diff options
author | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-05-12 00:55:32 +0000 |
commit | f888868f46a5418bac9ab528497136c152895305 (patch) | |
tree | cf72c864807b19e098a856aaec8daf334189ff84 /source3/passdb | |
parent | 9141acecdcebd9276107a500435e3d4545020056 (diff) | |
download | samba-f888868f46a5418bac9ab528497136c152895305.tar.gz samba-f888868f46a5418bac9ab528497136c152895305.tar.xz samba-f888868f46a5418bac9ab528497136c152895305.zip |
This is a security audit change of the main source.
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/ldap.c | 12 | ||||
-rw-r--r-- | source3/passdb/smbpass.c | 43 |
2 files changed, 28 insertions, 27 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index 7af8a1b9f10..0c9847becfe 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -114,7 +114,7 @@ BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **r in the filter expression, replace %u with the real name so in ldap filter, %u MUST exist :-) */ - strcpy(filter,lp_ldap_filter()); + pstrcpy(filter,lp_ldap_filter()); string_sub(filter,"%u",user); if ( !ldap_search_one_user(ldap_struct, filter, result) ) @@ -152,7 +152,7 @@ void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute if ( (valeurs=ldap_get_values(ldap_struct, entry, attribute)) != NULL) { - strcpy(value, valeurs[0]); + pstrcpy(value, valeurs[0]); ldap_value_free(valeurs); DEBUG(3,("get_single_attribute: [%s]=[%s]\n", attribute, value)); } @@ -451,7 +451,7 @@ void *startldappwent(BOOL update) int scope = LDAP_SCOPE_ONELEVEL; int rc; - char filter[256]; + pstring filter; if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */ return NULL; @@ -464,17 +464,17 @@ void *startldappwent(BOOL update) { case 1: { - strcpy(filter, "objectclass=sambaAccount"); + pstrcpy(filter, "objectclass=sambaAccount"); break; } case 2: { - strcpy(filter, "objectclass=sambaMachine"); + pstrcpy(filter, "objectclass=sambaMachine"); break; } default: { - strcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))"); + pstrcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))"); break; } } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 9c0b276074e..aaa4db16ee9 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -534,7 +534,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) int fd; int new_entry_length; - char *new_entry; + unsigned char *new_entry; long offpos; unsigned char *p; @@ -583,19 +583,19 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); return False; } - sprintf(new_entry, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); + slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); p = (unsigned char *)&new_entry[strlen(new_entry)]; if(newpwd->smb_passwd != NULL) { for( i = 0; i < 16; i++) { - sprintf((char *)&p[i*2], "%02X", newpwd->smb_passwd[i]); + slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]); } } else { i=0; if(newpwd->acct_ctrl & ACB_PWNOTREQ) - sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); + safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); else - sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); + safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); } p += 32; @@ -604,13 +604,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); if(newpwd->smb_nt_passwd != NULL) { for( i = 0; i < 16; i++) { - sprintf((char *)&p[i*2], "%02X", newpwd->smb_nt_passwd[i]); + slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]); } } else { if(newpwd->acct_ctrl & ACB_PWNOTREQ) - sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); + safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); else - sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); + safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); } p += 32; @@ -618,7 +618,8 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); *p++ = ':'; /* Add the account encoding and the last change time. */ - sprintf((char *)p, "%s:LCT-%08X:\n", encode_acct_ctrl(newpwd->acct_ctrl), + slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", + encode_acct_ctrl(newpwd->acct_ctrl), (uint32)time(NULL)); #ifdef DEBUG_PASSWORD @@ -945,13 +946,13 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) /* Create the 32 byte representation of the new p16 */ if(pwd->smb_passwd != NULL) { for (i = 0; i < 16; i++) { - sprintf(&ascii_p16[i*2], "%02X", (uchar) pwd->smb_passwd[i]); + slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]); } } else { if(pwd->acct_ctrl & ACB_PWNOTREQ) - sprintf(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); + fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); else - sprintf(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); + fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); } /* Add on the NT md4 hash */ @@ -959,13 +960,13 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) wr_len = 65; if (pwd->smb_nt_passwd != NULL) { for (i = 0; i < 16; i++) { - sprintf(&ascii_p16[(i*2)+33], "%02X", (uchar) pwd->smb_nt_passwd[i]); + slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]); } } else { if(pwd->acct_ctrl & ACB_PWNOTREQ) - sprintf(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); + fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); else - sprintf(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); + fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); } /* Add on the account info bits and the time of last @@ -1024,10 +1025,10 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil return; } - strcat(mac_file, domain); - strcat(mac_file, "."); - strcat(mac_file, name); - strcat(mac_file, ".mac"); + pstrcat(mac_file, domain); + pstrcat(mac_file, "."); + pstrcat(mac_file, name); + pstrcat(mac_file, ".mac"); } /************************************************************************ @@ -1191,9 +1192,9 @@ BOOL set_trust_account_password( unsigned char *md4_new_pwd) } for (i = 0; i < 16; i++) - sprintf(&linebuf[(i*2)], "%02X", md4_new_pwd[i]); + slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]); - sprintf(&linebuf[32], ":TLC-%08X\n", (unsigned)time(NULL)); + slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL)); if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) { DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \ |