domain?? */ + pstrcpy(p2,global_myworkgroup); /* don't know. login domain?? */ p2 = skip_string(p2,1); p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); p += 4; @@ -2378,16 +2378,16 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, if (uLevel >= 10) { SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */ - strcpy(p2,"Comment"); + pstrcpy(p2,"Comment"); p2 = skip_string(p2,1); SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */ - strcpy(p2,"UserComment"); + pstrcpy(p2,"UserComment"); p2 = skip_string(p2,1); /* EEK! the cifsrap.txt doesn't have this in!!!! */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ - strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); + pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); p2 = skip_string(p2,1); } @@ -2397,22 +2397,22 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - strcpy(p2, lp_logon_path()); + pstrcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); SIVAL(p,usri11_last_logon,0); /* last logon */ SIVAL(p,usri11_last_logoff,0); /* last logoff */ SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */ SSVALS(p,usri11_num_logons,-1); /* num logons */ SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */ - strcpy(p2,"\\\\*"); + pstrcpy(p2,"\\\\*"); p2 = skip_string(p2,1); SSVAL(p,usri11_country_code,0); /* country code */ SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); SIVALS(p,usri11_max_storage,-1); /* max storage */ @@ -2433,7 +2433,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SSVAL(p,42, Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - strcpy(p2,lp_logon_path()); + pstrcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; @@ -2443,11 +2443,11 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, { SIVAL(p,60,0); /* auth_flags */ SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); + pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); p2 = skip_string(p2,1); SIVAL(p,68,0); /* urs_comment */ SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); SIVAL(p,76,0); /* workstations */ SIVAL(p,80,0); /* last_logon */ @@ -2461,7 +2461,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SSVALS(p,102,-1); /* bad_pw_count */ SSVALS(p,104,-1); /* num_logons */ SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ - strcpy(p2,"\\\\%L"); + pstrcpy(p2,"\\\\%L"); standard_sub_basic(p2); p2 = skip_string(p2,1); SSVAL(p,110,49); /* country_code */ @@ -2512,10 +2512,10 @@ static BOOL api_NetUserGetGroups(int cnum,uint16 vuid, char *param,char *data, p = *rdata; /* XXXX we need a real SAM database some day */ - strcpy(p,"Users"); p += 21; count++; - strcpy(p,"Domain Users"); p += 21; count++; - strcpy(p,"Guests"); p += 21; count++; - strcpy(p,"Domain Guests"); p += 21; count++; + pstrcpy(p,"Users"); p += 21; count++; + pstrcpy(p,"Domain Users"); p += 21; count++; + pstrcpy(p,"Guests"); p += 21; count++; + pstrcpy(p,"Domain Guests"); p += 21; count++; *rdata_len = PTR_DIFF(p,*rdata); @@ -2574,8 +2574,8 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, PACKI(&desc,"D",-1); /* password must change */ { fstring mypath; - strcpy(mypath,"\\\\"); - strcat(mypath,local_machine); + fstrcpy(mypath,"\\\\"); + fstrcat(mypath,local_machine); strupper(mypath); PACKS(&desc,"z",mypath); /* computer */ } @@ -3129,8 +3129,8 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) } /* name has to be \PIPE\xxxxx */ - strcpy(ack_pipe_name, "\\PIPE\\"); - strcat(ack_pipe_name, p->pipe_srv_name); + fstrcpy(ack_pipe_name, "\\PIPE\\"); + fstrcat(ack_pipe_name, p->pipe_srv_name); DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__)); diff --git a/source/smbd/mangle.c b/source/smbd/mangle.c index eb267faab3a..e822894600f 100644 --- a/source/smbd/mangle.c +++ b/source/smbd/mangle.c @@ -648,9 +648,9 @@ BOOL check_mangled_cache( char *s ) DEBUG( 3, ("Found %s on mangled stack ", s) ); - (void)strcpy( s, found_name ); + (void)pstrcpy( s, found_name ); if( ext_start ) - (void)strcat( s, ext_start ); + (void)pstrcat( s, ext_start ); DEBUG( 3, ("as %s\n", s) ); @@ -830,7 +830,7 @@ static void do_fwd_mangled_map(char *s, char *MangledMap) * * ************************************************************************** ** */ -void mangle_name_83( char *s ) +void mangle_name_83( char *s, int s_len ) { int csum = str_checksum(s); char *p; @@ -863,7 +863,7 @@ void mangle_name_83( char *s ) if( p ) { if( p == s ) - strcpy( extension, "___" ); + safe_strcpy( extension, "___", 3 ); else { *p++ = 0; @@ -933,13 +933,13 @@ void mangle_name_83( char *s ) csum = csum % (36*36); - (void)sprintf( s, "%s%c%c%c", + (void)slprintf( s, s_len - 1, "%s%c%c%c", base, magic_char, base36( csum/36 ), base36( csum ) ); if( *extension ) { - (void)strcat( s, "." ); - (void)strcat( s, extension ); + (void)pstrcat( s, "." ); + (void)pstrcat( s, extension ); } DEBUG( 5, ( "%s\n", s ) ); @@ -996,7 +996,7 @@ BOOL name_map_mangle( char *OutName, BOOL need83, int snum ) /* mangle it into 8.3 */ tmp = strdup( OutName ); - mangle_name_83( OutName ); + mangle_name_83( OutName, strlen(tmp) ); if( tmp ) { cache_mangled_name( OutName, tmp ); diff --git a/source/smbd/password.c b/source/smbd/password.c index 327bfba3714..3040775e03d 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -349,8 +349,8 @@ void add_session_user(char *user) DEBUG(1,("Too many session users??\n")); else { - strcat(session_users," "); - strcat(session_users,suser); + pstrcat(session_users," "); + pstrcat(session_users,suser); } } } @@ -364,7 +364,7 @@ static struct spwd *getspnam(char *username) /* fake shadow password routine */ { FILE *f; char line[1024]; - static char pw[20]; + static fstring pw; static struct spwd static_spwd; static_spwd.sp_pwdp=0; @@ -380,7 +380,7 @@ static struct spwd *getspnam(char *username) /* fake shadow password routine */ *q=0; if (q-p+1>20) break; - strcpy(pw, p); + fstrcpy(pw, p); static_spwd.sp_pwdp=pw; } break; @@ -415,7 +415,7 @@ static char *osf1_bigcrypt(char *password,char *salt1) for (i=0; i<parts;i++) { p1 = crypt(p2,salt); - strcat(result,p1+2); + strncat(result,p1+2,AUTH_MAX_PASSWD_LENGTH-strlen(p1+2)-1); StrnCpy(salt,&result[2+i*AUTH_CIPHERTEXT_SEG_CHARS],2); p2 += AUTH_CLEARTEXT_SEG_CHARS; } @@ -809,9 +809,9 @@ static BOOL krb4_auth(char *this_user,char *password) char tkfile[MAXPATHLEN]; if (krb_get_lrealm(realm, 1) != KSUCCESS) - (void) strncpy(realm, KRB_REALM, sizeof (realm)); + (void) safe_strcpy(realm, KRB_REALM, sizeof (realm) - 1); - (void) sprintf(tkfile, "/tmp/samba_tkt_%d", getpid()); + (void) slprintf(tkfile, sizeof(tkfile) - 1, "/tmp/samba_tkt_%d", getpid()); krb_set_tkt_string(tkfile); if (krb_verify_user(this_user, "", realm, @@ -1217,8 +1217,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) mypasswd = getprpwnam (user); if ( mypasswd ) { - strcpy(pass->pw_name,mypasswd->ufld.fd_name); - strcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt); + fstrcpy(pass->pw_name,mypasswd->ufld.fd_name); + fstrcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt); } else { @@ -1233,20 +1233,20 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) AUTHORIZATION *ap = getauthuid( pass->pw_uid ); if (ap) { - strcpy( pass->pw_passwd, ap->a_password ); + fstrcpy( pass->pw_passwd, ap->a_password ); endauthent(); } } #endif /* extract relevant info */ - strcpy(this_user,pass->pw_name); - strcpy(this_salt,pass->pw_passwd); + fstrcpy(this_user,pass->pw_name); + fstrcpy(this_salt,pass->pw_passwd); #ifdef HPUX /* The crypt on HPUX won't work with more than 2 salt characters. */ this_salt[2] = 0; #endif /* HPUX */ - strcpy(this_crypted,pass->pw_passwd); + fstrcpy(this_crypted,pass->pw_passwd); if (!*this_crypted) { if (!lp_null_passwords()) { @@ -1295,7 +1295,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) update_protected_database(user,False); /* restore it */ - strcpy(password,pass2); + fstrcpy(password,pass2); return(False); } @@ -1314,7 +1314,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) update_protected_database(user,False); /* restore it */ - strcpy(password,pass2); + fstrcpy(password,pass2); return(False); } @@ -1384,7 +1384,7 @@ static char *validate_group(char *group,char *password,int pwlen,int snum) while (member && *member) { static fstring name; - strcpy(name,*member); + fstrcpy(name,*member); if (user_ok(name,snum) && password_ok(name,password,pwlen,NULL)) return(&name[0]); @@ -1400,7 +1400,7 @@ static char *validate_group(char *group,char *password,int pwlen,int snum) if (*(pwd->pw_passwd) && pwd->pw_gid == gptr->gr_gid) { /* This Entry have PASSWORD and same GID then check pwd */ if (password_ok(NULL, password, pwlen, pwd)) { - strcpy(tm, pwd->pw_name); + fstrcpy(tm, pwd->pw_name); endpwent (); return tm; } @@ -1460,7 +1460,7 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen, if (!ok && (vuser != 0) && vuser->guest) { if (user_ok(vuser->name,snum) && password_ok(vuser->name, password, pwlen, NULL)) { - strcpy(user, vuser->name); + fstrcpy(user, vuser->name); vuser->guest = False; DEBUG(3,("ACCEPTED: given password with registered user %s\n", user)); ok = True; @@ -1480,12 +1480,12 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen, auser = strtok(NULL,LIST_SEP)) { fstring user2; - strcpy(user2,auser); + fstrcpy(user2,auser); if (!user_ok(user2,snum)) continue; if (password_ok(user2,password, pwlen, NULL)) { ok = True; - strcpy(user,user2); + fstrcpy(user,user2); DEBUG(3,("ACCEPTED: session list username and given password ok\n")); } } @@ -1496,7 +1496,7 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen, if (!ok && !lp_revalidate(snum) && (vuser != 0) && !vuser->guest && user_ok(vuser->name,snum)) { - strcpy(user,vuser->name); + fstrcpy(user,vuser->name); *guest = False; DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n")); ok = True; @@ -1526,19 +1526,19 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen, if (auser) { ok = True; - strcpy(user,auser); + fstrcpy(user,auser); DEBUG(3,("ACCEPTED: group username and given password ok\n")); } } else { fstring user2; - strcpy(user2,auser); + fstrcpy(user2,auser); if (user_ok(user2,snum) && password_ok(user2,password,pwlen,NULL)) { ok = True; - strcpy(user,user2); + fstrcpy(user,user2); DEBUG(3,("ACCEPTED: user list username and given password ok\n")); } } @@ -1553,7 +1553,7 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen, StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1); if (Get_Pwnam(guestname,True)) { - strcpy(user,guestname); + fstrcpy(user,guestname); ok = True; DEBUG(3,("ACCEPTED: guest account and guest ok\n")); } diff --git a/source/smbd/quotas.c b/source/smbd/quotas.c index df85f79b9b0..ee08e48e653 100644 --- a/source/smbd/quotas.c +++ b/source/smbd/quotas.c @@ -138,7 +138,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) struct stat sbuf; dev_t devno ; static dev_t devno_cached = 0 ; - static char name[MNTMAXSTR] ; + static pstring name; struct q_request request ; struct qf_header header ; static int quota_default = 0 ; @@ -172,7 +172,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) } - strcpy(name,mnt->mnt_dir) ; + pstrcpy(name,mnt->mnt_dir) ; endmntent(fd) ; if ( ! found ) @@ -249,10 +249,10 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) struct quotctl command; int file; struct mnttab mnt; - static char name[MNT_LINE_MAX] ; + static pstring name; #else struct mntent *mnt; - static char name[MNTMAXSTR] ; + static pstring name; #endif FILE *fd; struct stat sbuf; @@ -283,8 +283,8 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) } } - strcpy(name,mnt.mnt_mountp) ; - strcat(name,"/quotas") ; + pstrcpy(name,mnt.mnt_mountp) ; + pstrcat(name,"/quotas") ; fclose(fd) ; #else if ((fd = setmntent(MOUNTED, "r")) == NULL) @@ -302,7 +302,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) } } - strcpy(name,mnt->mnt_fsname) ; + pstrcpy(name,mnt->mnt_fsname) ; endmntent(fd) ; #endif diff --git a/source/smbd/reply.c b/source/smbd/reply.c index c927e09425f..21a20b0712c 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -308,7 +308,7 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize) if (Protocol < PROTOCOL_NT1) { set_message(outbuf,2,strlen(devicename)+1,True); - strcpy(smb_buf(outbuf),devicename); + pstrcpy(smb_buf(outbuf),devicename); } else { @@ -318,8 +318,8 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize) set_message(outbuf,3,3,True); p = smb_buf(outbuf); - strcpy(p,devicename); p = skip_string(p,1); /* device name */ - strcpy(p,fsname); p = skip_string(p,1); /* filesystem type e.g NTFS */ + pstrcpy(p,devicename); p = skip_string(p,1); /* device name */ + pstrcpy(p,fsname); p = skip_string(p,1); /* filesystem type e.g NTFS */ set_message(outbuf,3,PTR_DIFF(p,smb_buf(outbuf)),False); @@ -578,7 +578,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) /* If no username is sent use the guest account */ if (!*user) { - strcpy(user,lp_guestaccount(-1)); + pstrcpy(user,lp_guestaccount(-1)); /* If no user and no password then set guest flag. */ if( *smb_apasswd == 0) guest = True; @@ -593,7 +593,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) */ if((lp_security() != SEC_SHARE) || *user) - strcpy(sesssetup_user,user); + pstrcpy(sesssetup_user,user); reload_services(True); @@ -641,7 +641,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) #endif } if (*smb_apasswd || !Get_Pwnam(user,True)) - strcpy(user,lp_guestaccount(-1)); + pstrcpy(user,lp_guestaccount(-1)); DEBUG(3,("Registered username %s for guest access\n",user)); guest = True; } @@ -649,7 +649,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) if (!Get_Pwnam(user,True)) { DEBUG(3,("No such user %s - using guest account\n",user)); - strcpy(user,lp_guestaccount(-1)); + pstrcpy(user,lp_guestaccount(-1)); guest = True; } @@ -670,9 +670,9 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) char *p; set_message(outbuf,3,3,True); p = smb_buf(outbuf); - strcpy(p,"Unix"); p = skip_string(p,1); - strcpy(p,"Samba "); strcat(p,VERSION); p = skip_string(p,1); - strcpy(p,global_myworkgroup); p = skip_string(p,1); + pstrcpy(p,"Unix"); p = skip_string(p,1); + pstrcpy(p,"Samba "); pstrcat(p,VERSION); p = skip_string(p,1); + pstrcpy(p,global_myworkgroup); p = skip_string(p,1); set_message(outbuf,3,PTR_DIFF(p,smb_buf(outbuf)),False); /* perhaps grab OS version here?? */ } @@ -984,7 +984,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) p = strrchr(dir2,'/'); if (p == NULL) { - strcpy(mask,dir2); + pstrcpy(mask,dir2); *dir2 = 0; } else @@ -1000,7 +1000,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) *p = 0; if (strlen(directory) == 0) - strcpy(directory,"./"); + pstrcpy(directory,"./"); bzero(status,21); CVAL(status,0) = dirtype; } @@ -1027,8 +1027,8 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) fstrcpy(ext,p+1); *p = 0; trim_string(mask,NULL," "); - strcat(mask,"."); - strcat(mask,ext); + pstrcat(mask,"."); + pstrcat(mask,ext); } } @@ -1049,7 +1049,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) fstrcpy(tmp,&mask[8]); mask[8] = '.'; mask[9] = 0; - strcat(mask,tmp); + pstrcat(mask,tmp); } DEBUG(5,("mask=%s directory=%s\n",mask,directory)); @@ -1566,7 +1566,7 @@ int reply_ctemp(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) cnum = SVAL(inbuf,smb_tid); createmode = SVAL(inbuf,smb_vwv0); pstrcpy(fname,smb_buf(inbuf)+1); - strcat(fname,"/TMXXXXXX"); + pstrcat(fname,"/TMXXXXXX"); unix_convert(fname,cnum,0,&bad_path); unixmode = unix_mode(cnum,createmode); @@ -1586,7 +1586,7 @@ int reply_ctemp(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) return(UNIXERROR(ERRDOS,ERRnoaccess)); } - strcpy(fname2,(char *)mktemp(fname)); + pstrcpy(fname2,(char *)mktemp(fname)); /* Open file in dos compatibility share mode. */ /* We should fail if file exists. */ @@ -1609,7 +1609,7 @@ int reply_ctemp(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) outsize = set_message(outbuf,1,2 + strlen(fname2),True); SSVAL(outbuf,smb_vwv0,fnum); CVAL(smb_buf(outbuf),0) = 4; - strcpy(smb_buf(outbuf) + 1,fname2); + pstrcpy(smb_buf(outbuf) + 1,fname2); if (oplock_request && lp_fake_oplocks(SNUM(cnum))) { CVAL(outbuf,smb_flg) |= CORE_OPLOCK_GRANTED; @@ -1678,12 +1678,12 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) p = strrchr(name,'/'); if (!p) { - strcpy(directory,"./"); - strcpy(mask,name); + pstrcpy(directory,"./"); + pstrcpy(mask,name); } else { *p = 0; - strcpy(directory,name); - strcpy(mask,p+1); + pstrcpy(directory,name); + pstrcpy(mask,p+1); } if (is_mangled(mask)) @@ -1692,8 +1692,8 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) has_wild = strchr(mask,'*') || strchr(mask,'?'); if (!has_wild) { - strcat(directory,"/"); - strcat(directory,mask); + pstrcat(directory,"/"); + pstrcat(directory,mask); if (can_delete(directory,cnum,dirtype) && !sys_unlink(directory)) count++; if (!count) exists = file_exist(directory,NULL); } else { @@ -1713,7 +1713,7 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) error = ERRbadfile; if (strequal(mask,"????????.???")) - strcpy(mask,"*"); + pstrcpy(mask,"*"); while ((dname = ReadDirName(dirptr))) { @@ -2636,7 +2636,7 @@ int reply_printopen(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) if (fnum < 0) return(ERROR(ERRSRV,ERRnofids)); - strcpy(fname2,(char *)mktemp(fname)); + pstrcpy(fname2,(char *)mktemp(fname)); if (!check_name(fname2,cnum)) { Files[fnum].reserved = False; @@ -2877,9 +2877,9 @@ static BOOL recursive_rmdir(char *directory) ret = True; break; } - strcpy(fullname, directory); - strcat(fullname, "/"); - strcat(fullname, dname); + pstrcpy(fullname, directory); + pstrcat(fullname, "/"); + pstrcat(fullname, dname); if(sys_lstat(fullname, &st) != 0) { @@ -2971,8 +2971,8 @@ int reply_rmdir(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) break; } pstrcpy(fullname, directory); - strcat(fullname, "/"); - strcat(fullname, dname); + pstrcat(fullname, "/"); + pstrcat(fullname, dname); if(sys_lstat(fullname, &st) != 0) break; @@ -3078,10 +3078,10 @@ static BOOL resolve_wildcards(char *name1,char *name2) if (*p) p++; } - strcpy(name2,root2); + pstrcpy(name2,root2); if (ext2[0]) { - strcat(name2,"."); - strcat(name2,ext2); + pstrcat(name2,"."); + pstrcat(name2,ext2); } return(True); @@ -3144,12 +3144,12 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) p = strrchr(name,'/'); if (!p) { - strcpy(directory,"."); - strcpy(mask,name); + pstrcpy(directory,"."); + pstrcpy(mask,name); } else { *p = 0; - strcpy(directory,name); - strcpy(mask,p+1); + pstrcpy(directory,name); + pstrcpy(mask,p+1); *p = '/'; /* Replace needed for exceptional test below. */ } @@ -3162,16 +3162,16 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) BOOL is_short_name = is_8_3(name, True); /* Add a terminating '/' to the directory name. */ - strcat(directory,"/"); - strcat(directory,mask); + pstrcat(directory,"/"); + pstrcat(directory,mask); /* Ensure newname contains a '/' also */ if(strrchr(newname,'/') == 0) { pstring tmpstr; - strcpy(tmpstr, "./"); - strcat(tmpstr, newname); - strcpy(newname, tmpstr); + pstrcpy(tmpstr, "./"); + pstrcat(tmpstr, newname); + pstrcpy(newname, tmpstr); } DEBUG(3,("reply_mv : case_sensitive = %d, case_preserve = %d, short case preserve = %d, directory = %s, newname = %s, newname_last_component = %s, is_8_3 = %d\n", @@ -3197,7 +3197,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) * character above. */ p = strrchr(newname,'/'); - strcpy(newname_modified_last_component,p+1); + pstrcpy(newname_modified_last_component,p+1); if(strcsequal(newname_modified_last_component, newname_last_component) == False) { @@ -3205,7 +3205,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) * Replace the modified last component with * the original. */ - strcpy(p+1, newname_last_component); + pstrcpy(p+1, newname_last_component); } } @@ -3235,7 +3235,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) error = ERRbadfile; if (strequal(mask,"????????.???")) - strcpy(mask,"*"); + pstrcpy(mask,"*"); while ((dname = ReadDirName(dirptr))) { @@ -3309,8 +3309,8 @@ static BOOL copy_file(char *src,char *dest1,int cnum,int ofun, p++; else p = src; - strcat(dest,"/"); - strcat(dest,p); + pstrcat(dest,"/"); + pstrcat(dest,p); } if (!file_exist(src,&st)) return(False); @@ -3415,12 +3415,12 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) p = strrchr(name,'/'); if (!p) { - strcpy(directory,"./"); - strcpy(mask,name); + pstrcpy(directory,"./"); + pstrcpy(mask,name); } else { *p = 0; - strcpy(directory,name); - strcpy(mask,p+1); + pstrcpy(directory,name); + pstrcpy(mask,p+1); } if (is_mangled(mask)) @@ -3429,8 +3429,8 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) has_wild = strchr(mask,'*') || strchr(mask,'?'); if (!has_wild) { - strcat(directory,"/"); - strcat(directory,mask); + pstrcat(directory,"/"); + pstrcat(directory,mask); if (resolve_wildcards(directory,newname) && copy_file(directory,newname,cnum,ofun, count,target_is_directory)) count++; @@ -3448,7 +3448,7 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) error = ERRbadfile; if (strequal(mask,"????????.???")) - strcpy(mask,"*"); + pstrcpy(mask,"*"); while ((dname = ReadDirName(dirptr))) { @@ -3459,7 +3459,7 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) error = ERRnoaccess; slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname); - strcpy(destname,newname); + pstrcpy(destname,newname); if (resolve_wildcards(fname,destname) && copy_file(directory,newname,cnum,ofun, count,target_is_directory)) count++; diff --git a/source/smbd/server.c b/source/smbd/server.c index 7788b142e09..540f9f799f6 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -427,8 +427,8 @@ static BOOL mangled_equal(char *name1, char *name2) if (is_8_3(name2, True)) return(False); - strcpy(tmpname,name2); - mangle_name_83(tmpname); + pstrcpy(tmpname,name2); + mangle_name_83(tmpname,sizeof(tmpname)); return(strequal(name1,tmpname)); } @@ -453,7 +453,7 @@ static BOOL scan_directory(char *path, char *name,int cnum,BOOL docache) path = "."; if (docache && (dname = DirCacheCheck(path,name,SNUM(cnum)))) { - strcpy(name, dname); + pstrcpy(name, dname); return(True); } @@ -489,7 +489,7 @@ static BOOL scan_directory(char *path, char *name,int cnum,BOOL docache) { /* we've found the file, change it's name and return */ if (docache) DirCacheAdd(path,name,dname,SNUM(cnum)); - strcpy(name, dname); + pstrcpy(name, dname); CloseDir(cur_dir); return(True); } @@ -547,9 +547,9 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa if(saved_last_component) { end = strrchr(name, '/'); if(end) - strcpy(saved_last_component, end + 1); + pstrcpy(saved_last_component, end + 1); else - strcpy(saved_last_component, name); + pstrcpy(saved_last_component, name); } if (!case_sensitive && @@ -567,7 +567,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa /* sanitise the name */ for (s=name2 ; *s ; s++) if (!issafe(*s)) *s = '_'; - strcpy(name,(char *)mktemp(name2)); + pstrcpy(name,(char *)mktemp(name2)); } return(True); } @@ -604,7 +604,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa if (end) *end = 0; if(saved_last_component != 0) - strcpy(saved_last_component, end ? end + 1 : start); + pstrcpy(saved_last_component, end ? end + 1 : start); /* check if the name exists up to this point */ if (sys_stat(name, &st) == 0) @@ -669,14 +669,14 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa /* restore the rest of the string */ if (end) { - strcpy(start+strlen(start)+1,rest); + pstrcpy(start+strlen(start)+1,rest); end = start + strlen(start); } } /* add to the dirpath that we have resolved so far */ - if (*dirpath) strcat(dirpath,"/"); - strcat(dirpath,start); + if (*dirpath) pstrcat(dirpath,"/"); + pstrcat(dirpath,start); /* restore the / that we wiped out earlier */ if (end) *end = '/'; @@ -990,7 +990,7 @@ static int fd_attempt_open(char *fname, int flags, int mode) if((fd == -1) && (errno == ENOENT) && (strchr(fname,'.')==NULL)) { - strcat(fname,"."); + pstrcat(fname,"."); fd = sys_open(fname,flags,mode); } @@ -3370,7 +3370,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de { if (validated_username(vuid)) { - strcpy(user,validated_username(vuid)); + pstrcpy(user,validated_username(vuid)); return(make_connection(user,user,password,pwlen,dev,vuid)); } } @@ -3381,7 +3381,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de */ if(*sesssetup_user) { - strcpy(user,sesssetup_user); + pstrcpy(user,sesssetup_user); return(make_connection(user,user,password,pwlen,dev,vuid)); } } @@ -3393,14 +3393,14 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de /* you can only connect to the IPC$ service as an ipc device */ if (strequal(service,"IPC$")) - strcpy(dev,"IPC"); + pstrcpy(dev,"IPC"); if (*dev == '?' || !*dev) { if (lp_print_ok(snum)) - strcpy(dev,"LPT1:"); + pstrcpy(dev,"LPT1:"); else - strcpy(dev,"A:"); + pstrcpy(dev,"A:"); } /* if the request is as a printer and you can't print then refuse */ @@ -3964,7 +3964,7 @@ int reply_nt1(char *outbuf) data_len = crypt_len + strlen(global_myworkgroup) + 1; set_message(outbuf,17,data_len,True); - strcpy(smb_buf(outbuf)+crypt_len, global_myworkgroup); + pstrcpy(smb_buf(outbuf)+crypt_len, global_myworkgroup); CVAL(outbuf,smb_vwv1) = secword; SSVALS(outbuf,smb_vwv16+1,crypt_len); @@ -4221,7 +4221,7 @@ void close_cnum(int cnum, uint16 vuid) if (*lp_postexec(SNUM(cnum)) && become_user(&Connections[cnum], cnum,vuid)) { pstring cmd; - strcpy(cmd,lp_postexec(SNUM(cnum))); + pstrcpy(cmd,lp_postexec(SNUM(cnum))); standard_sub(cnum,cmd); smbrun(cmd,NULL,False); unbecome_user(); @@ -4232,7 +4232,7 @@ void close_cnum(int cnum, uint16 vuid) if (*lp_rootpostexec(SNUM(cnum))) { pstring cmd; - strcpy(cmd,lp_rootpostexec(SNUM(cnum))); + pstrcpy(cmd,lp_rootpostexec(SNUM(cnum))); standard_sub(cnum,cmd); smbrun(cmd,NULL,False); } @@ -4270,7 +4270,7 @@ static BOOL dump_core(void) pstring dname; pstrcpy(dname,debugf); if ((p=strrchr(dname,'/'))) *p=0; - strcat(dname,"/corefiles"); + pstrcat(dname,"/corefiles"); mkdir(dname,0700); sys_chown(dname,getuid(),getgid()); chmod(dname,0700); @@ -5060,9 +5060,9 @@ static void usage(char *pname) TimeInit(); - strcpy(debugf,SMBLOGFILE); + pstrcpy(debugf,SMBLOGFILE); - strcpy(remote_machine, "smb"); + pstrcpy(remote_machine, "smb"); setup_logging(argv[0],False); @@ -5101,10 +5101,10 @@ static void usage(char *pname) switch (opt) { case 'O': - strcpy(user_socket_options,optarg); + pstrcpy(user_socket_options,optarg); break; case 'i': - strcpy(scope,optarg); + pstrcpy(scope,optarg); break; case 'P': { @@ -5113,10 +5113,10 @@ static void usage(char *pname) } break; case 's': - strcpy(servicesf,optarg); + pstrcpy(servicesf,optarg); break; case 'l': - strcpy(debugf,optarg); + pstrcpy(debugf,optarg); break; case 'a': { @@ -5185,7 +5185,7 @@ static void usage(char *pname) codepage_initialise(lp_client_code_page()); - strcpy(global_myworkgroup, lp_workgroup()); + pstrcpy(global_myworkgroup, lp_workgroup()); #ifndef NO_SIGNAL_TEST signal(SIGHUP,SIGNAL_CAST sig_hup); diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index fb45efcc0b2..db44dc984dd 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -325,7 +325,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l if(p != NULL) { if(p[1] == '\0') - strcpy(mask,"*.*"); + pstrcpy(mask,"*.*"); else pstrcpy(mask, p+1); } @@ -368,8 +368,8 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l pstrcpy(pathreal,Connections[cnum].dirpath); if(needslash) - strcat(pathreal,"/"); - strcat(pathreal,dname); + pstrcat(pathreal,"/"); + pstrcat(pathreal,dname); if (sys_stat(pathreal,&sbuf) != 0) { DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",pathreal,strerror(errno))); @@ -417,7 +417,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SIVAL(p,l1_cbFileAlloc,ROUNDUP(size,1024)); SSVAL(p,l1_attrFile,mode); SCVAL(p,l1_cchName,strlen(fname)); - strcpy(p + l1_achName, fname); + pstrcpy(p + l1_achName, fname); nameptr = p + l1_achName; p += l1_achName + strlen(fname) + 1; break; @@ -436,7 +436,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SSVAL(p,l2_attrFile,mode); SIVAL(p,l2_cbList,0); /* No extended attributes */ SCVAL(p,l2_cchName,strlen(fname)); - strcpy(p + l2_achName, fname); + pstrcpy(p + l2_achName, fname); nameptr = p + l2_achName; p += l2_achName + strlen(fname) + 1; break; @@ -451,7 +451,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SSVAL(p,24,mode); SIVAL(p,26,4); CVAL(p,30) = strlen(fname); - strcpy(p+31, fname); + pstrcpy(p+31, fname); nameptr = p+31; p += 31 + strlen(fname) + 1; break; @@ -469,7 +469,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SIVAL(p,20,ROUNDUP(size,1024)); SSVAL(p,24,mode); CVAL(p,32) = strlen(fname); - strcpy(p + 33, fname); + pstrcpy(p + 33, fname); nameptr = p+33; p += 33 + strlen(fname) + 1; break; @@ -490,7 +490,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SIVAL(p,0,strlen(fname)); p += 4; SIVAL(p,0,0); p += 4; if (!was_8_3) { - strcpy(p+2,fname); + pstrcpy(p+2,fname); if (!name_map_mangle(p+2,True,SNUM(cnum))) (p+2)[12] = 0; } else @@ -499,7 +499,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SSVAL(p,0,strlen(p+2)); p += 2 + 24; /* nameptr = p; */ - strcpy(p,fname); p += strlen(p); + pstrcpy(p,fname); p += strlen(p); p = pdata + len; break; @@ -516,7 +516,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SIVAL(p,0,size); p += 8; SIVAL(p,0,nt_extmode); p += 4; SIVAL(p,0,strlen(fname)); p += 4; - strcpy(p,fname); + pstrcpy(p,fname); p = pdata + len; break; @@ -535,7 +535,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SIVAL(p,0,nt_extmode); p += 4; SIVAL(p,0,strlen(fname)); p += 4; SIVAL(p,0,0); p += 4; - strcpy(p,fname); + pstrcpy(p,fname); p = pdata + len; break; @@ -545,7 +545,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l SIVAL(p,0,len); p += 4; SIVAL(p,0,reskey); p += 4; SIVAL(p,0,strlen(fname)); p += 4; - strcpy(p,fname); + pstrcpy(p,fname); p = pdata + len; break; @@ -651,10 +651,10 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum p = strrchr(directory,'/'); if(p == NULL) { - strcpy(mask,directory); - strcpy(directory,"./"); + pstrcpy(mask,directory); + pstrcpy(directory,"./"); } else { - strcpy(mask,p+1); + pstrcpy(mask,p+1); *p = 0; } @@ -686,7 +686,7 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum } /* a special case for 16 bit apps */ - if (strequal(mask,"????????.???")) strcpy(mask,"*"); + if (strequal(mask,"????????.???")) pstrcpy(mask,"*"); /* handle broken clients that send us old 8.3 format */ string_sub(mask,"????????","*"); @@ -863,8 +863,8 @@ resume_key = %d resume name = %s continue=%d level = %d\n", DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num)); return (ERROR(ERRDOS,ERRnofiles)); } - strcpy(mask, p); - strcpy(directory,Connections[cnum].dirpath); + pstrcpy(mask, p); + pstrcpy(directory,Connections[cnum].dirpath); /* Get the attr mask from the dptr */ dirtype = dptr_attr(dptr_num); @@ -1060,7 +1060,7 @@ static int call_trans2qfsinfo(char *inbuf, char *outbuf, int length, int bufsize case SMB_QUERY_FS_LABEL_INFO: data_len = 4 + strlen(vname); SIVAL(pdata,0,strlen(vname)); - strcpy(pdata+4,vname); + pstrcpy(pdata+4,vname); break; case SMB_QUERY_FS_VOLUME_INFO: data_len = 18 + 2*strlen(vname); diff --git a/source/smbd/vt_mode.c b/source/smbd/vt_mode.c index dcb6ce831d3..19f82594643 100644 --- a/source/smbd/vt_mode.c +++ b/source/smbd/vt_mode.c @@ -50,7 +50,7 @@ extern int DEBUGLEVEL; extern char *InBuffer, *OutBuffer; extern int done_become_user; -char master_name [64], slave_name [64]; +fstring master_name, slave_name; int master, slave, i, o, e; int ms_type = MS_NONE, @@ -202,8 +202,8 @@ int VT_Start(void) #endif if(ms_poll == MS_VTY || ms_poll == 0) { - strcpy(master_name, MASTER_TMPL); - strcpy(slave_name, SLAVE_TMPL); + fstrcpy(master_name, MASTER_TMPL); + fstrcpy(slave_name, SLAVE_TMPL); for(X = LETTER1; *X && master < 0; X++) for(Y = LETTER2; *Y && master < 0; Y++) { @@ -242,9 +242,9 @@ int VT_Start(void) int i; for(i = MIN_I; i <= MAX_I && master < 0; i++) { - sprintf(master_name, MASTER_TMPL, i); + slprintf(master_name, sizeof(fstring) - 1, MASTER_TMPL, i); if((master = open(master_name, O_RDWR)) >= 0) { - sprintf(slave_name, SLAVE_TMPL, i); + slprintf(slave_name, sizeof(fstring) - 1, SLAVE_TMPL, i); if((slave = open(slave_name, O_RDWR)) < 0) close(master); } |