This is a security audit change of the main source.

It removed all ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)

diff --git a/source3/client/client.c b/source3/client/client.c
index c825e8c5963178f9b5bca46a44db00d171e08fa0..0628314f1edd0338e4fd567731a729a7e50a3335 100644 (file)
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -240,7 +240,7 @@ static BOOL chkpath(char *path,BOOL report)
   pstring inbuf,outbuf;
   char *p;
 
-  strcpy(path2,path);
+  fstrcpy(path2,path);
   trim_string(path2,NULL,"\\");
   if (!*path2) *path2 = '\\';
 
@@ -252,7 +252,7 @@ static BOOL chkpath(char *path,BOOL report)
 
   p = smb_buf(outbuf);
   *p++ = 4;
-  strcpy(p,path2);
+  fstrcpy(p,path2);
 
 #if 0
   {
@@ -294,10 +294,10 @@ static void send_message(char *inbuf,char *outbuf)
 
   p = smb_buf(outbuf);
   *p++ = 4;
-  strcpy(p,username);
+  pstrcpy(p,username);
   p = skip_string(p,1);
   *p++ = 4;
-  strcpy(p,desthost);
+  pstrcpy(p,desthost);
   p = skip_string(p,1);
 
   set_message(outbuf,0,PTR_DIFF(p,smb_buf(outbuf)),False);
@@ -423,24 +423,24 @@ static void do_cd(char *newdir)
       
   /* Save the current directory in case the
      new directory is invalid */
-  strcpy(saved_dir, cur_dir);
+  pstrcpy(saved_dir, cur_dir);
   if (*p == '\\')
-    strcpy(cur_dir,p);
+    pstrcpy(cur_dir,p);
   else
-    strcat(cur_dir,p);
+    pstrcat(cur_dir,p);
   if (*(cur_dir+strlen(cur_dir)-1) != '\\') {
-    strcat(cur_dir, "\\");
+    pstrcat(cur_dir, "\\");
   }
   dos_clean_name(cur_dir);
-  strcpy(dname,cur_dir);
-  strcat(cur_dir,"\\");
+  pstrcpy(dname,cur_dir);
+  pstrcat(cur_dir,"\\");
   dos_clean_name(cur_dir);
 
   if (!strequal(cur_dir,"\\"))
     if (!chkpath(dname,True))
-      strcpy(cur_dir,saved_dir);
+      pstrcpy(cur_dir,saved_dir);
 
-  strcpy(cd_path,cur_dir);
+  pstrcpy(cd_path,cur_dir);
 }
 
 /****************************************************************************
@@ -505,7 +505,7 @@ static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*
   uint16 setup;
   pstring param;
 
-  strcpy(mask,Mask);
+  pstrcpy(mask,Mask);
 
   while (ff_eos == 0)
     {
@@ -524,7 +524,7 @@ static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*
          SSVAL(param,4,8+4+2); /* resume required + close on end + continue */
          SSVAL(param,6,info_level); 
          SIVAL(param,8,0);
-         strcpy(param+12,mask);
+         pstrcpy(param+12,mask);
        }
       else
        {
@@ -534,7 +534,7 @@ static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*
          SSVAL(param,4,info_level); 
          SIVAL(param,6,ff_resume_key); /* ff_resume_key */
          SSVAL(param,10,8+4+2);        /* resume required + close on end + continue */
-         strcpy(param+12,mask);
+         pstrcpy(param+12,mask);
 
          DEBUG(5,("hand=0x%X resume=%d ff_lastname=%d mask=%s\n",
                   ff_dir_handle,ff_resume_key,ff_lastname,mask));
@@ -584,16 +584,16 @@ static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*
            case 260:
              ff_resume_key =0;
              StrnCpy(mask,p+ff_lastname,resp_data_len-ff_lastname);
-             /* strcpy(mask,p+ff_lastname+94); */
+             /* pstrcpy(mask,p+ff_lastname+94); */
              break;
            case 1:
-             strcpy(mask,p + ff_lastname + 1);
+             pstrcpy(mask,p + ff_lastname + 1);
              ff_resume_key = 0;
              break;
            }
        }
       else
-       strcpy(mask,"");
+       pstrcpy(mask,"");
   
       /* and add them to the dirlist pool */
       dirlist = Realloc(dirlist,dirlist_len + resp_data_len);
@@ -667,7 +667,7 @@ static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (
 
   bzero(status,21);
 
-  strcpy(mask,Mask);
+  pstrcpy(mask,Mask);
   
   while (1)
     {
@@ -694,9 +694,9 @@ static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (
       *p++ = 4;
       
       if (first)
-       strcpy(p,mask);
+       pstrcpy(p,mask);
       else
-       strcpy(p,"");
+       pstrcpy(p,"");
       p += strlen(p) + 1;
       
       *p++ = 5;
@@ -751,7 +751,7 @@ static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (
       p = smb_buf(outbuf);
       *p++ = 4;
       
-      strcpy(p,"");
+      pstrcpy(p,"");
       p += strlen(p) + 1;
       
       *p++ = 5;
@@ -859,7 +859,7 @@ static int interpret_short_filename(char *p,file_info *finfo)
   finfo->ctime = make_unix_date(p+22);
   finfo->mtime = finfo->atime = finfo->ctime;
   finfo->size = IVAL(p,26);
-  strcpy(finfo->name,p+30);
+  pstrcpy(finfo->name,p+30);
   
   return(DIR_STRUCT_SIZE);
 }
@@ -886,7 +886,7 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
          finfo->mtime = make_unix_date2(p+12);
          finfo->size = IVAL(p,16);
          finfo->mode = CVAL(p,24);
-         strcpy(finfo->name,p+27);
+         pstrcpy(finfo->name,p+27);
        }
       return(28 + CVAL(p,26));
 
@@ -899,7 +899,7 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
          finfo->mtime = make_unix_date2(p+12);
          finfo->size = IVAL(p,16);
          finfo->mode = CVAL(p,24);
-         strcpy(finfo->name,p+31);
+         pstrcpy(finfo->name,p+31);
        }
       return(32 + CVAL(p,30));
 
@@ -913,7 +913,7 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
          finfo->mtime = make_unix_date2(p+16);
          finfo->size = IVAL(p,20);
          finfo->mode = CVAL(p,28);
-         strcpy(finfo->name,p+33);
+         pstrcpy(finfo->name,p+33);
        }
       return(SVAL(p,4)+4);
 
@@ -926,7 +926,7 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
          finfo->mtime = make_unix_date2(p+16);
          finfo->size = IVAL(p,20);
          finfo->mode = CVAL(p,28);
-         strcpy(finfo->name,p+37);
+         pstrcpy(finfo->name,p+37);
        }
       return(SVAL(p,4)+4);
 
@@ -994,22 +994,22 @@ static void dir_action(char *inbuf,char *outbuf,int attribute,file_info *finfo,B
            fn(finfo);
          }
 
-         strcpy(sav_dir,cur_dir);
-         strcat(cur_dir,finfo->name);
-         strcat(cur_dir,"\\");
-         strcpy(mask2,cur_dir);
+         pstrcpy(sav_dir,cur_dir);
+         pstrcat(cur_dir,finfo->name);
+         pstrcat(cur_dir,"\\");
+         pstrcpy(mask2,cur_dir);
 
          if (!fn)
            DEBUG(0,("\n%s\n",CNV_LANG(cur_dir)));
 
-         strcat(mask2,"*");
+         pstrcat(mask2,"*");
 
          if (longdir)
            do_long_dir(inbuf,outbuf,mask2,attribute,fn,True, dirstoo);      
          else
            do_dir(inbuf,outbuf,mask2,attribute,fn,True, dirstoo);
 
-         strcpy(cur_dir,sav_dir);
+         pstrcpy(cur_dir,sav_dir);
        }
       else
        {
@@ -1031,19 +1031,19 @@ static void cmd_dir(char *inbuf,char *outbuf)
   char *p=buf;
 
   dir_total = 0;
-  strcpy(mask,cur_dir);
+  pstrcpy(mask,cur_dir);
   if(mask[strlen(mask)-1]!='\\')
-    strcat(mask,"\\");
+    pstrcat(mask,"\\");
 
   if (next_token(NULL,buf,NULL))
     {
       if (*p == '\\')
-       strcpy(mask,p);
+       pstrcpy(mask,p);
       else
-       strcat(mask,p);
+       pstrcat(mask,p);
     }
   else {
-    strcat(mask,"*");
+    pstrcat(mask,"*");
   }
 
   do_dir(inbuf,outbuf,mask,attribute,NULL,recurse,False);
@@ -1109,7 +1109,7 @@ static void do_get(char *rname,char *lname,file_info *finfo1)
   SSVAL(outbuf,smb_vwv12,0xffff);
   
   p = smb_buf(outbuf);
-  strcpy(p,rname);
+  pstrcpy(p,rname);
   p = skip_string(p,1);
 
   /* do a chained openX with a readX? */
@@ -1162,7 +1162,7 @@ static void do_get(char *rname,char *lname,file_info *finfo1)
       return;
     }
 
-  strcpy(finfo.name,rname);
+  pstrcpy(finfo.name,rname);
 
   if (!finfo1)
     {
@@ -1423,7 +1423,7 @@ static void do_get(char *rname,char *lname,file_info *finfo1)
     SIVALS(outbuf,smb_vwv1,0);
     p = smb_buf(outbuf);
     *p++ = 4;
-    strcpy(p,rname);
+    pstrcpy(p,rname);
     p += strlen(p)+1;
     *p++ = 4;
     *p = 0;
@@ -1460,8 +1460,8 @@ static void cmd_get(char *dum_in, char *dum_out)
   pstring rname;
   char *p;
 
-  strcpy(rname,cur_dir);
-  strcat(rname,"\\");
+  pstrcpy(rname,cur_dir);
+  pstrcat(rname,"\\");
 
   p = rname + strlen(rname);
 
@@ -1469,7 +1469,7 @@ static void cmd_get(char *dum_in, char *dum_out)
     DEBUG(0,("get <filename>\n"));
     return;
   }
-  strcpy(lname,p);
+  pstrcpy(lname,p);
   dos_clean_name(rname);
     
   next_token(NULL,lname,NULL);
@@ -1519,10 +1519,10 @@ static void do_mget(file_info *finfo)
          return;
        }
 
-      strcpy(saved_curdir,cur_dir);
+      pstrcpy(saved_curdir,cur_dir);
 
-      strcat(cur_dir,finfo->name);
-      strcat(cur_dir,"\\");
+      pstrcat(cur_dir,finfo->name);
+      pstrcat(cur_dir,"\\");
 
       unix_format(finfo->name);
       {
@@ -1533,7 +1533,7 @@ static void do_mget(file_info *finfo)
            sys_mkdir(finfo->name,0777) != 0) 
          {
            DEBUG(0,("failed to create directory %s\n",CNV_LANG(finfo->name)));
-           strcpy(cur_dir,saved_curdir);
+           pstrcpy(cur_dir,saved_curdir);
            free(inbuf);free(outbuf);
            return;
          }
@@ -1541,25 +1541,25 @@ static void do_mget(file_info *finfo)
        if (sys_chdir(finfo->name) != 0)
          {
            DEBUG(0,("failed to chdir to directory %s\n",CNV_LANG(finfo->name)));
-           strcpy(cur_dir,saved_curdir);
+           pstrcpy(cur_dir,saved_curdir);
            free(inbuf);free(outbuf);
            return;
          }
       }       
 
-      strcpy(mget_mask,cur_dir);
-      strcat(mget_mask,"*");
+      pstrcpy(mget_mask,cur_dir);
+      pstrcat(mget_mask,"*");
       
       do_dir((char *)inbuf,(char *)outbuf,
             mget_mask,aSYSTEM | aHIDDEN | aDIR,do_mget,False, False);
       chdir("..");
-      strcpy(cur_dir,saved_curdir);
+      pstrcpy(cur_dir,saved_curdir);
       free(inbuf);free(outbuf);
     }
   else
     {
-      strcpy(rname,cur_dir);
-      strcat(rname,finfo->name);
+      pstrcpy(rname,cur_dir);
+      pstrcat(rname,finfo->name);
       do_get(rname,finfo->name,finfo);
     }
 }
@@ -1572,12 +1572,12 @@ static void cmd_more(char *dum_in, char *dum_out)
   fstring rname,lname,tmpname,pager_cmd;
   char *pager;
 
-  strcpy(rname,cur_dir);
-  strcat(rname,"\\");
+  fstrcpy(rname,cur_dir);
+  fstrcat(rname,"\\");
   slprintf(tmpname,
           sizeof(fstring)-1,
           "%s/smbmore.%d",tmpdir(),(int)getpid());
-  strcpy(lname,tmpname);
+  fstrcpy(lname,tmpname);
 
   if (!next_token(NULL,rname+strlen(rname),NULL)) {
     DEBUG(0,("more <filename>\n"));
@@ -1616,23 +1616,23 @@ static void cmd_mget(char *inbuf,char *outbuf)
 
   while (next_token(NULL,p,NULL))
     {
-      strcpy(mget_mask,cur_dir);
+      pstrcpy(mget_mask,cur_dir);
       if(mget_mask[strlen(mget_mask)-1]!='\\')
-       strcat(mget_mask,"\\");
+       pstrcat(mget_mask,"\\");
 
       if (*p == '\\')
-       strcpy(mget_mask,p);
+       pstrcpy(mget_mask,p);
       else
-       strcat(mget_mask,p);
+       pstrcat(mget_mask,p);
       do_dir((char *)inbuf,(char *)outbuf,mget_mask,attribute,do_mget,False,False);
     }
 
   if (! *mget_mask)
     {
-      strcpy(mget_mask,cur_dir);
+      pstrcpy(mget_mask,cur_dir);
       if(mget_mask[strlen(mget_mask)-1]!='\\')
-       strcat(mget_mask,"\\");
-      strcat(mget_mask,"*");
+       pstrcat(mget_mask,"\\");
+      pstrcat(mget_mask,"*");
       do_dir((char *)inbuf,(char *)outbuf,mget_mask,attribute,do_mget,False,False);
     }
 }
@@ -1664,7 +1664,7 @@ static BOOL do_mkdir(char *name)
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,name);
+  pstrcpy(p,name);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -1692,7 +1692,7 @@ static void cmd_mkdir(char *inbuf,char *outbuf)
   fstring buf;
   char *p=buf;
   
-  strcpy(mask,cur_dir);
+  pstrcpy(mask,cur_dir);
 
   if (!next_token(NULL,p,NULL))
     {
@@ -1700,7 +1700,7 @@ static void cmd_mkdir(char *inbuf,char *outbuf)
        DEBUG(0,("mkdir <dirname>\n"));
       return;
     }
-  strcat(mask,p);
+  pstrcat(mask,p);
 
   if (recurse)
     {
@@ -1708,17 +1708,17 @@ static void cmd_mkdir(char *inbuf,char *outbuf)
       pstring ddir2;
       *ddir2 = 0;
 
-      strcpy(ddir,mask);
+      pstrcpy(ddir,mask);
       trim_string(ddir,".",NULL);
       p = strtok(ddir,"/\\");
       while (p)
        {
-         strcat(ddir2,p);
+         pstrcat(ddir2,p);
          if (!chkpath(ddir2,False))
            {             
              do_mkdir(ddir2);
            }
-         strcat(ddir2,"\\");
+         pstrcat(ddir2,"\\");
          p = strtok(NULL,"/\\");
        }        
     }
@@ -1847,7 +1847,7 @@ static void do_put(char *rname,char *lname,file_info *finfo)
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,rname);
+  pstrcpy(p,rname);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -1969,8 +1969,8 @@ static void cmd_put(char *dum_in, char *dum_out)
   file_info finfo;
   finfo = def_finfo;
   
-  strcpy(rname,cur_dir);
-  strcat(rname,"\\");
+  pstrcpy(rname,cur_dir);
+  pstrcat(rname,"\\");
   
   
   if (!next_token(NULL,p,NULL))
@@ -1978,12 +1978,12 @@ static void cmd_put(char *dum_in, char *dum_out)
       DEBUG(0,("put <filename>\n"));
       return;
     }
-  strcpy(lname,p);
+  pstrcpy(lname,p);
   
   if (next_token(NULL,p,NULL))
-    strcat(rname,p);      
+    pstrcat(rname,p);      
   else
-    strcat(rname,lname);
+    pstrcat(rname,lname);
 
   dos_clean_name(rname);
 
@@ -2012,7 +2012,7 @@ static BOOL seek_list(FILE *f,char *name)
       trim_string(s,"./",NULL);
       if (strncmp(s,name,strlen(name)) != 0)
        {
-         strcpy(name,s);
+         pstrcpy(name,s);
          return(True);
        }
     }
@@ -2026,7 +2026,7 @@ static BOOL seek_list(FILE *f,char *name)
   ****************************************************************************/
 static void cmd_select(char *dum_in, char *dum_out)
 {
-  strcpy(fileselection,"");
+  pstrcpy(fileselection,"");
   next_token(NULL,fileselection,NULL);
 }
 
@@ -2082,16 +2082,16 @@ static void cmd_mput(char *dum_in, char *dum_out)
                       "Put directory %s? ",lname);
              if (prompt && !yesno(quest)) 
                {
-                 strcat(lname,"/");
+                 pstrcat(lname,"/");
                  if (!seek_list(f,lname))
                    break;
                  goto again1;              
                }
              
-             strcpy(rname,cur_dir);
-             strcat(rname,lname);
+             pstrcpy(rname,cur_dir);
+             pstrcat(rname,lname);
              if (!chkpath(rname,False) && !do_mkdir(rname)) {
-               strcat(lname,"/");
+               pstrcat(lname,"/");
                if (!seek_list(f,lname))
                  break;
                goto again1;                              
@@ -2105,8 +2105,8 @@ static void cmd_mput(char *dum_in, char *dum_out)
                       "Put file %s? ",lname);
              if (prompt && !yesno(quest)) continue;
 
-             strcpy(rname,cur_dir);
-             strcat(rname,lname);
+             pstrcpy(rname,cur_dir);
+             pstrcat(rname,lname);
            }
          dos_format(rname);
 
@@ -2139,9 +2139,9 @@ static void do_cancel(int job)
   p = param;
   SSVAL(p,0,81);               /* DosPrintJobDel() */
   p += 2;
-  strcpy(p,"W");
+  pstrcpy(p,"W");
   p = skip_string(p,1);
-  strcpy(p,"");
+  pstrcpy(p,"");
   p = skip_string(p,1);
   SSVAL(p,0,job);     
   p += 2;
@@ -2221,13 +2221,13 @@ static void cmd_print(char *inbuf,char *outbuf )
       return;
     }
 
-  strcpy(rname,lname);
+  pstrcpy(rname,lname);
   p = strrchr(rname,'/');
   if (p)
     {
       pstring tname;
-      strcpy(tname,p+1);
-      strcpy(rname,tname);
+      pstrcpy(tname,p+1);
+      pstrcpy(rname,tname);
     }
 
   if ((int)strlen(rname) > 14)
@@ -2236,7 +2236,7 @@ static void cmd_print(char *inbuf,char *outbuf )
   if (strequal(lname,"-"))
     {
       f = stdin;
-      strcpy(rname,"stdin");
+      pstrcpy(rname,"stdin");
     }
   
   dos_clean_name(rname);
@@ -2253,7 +2253,7 @@ static void cmd_print(char *inbuf,char *outbuf )
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,rname);
+  pstrcpy(p,rname);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -2391,13 +2391,13 @@ static void cmd_queue(char *inbuf,char *outbuf )
       {
        switch (CVAL(p,4))
          {
-         case 0x01: sprintf(status,"held or stopped"); break;
-         case 0x02: sprintf(status,"printing"); break;
-         case 0x03: sprintf(status,"awaiting print"); break;
-         case 0x04: sprintf(status,"in intercept"); break;
-         case 0x05: sprintf(status,"file had error"); break;
-         case 0x06: sprintf(status,"printer error"); break;
-         default: sprintf(status,"unknown"); break;
+         case 0x01: safe_strcpy(status,"held or stopped", sizeof(status)-1); break;
+         case 0x02: safe_strcpy(status,"printing",sizeof(status)-1); break;
+         case 0x03: safe_strcpy(status,"awaiting print", sizeof(status)-1); break;
+         case 0x04: safe_strcpy(status,"in intercept",sizeof(status)-1); break;
+         case 0x05: safe_strcpy(status,"file had error",sizeof(status)-1); break;
+         case 0x06: safe_strcpy(status,"printer error",sizeof(status)-1); break;
+         default: safe_strcpy(status,"unknown",sizeof(status)-1); break;
          }
 
        DEBUG(0,("%-6d   %-16.16s  %-9d    %s\n",
@@ -2432,16 +2432,16 @@ static void cmd_p_queue_4(char *inbuf,char *outbuf )
   p = param;
   SSVAL(p,0,76);                        /* API function number 76 (DosPrintJobEnum) */
   p += 2;
-  strcpy(p,"zWrLeh");                   /* parameter description? */
+  pstrcpy(p,"zWrLeh");                   /* parameter description? */
   p = skip_string(p,1);
-  strcpy(p,"WWzWWDDzz");                /* returned data format */
+  pstrcpy(p,"WWzWWDDzz");                /* returned data format */
   p = skip_string(p,1);
-  strcpy(p,strrchr(service,'\\')+1);    /* name of queue */
+  pstrcpy(p,strrchr(service,'\\')+1);    /* name of queue */
   p = skip_string(p,1);
   SSVAL(p,0,2);                 /* API function level 2, PRJINFO_2 data structure */
   SSVAL(p,2,1000);                      /* size of bytes of returned data buffer */
   p += 4;
-  strcpy(p,"");                         /* subformat */
+  pstrcpy(p,"");                         /* subformat */
   p = skip_string(p,1);
 
   DEBUG(1,("Calling DosPrintJobEnum()...\n"));
@@ -2467,9 +2467,9 @@ static void cmd_p_queue_4(char *inbuf,char *outbuf )
           char *JobName;
           char *JobTimeStr;
           time_t JobTime;
-          char PrinterName[20];
+          fstring PrinterName;
              
-          strcpy(PrinterName,strrchr(service,'\\')+1);       /* name of queue */
+          fstrcpy(PrinterName,strrchr(service,'\\')+1);       /* name of queue */
           strlower(PrinterName);                             /* in lower case */
 
           p = rdata;                          /* received data */
@@ -2539,16 +2539,16 @@ static void cmd_qinfo(char *inbuf,char *outbuf )
   p = param;
   SSVAL(p,0,70);                       /* API function number 70 (DosPrintQGetInfo) */
   p += 2;
-  strcpy(p,"zWrLh");                   /* parameter description? */
+  pstrcpy(p,"zWrLh");                  /* parameter description? */
   p = skip_string(p,1);
-  strcpy(p,"zWWWWzzzzWWzzl");          /* returned data format */
+  pstrcpy(p,"zWWWWzzzzWWzzl");         /* returned data format */
   p = skip_string(p,1);
-  strcpy(p,strrchr(service,'\\')+1);   /* name of queue */
+  pstrcpy(p,strrchr(service,'\\')+1);  /* name of queue */
   p = skip_string(p,1);
   SSVAL(p,0,3);                                /* API function level 3, just queue info, no job info */
   SSVAL(p,2,1000);                     /* size of bytes of returned data buffer */
   p += 4;
-  strcpy(p,"");                                /* subformat */
+  pstrcpy(p,"");                               /* subformat */
   p = skip_string(p,1);
 
   DEBUG(1,("Calling DosPrintQueueGetInfo()...\n"));
@@ -2634,8 +2634,8 @@ static void do_del(file_info *finfo)
   char *inbuf,*outbuf;
   pstring mask;
 
-  strcpy(mask,cur_dir);
-  strcat(mask,finfo->name);
+  pstrcpy(mask,cur_dir);
+  pstrcat(mask,finfo->name);
 
   if (finfo->mode & aDIR) 
     return;
@@ -2660,7 +2660,7 @@ static void do_del(file_info *finfo)
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,mask);
+  pstrcpy(p,mask);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -2684,14 +2684,14 @@ static void cmd_del(char *inbuf,char *outbuf )
   if (recurse)
     attribute |= aDIR;
   
-  strcpy(mask,cur_dir);
+  pstrcpy(mask,cur_dir);
     
   if (!next_token(NULL,buf,NULL))
     {
       DEBUG(0,("del <filename>\n"));
       return;
     }
-  strcat(mask,buf);
+  pstrcat(mask,buf);
 
   do_dir((char *)inbuf,(char *)outbuf,mask,attribute,do_del,False,False);
 }
@@ -2706,14 +2706,14 @@ static void cmd_rmdir(char *inbuf,char *outbuf )
   fstring buf;
   char *p;
   
-  strcpy(mask,cur_dir);
+  pstrcpy(mask,cur_dir);
   
   if (!next_token(NULL,buf,NULL))
     {
       DEBUG(0,("rmdir <dirname>\n"));
       return;
     }
-  strcat(mask,buf);
+  pstrcat(mask,buf);
 
   bzero(outbuf,smb_size);
   set_message(outbuf,0,2 + strlen(mask),True);
@@ -2725,7 +2725,7 @@ static void cmd_rmdir(char *inbuf,char *outbuf )
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,mask);
+  pstrcpy(p,mask);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -2747,16 +2747,16 @@ static void cmd_rename(char *inbuf,char *outbuf )
   fstring buf,buf2;
   char *p;
   
-  strcpy(src,cur_dir);
-  strcpy(dest,cur_dir);
+  pstrcpy(src,cur_dir);
+  pstrcpy(dest,cur_dir);
   
   if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL))
     {
       DEBUG(0,("rename <src> <dest>\n"));
       return;
     }
-  strcat(src,buf);
-  strcat(dest,buf2);
+  pstrcat(src,buf);
+  pstrcat(dest,buf2);
 
   bzero(outbuf,smb_size);
   set_message(outbuf,1,4 + strlen(src) + strlen(dest),True);
@@ -2768,10 +2768,10 @@ static void cmd_rename(char *inbuf,char *outbuf )
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,src);
+  pstrcpy(p,src);
   p = skip_string(p,1);
   *p++ = 4;      
-  strcpy(p,dest);
+  pstrcpy(p,dest);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -2887,13 +2887,13 @@ static void cmd_printmode(char *dum_in, char *dum_out)
   switch(printmode)
     {
     case 0: 
-      strcpy(mode,"text");
+      fstrcpy(mode,"text");
       break;
     case 1: 
-      strcpy(mode,"graphics");
+      fstrcpy(mode,"graphics");
       break;
     default: 
-      sprintf(mode,"%d",printmode);
+      slprintf(mode,sizeof(mode)-1,"%d",printmode);
       break;
     }
 
@@ -2938,9 +2938,9 @@ static BOOL browse_host(BOOL sort)
   p = param;
   SSVAL(p,0,0); /* api number */
   p += 2;
-  strcpy(p,"WrLeh");
+  pstrcpy(p,"WrLeh");
   p = skip_string(p,1);
-  strcpy(p,"B13BWz");
+  pstrcpy(p,"B13BWz");
   p = skip_string(p,1);
   SSVAL(p,0,1);
   SSVAL(p,2,BUFFER_SIZE);
@@ -2982,13 +2982,13 @@ static BOOL browse_host(BOOL sort)
              switch (type)
                {
                case STYPE_DISKTREE:
-                 strcpy(typestr,"Disk"); break;
+                 fstrcpy(typestr,"Disk"); break;
                case STYPE_PRINTQ:
-                 strcpy(typestr,"Printer"); break;           
+                 fstrcpy(typestr,"Printer"); break;          
                case STYPE_DEVICE:
-                 strcpy(typestr,"Device"); break;
+                 fstrcpy(typestr,"Device"); break;
                case STYPE_IPC:
-                 strcpy(typestr,"IPC"); break;      
+                 fstrcpy(typestr,"IPC"); break;      
                }
 
              printf("\t%-15.15s%-10.10s%s\n",
@@ -3030,9 +3030,9 @@ static void server_info(void)
   p = param;
   SSVAL(p,0,63);               /* NetServerGetInfo()? */
   p += 2;
-  strcpy(p,"WrLh");
+  pstrcpy(p,"WrLh");
   p = skip_string(p,1);
-  strcpy(p,"zzzBBzz");
+  pstrcpy(p,"zzzBBzz");
   p = skip_string(p,1);
   SSVAL(p,0,10); /* level 10 */
   SSVAL(p,2,1000);
@@ -3092,10 +3092,10 @@ static BOOL list_servers(char *wk_grp)
   SSVAL(p,0,0x68); /* api number */
   p += 2;
 
-  strcpy(p,generic_request?"WrLehDO":"WrLehDz");
+  pstrcpy(p,generic_request?"WrLehDO":"WrLehDz");
   p = skip_string(p,1);
 
-  strcpy(p,"B16BBDz");
+  pstrcpy(p,"B16BBDz");
 
   p = skip_string(p,1);
   SSVAL(p,0,uLevel);
@@ -3106,7 +3106,7 @@ static BOOL list_servers(char *wk_grp)
   p += 4;
 
   if (!generic_request) {
-    strcpy(p, wk_grp);
+    pstrcpy(p, wk_grp);
     p = skip_string(p,1);
   }
 
@@ -3551,7 +3551,7 @@ static void usage(char *pname)
   int save_debuglevel = -1;
 
 #ifdef KANJI
-  strcpy(term_code, KANJI);
+  pstrcpy(term_code, KANJI);
 #else /* KANJI */
   *term_code = 0;
 #endif /* KANJI */
@@ -3577,7 +3577,7 @@ static void usage(char *pname)
 
   if (getenv("USER"))
   {
-    strcpy(username,getenv("USER"));
+    pstrcpy(username,getenv("USER"));
 
     /* modification to support userid%passwd syntax in the USER var
        25.Aug.97, jdblair@uab.edu */
@@ -3585,7 +3585,7 @@ static void usage(char *pname)
     if ((p=strchr(username,'%')))
     {
       *p = 0;
-      strcpy(password,p+1);
+      pstrcpy(password,p+1);
       got_pass = True;
       memset(strchr(getenv("USER"),'%')+1,'X',strlen(password));
     }
@@ -3596,11 +3596,11 @@ static void usage(char *pname)
   25.Aug.97, jdblair@uab.edu */
 
   if (getenv("PASSWD"))
-    strcpy(password,getenv("PASSWD"));
+    pstrcpy(password,getenv("PASSWD"));
 
   if (*username == 0 && getenv("LOGNAME"))
     {
-      strcpy(username,getenv("LOGNAME"));
+      pstrcpy(username,getenv("LOGNAME"));
       strupper(username);
     }
 
@@ -3613,7 +3613,7 @@ static void usage(char *pname)
   if (*argv[1] != '-')
     {
 
-      strcpy(service,argv[1]);  
+      pstrcpy(service,argv[1]);  
       /* Convert any '/' characters in the service name to '\' characters */
       string_replace( service, '/','\\');
       argc--;
@@ -3638,7 +3638,7 @@ static void usage(char *pname)
       if (argc > 1 && (*argv[1] != '-'))
        {
          got_pass = True;
-         strcpy(password,argv[1]);  
+         pstrcpy(password,argv[1]);  
          memset(argv[1],'X',strlen(argv[1]));
          argc--;
          argv++;
@@ -3653,19 +3653,19 @@ static void usage(char *pname)
        max_protocol = interpret_protocol(optarg,max_protocol);
        break;
       case 'O':
-       strcpy(user_socket_options,optarg);
+       pstrcpy(user_socket_options,optarg);
        break;  
       case 'R':
         pstrcpy(new_name_resolve_order, optarg);
         break;
       case 'S':
-       strcpy(desthost,optarg);
+       pstrcpy(desthost,optarg);
        strupper(desthost);
        nt_domain_logon = True;
        break;
       case 'M':
        name_type = 0x03; /* messages are sent to NetBIOS name type 0x3 */
-       strcpy(desthost,optarg);
+       pstrcpy(desthost,optarg);
        strupper(desthost);
        message = True;
        break;
@@ -3673,7 +3673,7 @@ static void usage(char *pname)
        iface_set_default(NULL,optarg,NULL);
        break;
       case 'D':
-       strcpy(base_directory,optarg);
+       pstrcpy(base_directory,optarg);
        break;
       case 'T':
        if (!tar_parseargs(argc, argv, optarg, optind)) {
@@ -3682,20 +3682,20 @@ static void usage(char *pname)
        }
        break;
       case 'i':
-       strcpy(scope,optarg);
+       pstrcpy(scope,optarg);
        break;
       case 'L':
        got_pass = True;
-       strcpy(query_host,optarg);
+       pstrcpy(query_host,optarg);
        break;
       case 'U':
        {
          char *lp;
-       strcpy(username,optarg);
+       pstrcpy(username,optarg);
        if ((lp=strchr(username,'%')))
          {
            *lp = 0;
-           strcpy(password,lp+1);
+           pstrcpy(password,lp+1);
            got_pass = True;
            memset(strchr(optarg,'%')+1,'X',strlen(password));
          }
@@ -3703,7 +3703,7 @@ static void usage(char *pname)
            
        break;
       case 'W':
-       strcpy(workgroup,optarg);
+       pstrcpy(workgroup,optarg);
        break;
       case 'E':
        dbf = stderr;
@@ -3716,7 +3716,7 @@ static void usage(char *pname)
        }
        break;
       case 'n':
-       strcpy(global_myname,optarg);
+       pstrcpy(global_myname,optarg);
        break;
       case 'N':
        got_pass = True;
@@ -3746,10 +3746,10 @@ static void usage(char *pname)
        exit(0);
        break;
       case 's':
-       strcpy(servicesf, optarg);
+       pstrcpy(servicesf, optarg);
        break;
       case 't':
-        strcpy(term_code, optarg);
+        pstrcpy(term_code, optarg);
        break;
       default:
        usage(pname);
@@ -3787,7 +3787,7 @@ static void usage(char *pname)
   interpret_coding_system(term_code);
 
   if (*workgroup == 0)
-    strcpy(workgroup,lp_workgroup());
+    pstrcpy(workgroup,lp_workgroup());
 
   load_interfaces();
   get_myname((*global_myname)?NULL:global_myname,NULL);  

diff --git a/source3/client/clientutil.c b/source3/client/clientutil.c
index ab1b37c72da873447cc7d4e6368f30a250b85f7a..a09832a68b24cda8f41bbade6f3803abdfa00172 100644 (file)
--- a/source3/client/clientutil.c
+++ b/source3/client/clientutil.c
@@ -320,7 +320,7 @@ BOOL cli_send_session_request(char *inbuf,char *outbuf)
   int len = 4;
   /* send a session request (RFC 8002) */
 
-  strcpy(dest,desthost);
+  fstrcpy(dest,desthost);
   p = strchr(dest,'.');
   if (p) *p = 0;
 
@@ -454,11 +454,11 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
   if (strstr(service,"IPC$")) connect_as_ipc = True;
 #endif
 
-  strcpy(dev,"A:");
+  pstrcpy(dev,"A:");
   if (connect_as_printer)
-    strcpy(dev,"LPT1:");
+    pstrcpy(dev,"LPT1:");
   if (connect_as_ipc)
-    strcpy(dev,"IPC");
+    pstrcpy(dev,"IPC");
 
 
   if (start_session && !cli_send_session_request(inbuf,outbuf))
@@ -490,7 +490,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
         numprots++)
       {
        *p++ = 2;
-       strcpy(p,prots[numprots].name);
+       pstrcpy(p,prots[numprots].name);
        p += strlen(p) + 1;
       }
   }
@@ -593,7 +593,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
     {
       fstring pword;
       int passlen = strlen(pass)+1;
-      strcpy(pword,pass);      
+      fstrcpy(pword,pass);      
 
       if (doencrypt && *pass) {
        DEBUG(3,("Using encrypted passwords\n"));
@@ -602,7 +602,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
       }
 
       /* if in share level security then don't send a password now */
-      if (!(opt.sec_mode & 1)) {strcpy(pword, "");passlen=1;} 
+      if (!(opt.sec_mode & 1)) {fstrcpy(pword, "");passlen=1;} 
 
       /* send a session setup command */
       bzero(outbuf,smb_size);
@@ -621,7 +621,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
        p = smb_buf(outbuf);
        memcpy(p,pword,passlen);
        p += passlen;
-       strcpy(p,username);
+       pstrcpy(p,username);
       } else {
        if (!doencrypt) passlen--;
        /* for Win95 */
@@ -638,10 +638,10 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
        SSVAL(outbuf,smb_vwv8,0);
        p = smb_buf(outbuf);
        memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7);
-       strcpy(p,username);p = skip_string(p,1);
-       strcpy(p,workgroup);p = skip_string(p,1);
-       strcpy(p,"Unix");p = skip_string(p,1);
-       strcpy(p,"Samba");p = skip_string(p,1);
+       pstrcpy(p,username);p = skip_string(p,1);
+       pstrcpy(p,workgroup);p = skip_string(p,1);
+       pstrcpy(p,"Unix");p = skip_string(p,1);
+       pstrcpy(p,"Samba");p = skip_string(p,1);
        set_message(outbuf,13,PTR_DIFF(p,smb_buf(outbuf)),False);
       }
 
@@ -717,7 +717,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
   {
     int passlen = strlen(pass)+1;
     fstring pword;
-    strcpy(pword,pass);
+    fstrcpy(pword,pass);
 
     if (doencrypt && *pass) {
       passlen=24;
@@ -726,7 +726,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
 
     /* if in user level security then don't send a password now */
     if ((opt.sec_mode & 1)) {
-      strcpy(pword, ""); passlen=1; 
+      fstrcpy(pword, ""); passlen=1; 
     }
 
     if (Protocol <= PROTOCOL_COREPLUS) {
@@ -736,13 +736,13 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
 
       p = smb_buf(outbuf);
       *p++ = 0x04;
-      strcpy(p, service);
+      pstrcpy(p, service);
       p = skip_string(p,1);
       *p++ = 0x04;
       memcpy(p,pword,passlen);
       p += passlen;
       *p++ = 0x04;
-      strcpy(p, dev);
+      pstrcpy(p, dev);
     }
     else {
       set_message(outbuf,4,2 + strlen(service) + passlen + strlen(dev),True);
@@ -755,9 +755,9 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
       p = smb_buf(outbuf);
       memcpy(p,pword,passlen);
       p += passlen;
-      strcpy(p,service);
+      pstrcpy(p,service);
       p = skip_string(p,1);
-      strcpy(p,dev);
+      pstrcpy(p,dev);
     }
   }
 
@@ -771,7 +771,7 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
       Protocol >= PROTOCOL_LANMAN1)
     {
       DEBUG(2,("first SMBtconX failed, trying again. %s\n",smb_errstr(inbuf)));
-      strcpy(pass,"");
+      pstrcpy(pass,"");
       goto again2;
     }  
 
@@ -873,13 +873,13 @@ BOOL cli_open_sockets(int port )
     }
   else
     {
-      strcpy(service2,service);
+      pstrcpy(service2,service);
       host = strtok(service2,"\\/");
       if (!host) {
        DEBUG(0,("Badly formed host name\n"));
        return(False);
       }
-      strcpy(desthost,host);
+      pstrcpy(desthost,host);
     }
 
   if (!(*global_myname)) {

diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index 69a8c9823b0aa1d3423705f489bab24e8662b8fd..04d435eca7cffa3a2c31a5fc040678da45ecb7d8 100644 (file)
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -248,7 +248,7 @@ static void writetarheader(int f,  char *aname, int size, time_t mtime,
   /* write out a "standard" tar format header */
 
   hb.dbuf.name[NAMSIZ-1]='\0';
-  strcpy(hb.dbuf.mode, amode);
+  fstrcpy(hb.dbuf.mode, amode);
   oct_it(0L, 8, hb.dbuf.uid);
   oct_it(0L, 8, hb.dbuf.gid);
   oct_it((long) size, 13, hb.dbuf.size);
@@ -309,7 +309,7 @@ static long readtarheader(union hblock *hb, file_info2 *finfo, char *prefix)
 
   }
 
-  strcpy(finfo->name, prefix);
+  pstrcpy(finfo->name, prefix);
 
   /* use l + 1 to do the null too; do prefix - prefcnt to zap leading slash */
   unfixtarname(finfo->name + strlen(prefix), hb->dbuf.name,
@@ -574,9 +574,9 @@ static int do_setrtime(char *fname, int mtime)
 
   }
 
-  strcpy(name, fname);
-  strcpy(fname, "\\");
-  strcat(fname, name);
+  pstrcpy(name, fname);
+  pstrcpy(fname, "\\");
+  pstrcat(fname, name);
 
   inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
   outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
@@ -599,7 +599,7 @@ static int do_setrtime(char *fname, int mtime)
 
   p = smb_buf(outbuf);
   *p++ = 4;
-  strcpy(p, fname);
+  pstrcpy(p, fname);
   p+= (strlen(fname)+1);
 
   *p++ = 4;
@@ -634,9 +634,9 @@ static int do_setrattr(char *fname, int attr, int setit)
   pstring name;
   int fattr;
 
-  strcpy(name,fname);
-  strcpy(fname,"\\");
-  strcat(fname,name);
+  pstrcpy(name,fname);
+  pstrcpy(fname,"\\");
+  pstrcat(fname,name);
 
   inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
   outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
@@ -657,7 +657,7 @@ static int do_setrattr(char *fname, int attr, int setit)
 
   p = smb_buf(outbuf);
   *p++ = 4;
-  strcpy(p,fname);
+  pstrcpy(p,fname);
   p += (strlen(fname)+1);
   
   *p++ = 4;
@@ -695,7 +695,7 @@ static int do_setrattr(char *fname, int attr, int setit)
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,fname);
+  pstrcpy(p,fname);
   p += (strlen(fname)+1);
   
   *p++ = 4;
@@ -736,7 +736,7 @@ static BOOL smbcreat(file_info2 finfo, int *fnum, char *inbuf, char *outbuf)
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,finfo.name);
+  pstrcpy(p,finfo.name);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -844,7 +844,7 @@ static BOOL smbchkpath(char *fname, char *inbuf, char *outbuf)
 
   p = smb_buf(outbuf);
   *p++ = 4;
-  strcpy(p,fname);
+  pstrcpy(p,fname);
 
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -871,7 +871,7 @@ static BOOL smbmkdir(char *fname, char *inbuf, char *outbuf)
   
   p = smb_buf(outbuf);
   *p++ = 4;      
-  strcpy(p,fname);
+  pstrcpy(p,fname);
   
   send_smb(Client,outbuf);
   client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
@@ -913,7 +913,7 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf)
 
   /* fname copied to ffname so can strtok */
 
-  strcpy(ffname, fname);
+  pstrcpy(ffname, fname);
 
   /* do a `basename' on ffname, so don't try and make file name directory */
   if ((basehack=strrchr(ffname, '\\')) == NULL)
@@ -925,7 +925,7 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf)
 
   while (p)
     {
-      strcat(partpath, p);
+      pstrcat(partpath, p);
 
       if (!smbchkpath(partpath, inbuf, outbuf)) {
        if (!smbmkdir(partpath, inbuf, outbuf))
@@ -938,7 +938,7 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf)
 
       }
 
-      strcat(partpath, "\\");
+      pstrcat(partpath, "\\");
       p = strtok(NULL,"/\\");
     }
 
@@ -1014,7 +1014,7 @@ static void do_atar(char *rname,char *lname,file_info *finfo1)
   SSVAL(outbuf,smb_vwv8,1);
 
   p = smb_buf(outbuf);
-  strcpy(p,rname);
+  pstrcpy(p,rname);
   p = skip_string(p,1);
 
   dos_clean_name(rname);
@@ -1052,7 +1052,7 @@ static void do_atar(char *rname,char *lname,file_info *finfo1)
       return;
     }
 
-  strcpy(finfo.name,rname);
+  pstrcpy(finfo.name,rname);
   if (!finfo1)
     {
       finfo.mode = SVAL(inbuf,smb_vwv3);
@@ -1388,11 +1388,11 @@ static void do_tar(file_info *finfo)
   if (!tar_excl && clipn) {
     pstring exclaim;
 
-    strcpy(exclaim, cur_dir);
+    pstrcpy(exclaim, cur_dir);
     *(exclaim+strlen(exclaim)-1)='\0';
 
-    strcat(exclaim, "\\");
-    strcat(exclaim, finfo->name);
+    pstrcat(exclaim, "\\");
+    pstrcat(exclaim, finfo->name);
 
     DEBUG(5, ("...tar_re_search: %d\n", tar_re_search));
 
@@ -1422,10 +1422,10 @@ static void do_tar(file_info *finfo)
          return;
        }
 
-      strcpy(saved_curdir,cur_dir);
+      pstrcpy(saved_curdir,cur_dir);
 
-      strcat(cur_dir,finfo->name);
-      strcat(cur_dir,"\\");
+      pstrcat(cur_dir,finfo->name);
+      pstrcat(cur_dir,"\\");
 
       DEBUG(5, ("Writing a dir, Name = %s\n", cur_dir));
 
@@ -1433,16 +1433,16 @@ static void do_tar(file_info *finfo)
        * 40755 */
       writetarheader(tarhandle, cur_dir, 0, finfo->mtime, "040755 \0", '5');
       ntarf++;  /* Make sure we have a file on there */
-      strcpy(mtar_mask,cur_dir);
-      strcat(mtar_mask,"*");
+      pstrcpy(mtar_mask,cur_dir);
+      pstrcat(mtar_mask,"*");
       /*      do_dir((char *)inbuf,(char *)outbuf,mtar_mask,attribute,do_tar,recurse,True); */
-             strcpy(cur_dir,saved_curdir);
+             pstrcpy(cur_dir,saved_curdir);
       free(inbuf);free(outbuf);
     }
   else
     {
-      strcpy(rname,cur_dir);
-      strcat(rname,finfo->name);
+      pstrcpy(rname,cur_dir);
+      pstrcat(rname,finfo->name);
       do_atar(rname,finfo->name,finfo);
     }
 }
@@ -2060,8 +2060,8 @@ void cmd_setmode(char *dum_in, char *dum_out)
       return;
     }
 
-  strcpy(fname, cur_dir);
-  strcat(fname, buf);
+  pstrcpy(fname, cur_dir);
+  pstrcat(fname, buf);
 
   while (next_token(NULL,buf,NULL)) {
     q=buf;
@@ -2153,29 +2153,29 @@ int process_tar(char *inbuf, char *outbuf)
        if (strrchr(cliplist[i], '\\')) {
          pstring saved_dir;
          
-         strcpy(saved_dir, cur_dir);
+         pstrcpy(saved_dir, cur_dir);
          
          if (*cliplist[i]=='\\') {
-           strcpy(tarmac, cliplist[i]);
+           pstrcpy(tarmac, cliplist[i]);
          } else {
-           strcpy(tarmac, cur_dir);
-           strcat(tarmac, cliplist[i]);
+           pstrcpy(tarmac, cur_dir);
+           pstrcat(tarmac, cliplist[i]);
          }
-         strcpy(cur_dir, tarmac);
+         pstrcpy(cur_dir, tarmac);
          *(strrchr(cur_dir, '\\')+1)='\0';
 
          do_dir((char *)inbuf,(char *)outbuf,tarmac,attribute,do_tar,recurse, True);
-         strcpy(cur_dir,saved_dir);
+         pstrcpy(cur_dir,saved_dir);
        } else {
-         strcpy(tarmac, cur_dir);
-         strcat(tarmac, cliplist[i]);
+         pstrcpy(tarmac, cur_dir);
+         pstrcat(tarmac, cliplist[i]);
          do_dir((char *)inbuf,(char *)outbuf,tarmac,attribute,do_tar,recurse, True);
        }
       }
     } else {
       pstring mask;
-      strcpy(mask,cur_dir);
-      strcat(mask,"\\*");
+      pstrcpy(mask,cur_dir);
+      pstrcat(mask,"\\*");
       do_dir((char *)inbuf,(char *)outbuf,mask,attribute,do_tar,recurse, True);
     }
     

diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c
index bd0d0ccd5a6d61063fbc7d561600cc5e668d5c92..92d74e1d4957ad1e72bc58febe6ee330f79bc043 100644 (file)
--- a/source3/client/ntclient.c
+++ b/source3/client/ntclient.c
@@ -217,7 +217,7 @@ BOOL client_do_nt_login(char *desthost, char *myhostname,
        strlower(mach_pwd);
 
        fstrcpy(mach_pwd , myhostname);
-       strcat(mach_acct, "$");
+       fstrcat(mach_acct, "$");
 
        SIVAL(clnt_chal.data, 0, 0x11111111);
        SIVAL(clnt_chal.data, 4, 0x22222222);

diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
index 51c1ee6310a947752053ba34c3815bb265cac625..1610a8986b194f55405881a6b96521f5746cc67b 100644 (file)
--- a/source3/client/smbmount.c
+++ b/source3/client/smbmount.c
@@ -148,7 +148,7 @@ static BOOL chkpath(char *path,BOOL report)
   pstring inbuf,outbuf;
   char *p;
 
-  strcpy(path2,path);
+  fstrcpy(path2,path);
   trim_string(path2,NULL,"\\");
   if (!*path2) *path2 = '\\';
 
@@ -160,7 +160,7 @@ static BOOL chkpath(char *path,BOOL report)
 
   p = smb_buf(outbuf);
   *p++ = 4;
-  strcpy(p,path2);
+  fstrcpy(p,path2);
 
 #if 0
   {
@@ -346,7 +346,7 @@ static void cmd_mount(char *inbuf,char *outbuf)
         * Build the service name to report on the Unix side,
         * converting '\' to '/' and ' ' to '_'.
         */
-       strcpy(share_name, service);  
+       pstrcpy(share_name, service);  
        string_replace(share_name, '\\', '/');
        string_replace(share_name, ' ', '_');
 
@@ -354,8 +354,8 @@ static void cmd_mount(char *inbuf,char *outbuf)
 
        while(next_token(NULL, buf, NULL))
        {
-               strcat(mount_command, " ");
-               strcat(mount_command, buf);
+               pstrcat(mount_command, " ");
+               pstrcat(mount_command, buf);
        }
 
        DEBUG(3, ("mount command: %s\n", mount_command));
@@ -683,7 +683,7 @@ static void usage(char *pname)
   char *p;
 
 #ifdef KANJI
-  strcpy(term_code, KANJI);
+  pstrcpy(term_code, KANJI);
 #else /* KANJI */
   *term_code = 0;
 #endif /* KANJI */
@@ -707,7 +707,7 @@ static void usage(char *pname)
 
   if (getenv("USER"))
   {
-    strcpy(username,getenv("USER"));
+    pstrcpy(username,getenv("USER"));
 
     /* modification to support userid%passwd syntax in the USER var
        25.Aug.97, jdblair@uab.edu */
@@ -715,7 +715,7 @@ static void usage(char *pname)
     if ((p=strchr(username,'%')))
     {
       *p = 0;
-      strcpy(password,p+1);
+      pstrcpy(password,p+1);
       got_pass = True;
       memset(strchr(getenv("USER"),'%')+1,'X',strlen(password));
     }
@@ -726,11 +726,11 @@ static void usage(char *pname)
   25.Aug.97, jdblair@uab.edu */
 
   if (getenv("PASSWD"))
-    strcpy(password,getenv("PASSWD"));
+    pstrcpy(password,getenv("PASSWD"));
 
   if (*username == 0 && getenv("LOGNAME"))
     {
-      strcpy(username,getenv("LOGNAME"));
+      pstrcpy(username,getenv("LOGNAME"));
       strupper(username);
     }
 
@@ -743,7 +743,7 @@ static void usage(char *pname)
   if (*argv[1] != '-')
     {
 
-      strcpy(service, argv[1]);  
+      pstrcpy(service, argv[1]);  
       /* Convert any '/' characters in the service name to '\' characters */
       string_replace( service, '/','\\');
       argc--;
@@ -759,7 +759,7 @@ static void usage(char *pname)
       if (argc > 1 && (*argv[1] != '-'))
        {
          got_pass = True;
-         strcpy(password,argv[1]);  
+         pstrcpy(password,argv[1]);  
          memset(argv[1],'X',strlen(argv[1]));
          argc--;
          argv++;
@@ -774,10 +774,10 @@ static void usage(char *pname)
        max_protocol = interpret_protocol(optarg,max_protocol);
        break;
       case 'O':
-       strcpy(user_socket_options,optarg);
+       pstrcpy(user_socket_options,optarg);
        break;  
       case 'S':
-       strcpy(desthost,optarg);
+       pstrcpy(desthost,optarg);
        strupper(desthost);
        nt_domain_logon = True;
        break;
@@ -785,19 +785,19 @@ static void usage(char *pname)
        iface_set_default(NULL,optarg,NULL);
        break;
       case 'D':
-       strcpy(base_directory,optarg);
+       pstrcpy(base_directory,optarg);
        break;
       case 'i':
-       strcpy(scope,optarg);
+       pstrcpy(scope,optarg);
        break;
       case 'U':
        {
          char *lp;
-       strcpy(username,optarg);
+       pstrcpy(username,optarg);
        if ((lp=strchr(username,'%')))
          {
            *lp = 0;
-           strcpy(password,lp+1);
+           pstrcpy(password,lp+1);
            got_pass = True;
            memset(strchr(optarg,'%')+1,'X',strlen(password));
          }
@@ -805,7 +805,7 @@ static void usage(char *pname)
            
        break;
       case 'W':
-       strcpy(workgroup,optarg);
+       pstrcpy(workgroup,optarg);
        break;
       case 'E':
        dbf = stderr;
@@ -818,7 +818,7 @@ static void usage(char *pname)
        }
        break;
       case 'n':
-       strcpy(global_myname,optarg);
+       pstrcpy(global_myname,optarg);
        break;
       case 'N':
        got_pass = True;
@@ -844,10 +844,10 @@ static void usage(char *pname)
        exit(0);
        break;
       case 's':
-       strcpy(servicesf, optarg);
+       pstrcpy(servicesf, optarg);
        break;
       case 't':
-        strcpy(term_code, optarg);
+        pstrcpy(term_code, optarg);
        break;
       default:
        usage(pname);
@@ -877,7 +877,7 @@ static void usage(char *pname)
   interpret_coding_system(term_code);
 
   if (*workgroup == 0)
-    strcpy(workgroup,lp_workgroup());
+    pstrcpy(workgroup,lp_workgroup());
 
   load_interfaces();
   get_myname((*global_myname)?NULL:global_myname,NULL);  

diff --git a/source3/client/smbumount.c b/source3/client/smbumount.c
index 8d76aefc5ff215a17074570939938b0e34a7e5a9..91b41d42061d7300c500ff8c4de0c4adfcdc77ea 100644 (file)
--- a/source3/client/smbumount.c
+++ b/source3/client/smbumount.c
@@ -92,7 +92,7 @@ canonicalize (const char *path)
        if (realpath (path, canonical))
                return canonical;
 
-       strcpy (canonical, path);
+       pstrcpy (canonical, path);
        return canonical;
 }
 

diff --git a/source3/include/includes.h b/source3/include/includes.h
index d741e07c28bf50b296aa09575a31faed3d414c64..d345ea38defc3fb7fc8eefb0f35098e84f28803e 100644 (file)
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -332,6 +332,10 @@ extern int innetgr (const char *, const char *, const char *, const char *);
 #define REPLACE_GETPASS
 #endif /* REPLACE_GETPASS */
 #define USE_SIGPROCMASK
+#ifndef QSORT_CAST
+#define QSORT_CAST (int (*)(const void *, const void *))
+#endif /* QSORT_CAST */
+#define HAVE_VSNPRINTF
 #endif
 
 
@@ -547,6 +551,7 @@ char *mktemp(char *); /* No standard include */
 #define HAVE_GETTIMEOFDAY
 #define HAVE_PATHCONF
 #define HAVE_GETGRNAM 1
+#define HAVE_VSNPRINTF
 #define QSORT_CAST (int (*)(const void *, const void *))
 #if !defined(O_SYNC)
 #if defined(O_FSYNC)
@@ -624,6 +629,7 @@ char *mktemp(char *); /* No standard include */
 #define USE_SETRES
 #define USE_SYSV_IPC
 #define NO_SEMUN
+#define HAVE_VALLOC
 #define DEFAULT_PRINTING PRINT_HPUX
 /* Ken Weiss <krweiss@ucdavis.edu> tells us that SIGCLD_IGNORE is
    not good for HPUX */
@@ -1353,12 +1359,29 @@ extern int errno;
 #define strncasecmp(s1,s2,n) StrnCaseCmp(s1,s2,n)
 #endif
 
-#ifndef strcpy
-#define strcpy(dest,src) StrCpy(dest,src)
-#endif
+#ifdef strcpy
+#undef strcpy
+#endif /* strcpy */
+#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___;
+
+#ifdef strcat
+#undef strcat
+#endif /* strcat */
+#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___;
+
+#ifdef sprintf
+#undef sprintf
+#endif /* sprintf */
+#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__>;
+
+#define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1)
+#define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1)
+#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
 
 #if MEM_MAN
 #include "mem_man/mem_man.h"
-#endif
+#endif /* MEM_MAN */
+
 
 #endif

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 79712d3c8711742a723a8b5ca08523e85b7b99c6..2285f36aa90764e787609a14a6d2810924c13c22 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1170,7 +1170,7 @@ BOOL is_8_3( char *fname, BOOL check_case );
 int str_checksum( char *s );
 void reset_mangled_cache( void );
 BOOL check_mangled_cache( char *s );
-void mangle_name_83( char *s );
+void mangle_name_83( char *s, int s_len );
 BOOL name_map_mangle( char *OutName, BOOL need83, int snum );
 
 /*The following definitions come from  md4.c  */
@@ -2054,7 +2054,9 @@ char *unistr(char *buf);
 int unistrncpy(char *dst, char *src, int len);
 int unistrcpy(char *dst, char *src);
 void fstrcpy(char *dest, char *src);
-void pstrcpy(char *dest, char *src);
+void fstrcat(char *dest, char *src);
+char *safe_strcpy(char *dest, char *src, int maxlength);
+char *safe_strcat(char *dest, char *src, int maxlength);
 char *align4(char *q, char *base);
 char *align2(char *q, char *base);
 char *align_offset(char *q, char *base, int align_offset_len);

diff --git a/source3/include/smb.h b/source3/include/smb.h
index d8fe5a84f7be96aafb62e421d5e189a5bd8f4418..714d3b2eb40a5f0ab5ebfb9c1c9c11adc5e842f3 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -237,7 +237,7 @@ implemented */
 
 typedef char pstring[1024];
 typedef char fstring[128];
-typedef fstring string;
+/* typedef fstring string; */
 
 
 /* pipe strings */

diff --git a/source3/lib/charset.c b/source3/lib/charset.c
index d8ce38f3968f09ebc70d02a054fed8af07bd40ec..db331af115d6c3384ce8031859aea5d3962f92c5 100644 (file)
--- a/source3/lib/charset.c
+++ b/source3/lib/charset.c
@@ -200,9 +200,9 @@ static codepage_p load_client_codepage( int client_codepage )
     return NULL;
   }
 
-  strcpy(codepage_file_name, CODEPAGEDIR);
-  strcat(codepage_file_name, "/");
-  strcat(codepage_file_name, "codepage.");
+  pstrcpy(codepage_file_name, CODEPAGEDIR);
+  pstrcat(codepage_file_name, "/");
+  pstrcat(codepage_file_name, "codepage.");
   slprintf(&codepage_file_name[strlen(codepage_file_name)], 
           sizeof(pstring)-(strlen(codepage_file_name)+1),
           "%03d",

diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c
index b09f683e62d3ff01242c29408c81b21f9644b31e..5e87275ce89a3d38663c789ac0032f7ea4635b78 100644 (file)
--- a/source3/lib/genrand.c
+++ b/source3/lib/genrand.c
@@ -84,7 +84,7 @@ static void do_dirrand(char *name, unsigned char *buf, int buf_len)
       struct stat st;
 
       if(strlen(p) <= len_left)
-        strcpy(pos, p);
+        pstrcpy(pos, p);
 
       if(sys_stat(fullname,&st) == 0) {
         SIVAL(buf, ((counter * 4)%(buf_len-4)), 

diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c
index 401e91e5349249e774360c0639f994c6078a7dfd..afe255d36a49ff8816af6c54397bdafcacfafd09 100644 (file)
--- a/source3/lib/kanji.c
+++ b/source3/lib/kanji.c
@@ -419,7 +419,7 @@ static char *sj_to_euc(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy((char *) save, (char *) cvtbuf);
+       pstrcpy((char *) save, (char *) cvtbuf);
        return (char *) save;
     } else {
        return cvtbuf;
@@ -451,7 +451,7 @@ static char *euc_to_sj(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy(save, (char *) cvtbuf);
+       pstrcpy(save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -522,7 +522,7 @@ static char *jis8_to_sj(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy (save, (char *) cvtbuf);
+       pstrcpy (save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -578,7 +578,7 @@ static char *sj_to_jis8(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy (save, (char *) cvtbuf);
+       pstrcpy (save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -637,7 +637,7 @@ static char *jis7_to_sj(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy (save, (char *) cvtbuf);
+       pstrcpy (save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -713,7 +713,7 @@ static char *sj_to_jis7(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy (save, (char *) cvtbuf);
+       pstrcpy (save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -769,7 +769,7 @@ static char *junet_to_sj(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy (save, (char *) cvtbuf);
+       pstrcpy (save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -838,7 +838,7 @@ static char *sj_to_junet(char *from, BOOL overwrite)
     }
     *out = 0;
     if (overwrite) {
-       strcpy (save, (char *) cvtbuf);
+       pstrcpy (save, (char *) cvtbuf);
        return save;
     } else {
        return cvtbuf;
@@ -864,7 +864,7 @@ static char *hex_to_sj(char *from, BOOL overwrite)
     }
     *dp = '\0';
     if (overwrite) {
-       strcpy ((char *) from, (char *) cvtbuf);
+       pstrcpy ((char *) from, (char *) cvtbuf);
        return (char *) from;
     } else {
        return cvtbuf;
@@ -900,7 +900,7 @@ static char *sj_to_hex(char *from, BOOL overwrite)
     }
     *dp = '\0';
     if (overwrite) {
-       strcpy ((char *) from, (char *) cvtbuf);
+       pstrcpy ((char *) from, (char *) cvtbuf);
        return (char *) from;
     } else {
        return cvtbuf;
@@ -932,7 +932,7 @@ static char *cap_to_sj(char *from, BOOL overwrite)
     }
     *dp = '\0';
     if (overwrite) {
-        strcpy ((char *) from, (char *) cvtbuf);
+        pstrcpy ((char *) from, (char *) cvtbuf);
         return (char *) from;
     } else {
         return cvtbuf;
@@ -960,7 +960,7 @@ static char *sj_to_cap(char *from, BOOL overwrite)
     }
     *dp = '\0';
     if (overwrite) {
-       strcpy ((char *) from, (char *) cvtbuf);
+       pstrcpy ((char *) from, (char *) cvtbuf);
        return (char *) from;
     } else {
        return cvtbuf;
@@ -973,7 +973,7 @@ static char *sj_to_cap(char *from, BOOL overwrite)
 static char *sj_to_sj(char *from, BOOL overwrite)
 {
     if (!overwrite) {
-       strcpy (cvtbuf, (char *) from);
+       pstrcpy (cvtbuf, (char *) from);
        return cvtbuf;
     } else {
        return (char *) from;

diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c
index 46d6a9d5b8c2cab2059454e58ea2616c04eee399..9cb3f5afef447a54694e7584fdad1dc231b12512 100644 (file)
--- a/source3/lib/pidfile.c
+++ b/source3/lib/pidfile.c
@@ -58,7 +58,7 @@ void pidfile_create(char *name)
        }
 
        memset(buf, 0, sizeof(buf));
-       sprintf(buf, "%u\n", (unsigned int) getpid());
+       slprintf(buf, sizeof(buf) - 1, "%u\n", (unsigned int) getpid());
        if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
                DEBUG(0,("ERROR: can't write to %s: %s\n", 
                         pidFile, strerror(errno)));

diff --git a/source3/lib/slprintf.c b/source3/lib/slprintf.c
index e2dc0e1235492fc929b214c2f51b9d7bec86ef68..9a00585ca8f0333925f2138669039151d0efbe8b 100644 (file)
--- a/source3/lib/slprintf.c
+++ b/source3/lib/slprintf.c
@@ -41,7 +41,15 @@ int vslprintf(char *str, int n, char *format, va_list ap)
                /* note: we don't free the old memory (if any) as we don't 
                   want a malloc lib to reuse the memory as it will
                   have the wrong permissions */
+#ifdef HAVE_MEMALIGN
                buf = memalign(pagesize, len);
+#else /* HAVE_MEMALIGN */
+#ifdef HAVE_VALLOC
+               buf = valloc(len);
+#else /* HAVE_VALLOC */
+                buf = malloc(len);
+#endif /* HAVE_VALLOC */
+#endif /* HAVE_MEMALIGN */
                if (buf) {
                        if (mprotect(buf+(len-pagesize), pagesize, PROT_READ) != 0) {
                                exit(1);

diff --git a/source3/lib/time.c b/source3/lib/time.c
index 716f5d62cc66db6cdda1960c8912f752371214e5..f5c40f0ba088a85ca03221fa79bbbd7014f8e3ad 100644 (file)
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -486,7 +486,7 @@ char *timestring(void )
     int zone = TimeDiff(t);
     int absZoneMinutes = (zone<0 ? -zone : zone) / 60;
     size_t len = strftime(TimeBuf,sizeof(TimeBuf)-6,"%Y/%m/%d %T",tm);
-    sprintf(TimeBuf+len," %c%02d%02d",
+    slprintf(TimeBuf+len, sizeof(fstring) - len - 1, " %c%02d%02d",
            zone<0?'+':'-',absZoneMinutes/60,absZoneMinutes%60);
   }
 #else

diff --git a/source3/lib/util.c b/source3/lib/util.c
index d2600512e28c1eb63d0ecf178992960d61a1d40d..f1ea1931c581c2d5e5473c78f389b34211fe5799 100644 (file)
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -178,14 +178,14 @@ void reopen_logs(void)
   
   if (DEBUGLEVEL > 0)
     {
-      strcpy(fname,debugf);
+      pstrcpy(fname,debugf);
       if (lp_loaded() && (*lp_logfile()))
-       strcpy(fname,lp_logfile());
+       pstrcpy(fname,lp_logfile());
 
       if (!strcsequal(fname,debugf) || !dbf || !file_exist(debugf,NULL))
        {
          int oldumask = umask(022);
-         strcpy(debugf,fname);
+         pstrcpy(debugf,fname);
          if (dbf) fclose(dbf);
          if (append_log)
            dbf = fopen(debugf,"a");
@@ -581,7 +581,7 @@ set user socket options
 ****************************************************************************/
 void set_socket_options(int fd, char *options)
 {
-  string tok;
+  fstring tok;
 
   while (next_token(&options,tok," \t,"))
     {
@@ -767,7 +767,7 @@ int name_mangle( char *In, char *Out, char name_type )
   if( '*' == In[0] )
     buf[0] = '*';
   else
-    (void)sprintf( buf, "%-15.15s%c", In, name_type );
+    (void)slprintf( buf, sizeof(buf) - 1, "%-15.15s%c", In, name_type );
 
   /* Place the length of the first field into the output buffer. */
   p[0] = 32;
@@ -869,16 +869,16 @@ return a string representing an attribute for a file
 ********************************************************************/
 char *attrib_string(int mode)
 {
-  static char attrstr[10];
+  static fstring attrstr;
 
   attrstr[0] = 0;
 
-  if (mode & aVOLID) strcat(attrstr,"V");
-  if (mode & aDIR) strcat(attrstr,"D");
-  if (mode & aARCH) strcat(attrstr,"A");
-  if (mode & aHIDDEN) strcat(attrstr,"H");
-  if (mode & aSYSTEM) strcat(attrstr,"S");
-  if (mode & aRONLY) strcat(attrstr,"R");        
+  if (mode & aVOLID) fstrcat(attrstr,"V");
+  if (mode & aDIR) fstrcat(attrstr,"D");
+  if (mode & aARCH) fstrcat(attrstr,"A");
+  if (mode & aHIDDEN) fstrcat(attrstr,"H");
+  if (mode & aSYSTEM) fstrcat(attrstr,"S");
+  if (mode & aRONLY) fstrcat(attrstr,"R");       
 
   return(attrstr);
 }
@@ -1244,8 +1244,8 @@ void unix_format(char *fname)
   if (*fname == '/')
     {
       pstrcpy(namecopy,fname);
-      strcpy(fname,".");
-      strcat(fname,namecopy);
+      pstrcpy(fname,".");
+      pstrcat(fname,namecopy);
     }  
 }
 
@@ -1447,7 +1447,7 @@ void dos_clean_name(char *s)
        *p = 0;
       else
        *s = 0;
-      strcat(s,s1);
+      pstrcat(s,s1);
     }  
 
   trim_string(s,NULL,"\\..");
@@ -1471,7 +1471,7 @@ void unix_clean_name(char *s)
   if(strncmp(s, "./", 2) == 0) {
     trim_string(s, "./", NULL);
     if(*s == 0)
-      strcpy(s,"./");
+      pstrcpy(s,"./");
   }
 
   while ((p = strstr(s,"/../")) != NULL)
@@ -1485,7 +1485,7 @@ void unix_clean_name(char *s)
        *p = 0;
       else
        *s = 0;
-      strcat(s,s1);
+      pstrcat(s,s1);
     }  
 
   trim_string(s,NULL,"/..");
@@ -1578,7 +1578,7 @@ char *GetWd(char *str)
                    st.st_dev == st2.st_dev &&
                    (st2.st_mode & S_IFMT) == S_IFDIR)
                  {
-                   strcpy (str, ino_list[i].text);
+                   pstrcpy (str, ino_list[i].text);
 
                    /* promote it for future use */
                    array_promote((char *)&ino_list[0],sizeof(ino_list[0]),i);
@@ -1605,7 +1605,7 @@ char *GetWd(char *str)
       return (NULL);
     }
 
-  strcpy(str,s);
+  pstrcpy(str,s);
 
   DEBUG(5,("GetWd %s, inode %d, dev %x\n",s,(int)st.st_ino,(int)st.st_dev));
 
@@ -1656,7 +1656,7 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks)
        }
 
       if (strlen(s) == 0)
-        strcpy(s,"./");
+        pstrcpy(s,"./");
 
       return(True);
     }
@@ -1717,8 +1717,8 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks)
 
   if (p && (p != base_name))
     {
-      strcat(newname,"/");
-      strcat(newname,p+1);
+      pstrcat(newname,"/");
+      pstrcat(newname,p+1);
     }
 
   {
@@ -1747,7 +1747,7 @@ BOOL reduce_name(char *s,char *dir,BOOL widelinks)
   ChDir(wd);
 
   if (strlen(s) == 0)
-    strcpy(s,"./");
+    pstrcpy(s,"./");
 
   DEBUG(3,("reduced to %s\n",s));
   return(True);
@@ -1802,7 +1802,7 @@ void expand_mask(char *Mask,BOOL doext)
     }
   else
     {
-      strcpy(mext,"");
+      pstrcpy(mext,"");
       if (strlen(mbeg) > 8)
        {
          pstrcpy(mext,mbeg + 8);
@@ -1811,12 +1811,12 @@ void expand_mask(char *Mask,BOOL doext)
     }
 
   if (*mbeg == 0)
-    strcpy(mbeg,"????????");
+    pstrcpy(mbeg,"????????");
   if ((*mext == 0) && doext && !hasdot)
-    strcpy(mext,"???");
+    pstrcpy(mext,"???");
 
   if (strequal(mbeg,"*") && *mext==0) 
-    strcpy(mext,"*");
+    pstrcpy(mext,"*");
 
   /* expand *'s */
   expand_one(mbeg,8);
@@ -1824,10 +1824,10 @@ void expand_mask(char *Mask,BOOL doext)
     expand_one(mext,3);
 
   pstrcpy(Mask,dirpart);
-  if (*dirpart || absolute) strcat(Mask,"\\");
-  strcat(Mask,mbeg);
-  strcat(Mask,".");
-  strcat(Mask,mext);
+  if (*dirpart || absolute) pstrcat(Mask,"\\");
+  pstrcat(Mask,mbeg);
+  pstrcat(Mask,".");
+  pstrcat(Mask,mext);
 
   DEBUG(6,("Mask expanded to [%s]\n",Mask));
 }  
@@ -2769,7 +2769,7 @@ int name_extract(char *buf,int ofs,char *name)
 {
   char *p = name_ptr(buf,ofs);
   int d = PTR_DIFF(p,buf+ofs);
-  strcpy(name,"");
+  pstrcpy(name,"");
   if (d < -50 || d > 50) return(0);
   return(name_interpret(p,name));
 }
@@ -2913,7 +2913,7 @@ BOOL string_init(char **dest,char *src)
              return False;
       }
 
-      strcpy(*dest,src);
+      pstrcpy(*dest,src);
     }
   return(True);
 }
@@ -3057,12 +3057,12 @@ BOOL mask_match(char *str, char *regexp, int case_sig,BOOL trans2)
   StrnCpy(p2,str,sizeof(pstring)-1);
 
   if (!strchr(p2,'.')) {
-    strcat(p2,".");
+    pstrcat(p2,".");
   }
 
 /*
   if (!strchr(p1,'.')) {
-    strcat(p1,".");
+    pstrcat(p1,".");
   }
 */
 
@@ -3077,7 +3077,7 @@ BOOL mask_match(char *str, char *regexp, int case_sig,BOOL trans2)
   /* Remove any *? and ** as they are meaningless */
   for(p = p1; *p; p++)
     while( *p == '*' && (p[1] == '?' ||p[1] == '*'))
-      (void)strcpy( &p[1], &p[2]);
+      (void)pstrcpy( &p[1], &p[2]);
 
   if (strequal(p1,"*")) return(True);
 
@@ -3310,11 +3310,11 @@ char *dirname_dos(char *path,char *buf)
   char *p = strrchr(path,'\\');
 
   if (!p)
-    strcpy(buf,path);
+    pstrcpy(buf,path);
   else
     {
       *p = 0;
-      strcpy(buf,path);
+      pstrcpy(buf,path);
       *p = '\\';
     }
 
@@ -3330,9 +3330,9 @@ static char *filename_dos(char *path,char *buf)
   char *p = strrchr(path,'\\');
 
   if (!p)
-    strcpy(buf,path);
+    pstrcpy(buf,path);
   else
-    strcpy(buf,p+1);
+    pstrcpy(buf,p+1);
 
   return(buf);
 }
@@ -3373,7 +3373,7 @@ duplicate a string
   if (!s) return(NULL);
   ret = (char *)malloc(strlen(s)+1);
   if (!ret) return(NULL);
-  strcpy(ret,s);
+  pstrcpy(ret,s);
   return(ret);
 }
 #endif
@@ -3748,7 +3748,7 @@ char *client_name(int fd)
        last_fd = fd;
        global_client_name_done = False;
        
-       strcpy(name_buf,"UNKNOWN");
+       pstrcpy(name_buf,"UNKNOWN");
        
        if (fd == -1) {
                return name_buf;
@@ -3769,7 +3769,7 @@ char *client_name(int fd)
                StrnCpy(name_buf,(char *)hp->h_name,sizeof(name_buf) - 1);
                if (!matchname(name_buf, sockin->sin_addr)) {
                        DEBUG(0,("Matchname failed on %s %s\n",name_buf,client_addr(fd)));
-                       strcpy(name_buf,"UNKNOWN");
+                       pstrcpy(name_buf,"UNKNOWN");
                }
        }
        global_client_name_done = True;
@@ -3793,7 +3793,7 @@ char *client_addr(int fd)
        last_fd = fd;
        global_client_addr_done = False;
 
-       strcpy(addr_buf,"0.0.0.0");
+       fstrcpy(addr_buf,"0.0.0.0");
 
        if (fd == -1) {
                return addr_buf;
@@ -3980,7 +3980,7 @@ char *automount_path(char *user_name)
                {
                  DEBUG(5, ("NIS lookup succeeded.  Home path is: %s\n",
                        home_path_start?(home_path_start+1):""));
-                 strcpy(server_path, home_path_start+1);
+                 pstrcpy(server_path, home_path_start+1);
                }
        }
 #endif
@@ -4029,7 +4029,7 @@ void standard_sub_basic(char *str)
                        case 'a' : string_sub(p,"%a", remote_arch); break;
                        case 'd' :
                        {
-                               sprintf(pidstr,"%d",(int)getpid());
+                               slprintf(pidstr,sizeof(pidstr) - 1, "%d",(int)getpid());
                                string_sub(p,"%d", pidstr);
                                break;
                        }
@@ -4184,7 +4184,7 @@ char *uidtoname(int uid)
   static char name[40];
   struct passwd *pass = getpwuid(uid);
   if (pass) return(pass->pw_name);
-  sprintf(name,"%d",uid);
+  slprintf(name, sizeof(name) - 1, "%d",uid);
   return(name);
 }
 
@@ -4196,7 +4196,7 @@ char *gidtoname(int gid)
   static char name[40];
   struct group *grp = getgrgid(gid);
   if (grp) return(grp->gr_name);
-  sprintf(name,"%d",gid);
+  slprintf(name,sizeof(name) - 1, "%d",gid);
   return(name);
 }
 
@@ -4600,23 +4600,23 @@ void set_remote_arch(enum remote_arch_types type)
   switch( type )
   {
   case RA_WFWG:
-    strcpy(remote_arch, "WfWg");
+    fstrcpy(remote_arch, "WfWg");
     return;
   case RA_OS2:
-    strcpy(remote_arch, "OS2");
+    fstrcpy(remote_arch, "OS2");
     return;
   case RA_WIN95:
-    strcpy(remote_arch, "Win95");
+    fstrcpy(remote_arch, "Win95");
     return;
   case RA_WINNT:
-    strcpy(remote_arch, "WinNT");
+    fstrcpy(remote_arch, "WinNT");
     return;
   case RA_SAMBA:
-    strcpy(remote_arch,"Samba");
+    fstrcpy(remote_arch,"Samba");
     return;
   default:
     ra_type = RA_UNKNOWN;
-    strcpy(remote_arch, "UNKNOWN");
+    fstrcpy(remote_arch, "UNKNOWN");
     break;
   }
 }
@@ -4793,7 +4793,7 @@ int unistrcpy(char *dst, char *src)
        return num_wchars;
 }
 
-
+#if 0
 /*******************************************************************
 safe string copy into a fstring
 ********************************************************************/
@@ -4824,34 +4824,94 @@ void fstrcpy(char *dest, char *src)
 }   
 
 /*******************************************************************
-safe string copy into a pstring
+safe string cat into a fstring
 ********************************************************************/
-void pstrcpy(char *dest, char *src)
+void fstrcat(char *dest, char *src)
 {
-    int maxlength = sizeof(pstring) - 1;
-    int len;
+    int maxlength = sizeof(fstring) - 1;
+    int src_len, dest_len;
     if (!dest) {
-        DEBUG(0,("ERROR: NULL dest in pstrcpy\n"));
+        DEBUG(0,("ERROR: NULL dest in fstrcat\n"));
         return;
     }
 
     if (!src) {
-        *dest = 0;
         return;
     }  
 
+    src_len = strlen(src);
+    dest_len = strlen(dest);
+
+    if (src_len + dest_len > maxlength) {
+           DEBUG(0,("ERROR: string overflow by %d in fstrcat [%.50s]\n",
+                    src_len + dest_len - maxlength, src));
+           src_len = maxlength - dest_len;
+    }
+      
+    memcpy(&dest[dest_len], src, src_len);
+    dest[dest_len + src_len] = 0;
+}
+#endif
+
+/*******************************************************************
+safe string copy into a known length string
+********************************************************************/
+char *safe_strcpy(char *dest, char *src, int maxlength)
+{
+    int len;
+
+    if (!dest) {
+        DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
+        return NULL;
+    }
+
+    if (!src) {
+        *dest = 0;
+        return dest;
+    }  
+
     len = strlen(src);
 
     if (len > maxlength) {
-           DEBUG(0,("ERROR: string overflow by %d in pstrcpy [%.50s]\n",
+           DEBUG(0,("ERROR: string overflow by %d in safe_strcpy [%.50s]\n",
                     len-maxlength, src));
            len = maxlength;
     }
       
     memcpy(dest, src, len);
     dest[len] = 0;
+    return dest;
 }  
 
+/*******************************************************************
+safe string cat into a string
+********************************************************************/
+char *safe_strcat(char *dest, char *src, int maxlength)
+{
+    int src_len, dest_len;
+
+    if (!dest) {
+        DEBUG(0,("ERROR: NULL dest in safe_strcat\n"));
+        return NULL;
+    }
+
+    if (!src) {
+        return dest;
+    }  
+
+    src_len = strlen(src);
+    dest_len = strlen(dest);
+
+    if (src_len + dest_len > maxlength) {
+           DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
+                    src_len + dest_len - maxlength, src));
+           src_len = maxlength - dest_len;
+    }
+      
+    memcpy(&dest[dest_len], src, src_len);
+    dest[dest_len + src_len] = 0;
+    return dest;
+}
 
 /*******************************************************************
 align a pointer to a multiple of 4 bytes
@@ -4954,12 +5014,12 @@ char *dom_sid_to_string(DOM_SID *sid)
               (sid->id_auth[3] << 16) +
               (sid->id_auth[2] << 24);
 
-  sprintf(sidstr, "S-%d-%d", sid->sid_rev_num, ia);
+  slprintf(sidstr, sizeof(sidstr) - 1, "S-%d-%d", sid->sid_rev_num, ia);
 
   for (i = 0; i < sid->num_auths; i++)
   {
-    sprintf(subauth, "-%d", sid->sub_auths[i]);
-    strcat(sidstr, subauth);
+    slprintf(subauth, sizeof(subauth)-1, "-%d", sid->sub_auths[i]);
+    pstrcat(sidstr, subauth);
   }
 
   DEBUG(7,("dom_sid_to_string returning %s\n", sidstr));

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 8b4001827c0578f0a3902fc57d6da2020fb03649..9dfd482da3f8864cb51902aebf2a22413f33666d 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -89,7 +89,7 @@ char *cli_errstr(struct cli_state *cli)
     char *nt_msg = get_nt_error_msg(cli->nt_error);
 
     if(nt_msg == NULL)
-      sprintf(error_message, "NT code %d", cli->nt_error);
+      slprintf(error_message, sizeof(fstring) - 1, "NT code %d", cli->nt_error);
     else
       fstrcpy(error_message, nt_msg);
 
@@ -100,7 +100,7 @@ char *cli_errstr(struct cli_state *cli)
    * Must have been a rap error.
    */
 
-  sprintf(error_message, "code %d", cli->rap_error);
+  slprintf(error_message, sizeof(error_message) - 1, "code %d", cli->rap_error);
     
   for(i = 0; rap_errmap[i].message != NULL; i++) {
     if (rap_errmap[i].err == cli->rap_error) {
@@ -387,16 +387,16 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
        p = param;
        SSVAL(p,0,132); /* api number */
        p += 2;
-       strcpy(p,"OOWb54WrLh");
+       pstrcpy(p,"OOWb54WrLh");
        p = skip_string(p,1);
-       strcpy(p,"WB21BWDWWDDDDDDDzzzD");
+       pstrcpy(p,"WB21BWDWWDDDDDDDzzzD");
        p = skip_string(p,1);
        SSVAL(p,0,1);
        p += 2;
-       strcpy(p,user);
+       pstrcpy(p,user);
        strupper(p);
        p += 21; p++; p += 15; p++; 
-       strcpy(p, workstation); 
+       pstrcpy(p, workstation); 
        strupper(p);
        p += 16;
        SSVAL(p, 0, BUFFER_SIZE);
@@ -443,9 +443,9 @@ BOOL cli_RNetShareEnum(struct cli_state *cli, void (*fn)(char *, uint32, char *)
   p = param;
   SSVAL(p,0,0); /* api number */
   p += 2;
-  strcpy(p,"WrLeh");
+  pstrcpy(p,"WrLeh");
   p = skip_string(p,1);
-  strcpy(p,"B13BWz");
+  pstrcpy(p,"B13BWz");
   p = skip_string(p,1);
   SSVAL(p,0,1);
   SSVAL(p,2,BUFFER_SIZE);
@@ -505,10 +505,10 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
        p = param;
        SSVAL(p,0,0x68); /* api number */
        p += 2;
-       strcpy(p,"WrLehDz");
+       pstrcpy(p,"WrLehDz");
        p = skip_string(p,1);
   
-       strcpy(p,"B16BBDz");
+       pstrcpy(p,"B16BBDz");
   
        p = skip_string(p,1);
        SSVAL(p,0,uLevel);
@@ -625,7 +625,7 @@ BOOL cli_session_setup(struct cli_state *cli,
                p = smb_buf(cli->outbuf);
                memcpy(p,pword,passlen);
                p += passlen;
-               strcpy(p,user);
+               pstrcpy(p,user);
                strupper(p);
        } else {
                set_message(cli->outbuf,13,0,True);
@@ -644,14 +644,14 @@ BOOL cli_session_setup(struct cli_state *cli,
                p += SVAL(cli->outbuf,smb_vwv7);
                memcpy(p,ntpass,ntpasslen); 
                p += SVAL(cli->outbuf,smb_vwv8);
-               strcpy(p,user);
+               pstrcpy(p,user);
                strupper(p);
                p = skip_string(p,1);
-               strcpy(p,workgroup);
+               pstrcpy(p,workgroup);
                strupper(p);
                p = skip_string(p,1);
-               strcpy(p,"Unix");p = skip_string(p,1);
-               strcpy(p,"Samba");p = skip_string(p,1);
+               pstrcpy(p,"Unix");p = skip_string(p,1);
+               pstrcpy(p,"Samba");p = skip_string(p,1);
                set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False);
        }
 
@@ -728,9 +728,9 @@ BOOL cli_send_tconX(struct cli_state *cli,
        p = smb_buf(cli->outbuf);
        memcpy(p,pword,passlen);
        p += passlen;
-       strcpy(p,fullshare);
+       fstrcpy(p,fullshare);
        p = skip_string(p,1);
-       strcpy(p,dev);
+       pstrcpy(p,dev);
 
        SCVAL(cli->inbuf,smb_rcls, 1);
 
@@ -785,10 +785,10 @@ BOOL cli_mv(struct cli_state *cli, char *fname_src, char *fname_dst)
 
         p = smb_buf(cli->outbuf);
         *p++ = 4;
-        strcpy(p,fname_src);
+        pstrcpy(p,fname_src);
         p = skip_string(p,1);
         *p++ = 4;
-        strcpy(p,fname_dst);
+        pstrcpy(p,fname_dst);
 
         send_smb(cli->fd,cli->outbuf);
         if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -822,7 +822,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname)
   
        p = smb_buf(cli->outbuf);
        *p++ = 4;      
-       strcpy(p,fname);
+       pstrcpy(p,fname);
 
        send_smb(cli->fd,cli->outbuf);
        if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -855,7 +855,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname)
 
        p = smb_buf(cli->outbuf);
        *p++ = 4;      
-       strcpy(p,dname);
+       pstrcpy(p,dname);
 
        send_smb(cli->fd,cli->outbuf);
        if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -887,7 +887,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname)
 
        p = smb_buf(cli->outbuf);
        *p++ = 4;      
-       strcpy(p,dname);
+       pstrcpy(p,dname);
 
        send_smb(cli->fd,cli->outbuf);
        if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -952,7 +952,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
        SSVAL(cli->outbuf,smb_vwv8,openfn);
   
        p = smb_buf(cli->outbuf);
-       strcpy(p,fname);
+       pstrcpy(p,fname);
        p = skip_string(p,1);
 
        send_smb(cli->fd,cli->outbuf);
@@ -1179,7 +1179,7 @@ BOOL cli_getatr(struct cli_state *cli, char *fname,
 
        p = smb_buf(cli->outbuf);
        *p = 4;
-       strcpy(p+1, fname);
+       pstrcpy(p+1, fname);
 
        send_smb(cli->fd,cli->outbuf);
        if (!client_receive_smb(cli->fd,cli->inbuf,cli->timeout)) {
@@ -1228,7 +1228,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, int attr, time_t t)
 
        p = smb_buf(cli->outbuf);
        *p = 4;
-       strcpy(p+1, fname);
+       pstrcpy(p+1, fname);
        p = skip_string(p,1);
        *p = 4;
 
@@ -1450,11 +1450,11 @@ BOOL cli_oem_change_password(struct cli_state *cli, char *user, char *new_passwo
 
   SSVAL(p,0,214); /* SamOEMChangePassword command. */
   p += 2;
-  strcpy(p, "zsT");
+  pstrcpy(p, "zsT");
   p = skip_string(p,1);
-  strcpy(p, "B516B16");
+  pstrcpy(p, "B516B16");
   p = skip_string(p,1);
-  fstrcpy(p,user);
+  pstrcpy(p,user);
   p = skip_string(p,1);
   SSVAL(p,0,532);
   p += 2;
@@ -1546,7 +1546,7 @@ BOOL cli_negprot(struct cli_state *cli)
             prots[numprots].name && prots[numprots].prot<=cli->protocol;
             numprots++) {
                *p++ = 2;
-               strcpy(p,prots[numprots].name);
+               pstrcpy(p,prots[numprots].name);
                p += strlen(p) + 1;
        }
 

diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 9f5c70e5e4a40086bdc58a9e5bddbf29a637898d..c9f7ee429baa106f338d9e5e08ede927eb3c8e63 100644 (file)
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -31,7 +31,7 @@ represent a credential as a string
 char *credstr(uchar *cred)
 {
        static fstring buf;
-       sprintf(buf,"%02X%02X%02X%02X%02X%02X%02X%02X",
+       slprintf(buf, sizeof(buf) - 1, "%02X%02X%02X%02X%02X%02X%02X%02X",
                cred[0], cred[1], cred[2], cred[3], 
                cred[4], cred[5], cred[6], cred[7]);
        return buf;

diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 4de10f10ce91935582cd5986a407b78a80b1fb71..7f3d012c30ece2202b840adf443920ee122dfde1 100644 (file)
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -51,15 +51,15 @@ static void _interpret_node_status(char *p, char *master,char *rname)
       type = CVAL(p,15);
       p += 16;
 
-      strcat(flags, (p[0] & 0x80) ? "<GROUP> " : "        ");
-      if ((p[0] & 0x60) == 0x00) strcat(flags,"B ");
-      if ((p[0] & 0x60) == 0x20) strcat(flags,"P ");
-      if ((p[0] & 0x60) == 0x40) strcat(flags,"M ");
-      if ((p[0] & 0x60) == 0x60) strcat(flags,"H ");
-      if (p[0] & 0x10) strcat(flags,"<DEREGISTERING> ");
-      if (p[0] & 0x08) strcat(flags,"<CONFLICT> ");
-      if (p[0] & 0x04) strcat(flags,"<ACTIVE> ");
-      if (p[0] & 0x02) strcat(flags,"<PERMANENT> ");
+      fstrcat(flags, (p[0] & 0x80) ? "<GROUP> " : "        ");
+      if ((p[0] & 0x60) == 0x00) fstrcat(flags,"B ");
+      if ((p[0] & 0x60) == 0x20) fstrcat(flags,"P ");
+      if ((p[0] & 0x60) == 0x40) fstrcat(flags,"M ");
+      if ((p[0] & 0x60) == 0x60) fstrcat(flags,"H ");
+      if (p[0] & 0x10) fstrcat(flags,"<DEREGISTERING> ");
+      if (p[0] & 0x08) fstrcat(flags,"<CONFLICT> ");
+      if (p[0] & 0x04) fstrcat(flags,"<ACTIVE> ");
+      if (p[0] & 0x02) fstrcat(flags,"<PERMANENT> ");
 
       if (master && !*master && type == 0x1d) {
        StrnCpy(master,qname,15);
@@ -341,9 +341,9 @@ BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr
     if (*line == '#')
       continue;
 
-    strcpy(ip,"");
-    strcpy(name,"");
-    strcpy(flags,"");
+    pstrcpy(ip,"");
+    pstrcpy(name,"");
+    pstrcpy(flags,"");
 
     ptr = line;
 

diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index 5a8a037ce5b18a623bbe9f2710d2f0b3e66357b0..6c178758c68527a1c9208d95afa89d9e9a203708 100644 (file)
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -252,7 +252,7 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
     buf1[0] = '*';
     buf1[15] = name->name_type;
   } else {
-    sprintf(buf1,"%-15.15s%c",name->name,name->name_type);
+    slprintf(buf1, sizeof(buf1) - 1,"%-15.15s%c",name->name,name->name_type);
   }
 
   buf[offset] = 0x20;
@@ -270,7 +270,7 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
   if (name->scope[0]) {
     /* XXXX this scope handling needs testing */
     ret += strlen(name->scope) + 1;
-    strcpy(&buf[offset+1],name->scope);  
+    pstrcpy(&buf[offset+1],name->scope);  
   
     p = &buf[offset+1];
     while ((p = strchr(p,'.'))) {

diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index 0788ae1b60ac1a2f624d97559c789382766789ac..d2f9335000d5ce8af019c465fe95ee03a5b65d53 100644 (file)
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -525,7 +525,7 @@ char *get_nt_error_msg(uint32 nt_code)
        static pstring msg;
        int idx = 0;
 
-       strcpy(msg, "Unknown NT error");
+       pstrcpy(msg, "Unknown NT error");
 
         nt_code &= 0xFFFF;
 
@@ -533,7 +533,7 @@ char *get_nt_error_msg(uint32 nt_code)
        {
                if (nt_errs[idx].nt_errcode == nt_code)
                {
-                       strcpy(msg, nt_errs[idx].nt_errstr);
+                       pstrcpy(msg, nt_errs[idx].nt_errstr);
                        return msg;
                }
                idx++;

diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c
index e8c4544394e4ed9e8eb590b440a514566f7dec50..c284d18ba67a8f0daebf6fbb8c98627347d7583b 100644 (file)
--- a/source3/libsmb/smberr.c
+++ b/source3/libsmb/smberr.c
@@ -165,18 +165,18 @@ char *smb_errstr(char *inbuf)
              if (num == err[j].code)
                {
                  if (DEBUGLEVEL > 0)
-                   sprintf(ret,"%s - %s (%s)",err_classes[i].class,
+                   slprintf(ret, sizeof(ret) - 1, "%s - %s (%s)",err_classes[i].class,
                            err[j].name,err[j].message);
                  else
-                   sprintf(ret,"%s - %s",err_classes[i].class,err[j].name);
+                   slprintf(ret, sizeof(ret) - 1, "%s - %s",err_classes[i].class,err[j].name);
                  return ret;
                }
          }
 
-       sprintf(ret,"%s - %d",err_classes[i].class,num);
+       slprintf(ret, sizeof(ret) - 1, "%s - %d",err_classes[i].class,num);
        return ret;
       }
   
-  sprintf(ret,"Error: Unknown error (%d,%d)",class,num);
+  slprintf(ret, sizeof(ret) - 1, "Error: Unknown error (%d,%d)",class,num);
   return(ret);
 }

diff --git a/source3/locking/locking_shm.c b/source3/locking/locking_shm.c
index e3c65ce286312650635f61d062f4c21f901c00ab..afca567033a2ebef819f4497bd18094eb172851d 100644 (file)
--- a/source3/locking/locking_shm.c
+++ b/source3/locking/locking_shm.c
@@ -436,7 +436,7 @@ static BOOL shm_set_share_mode(int token, int fnum, uint16 port, uint16 op_type)
     new_mode_p->st_ino = inode;
     new_mode_p->num_share_mode_entries = 0;
     new_mode_p->share_mode_entries = 0;
-    strcpy(new_mode_p->file_name, fs_p->name);
+    pstrcpy(new_mode_p->file_name, fs_p->name);
 
     /* Chain onto the start of the hash chain (in the hope we will be used first). */
     new_mode_p->next_offset = mode_array[hash_entry];

diff --git a/source3/locking/locking_slow.c b/source3/locking/locking_slow.c
index d6ac6efac14f3f054b898b74a5e3424124513171..635cd08e9aac47ef891360679b914c69a9ee7ecc 100644 (file)
--- a/source3/locking/locking_slow.c
+++ b/source3/locking/locking_slow.c
@@ -81,12 +81,14 @@ static BOOL slow_stop_share_mode_mgmt(void)
   ******************************************************************/
 static BOOL share_name(int cnum, uint32 dev, uint32 inode, char *name)
 {
-  strcpy(name,lp_lockdir());
+  int len;
+  pstrcpy(name,lp_lockdir());
   trim_string(name,"","/");
   if (!*name) return(False);
+  len = strlen(name);
   name += strlen(name);
   
-  sprintf(name,"/share.%u.%u",dev,inode);
+  slprintf(name, sizeof(pstring) - len - 1, "/share.%u.%u",dev,inode);
   return(True);
 }
 
@@ -784,7 +786,7 @@ deleting it.\n", fname));
     SIVAL(buf,SMF_VERSION_OFFSET,LOCKING_VERSION);
     SIVAL(buf,SMF_NUM_ENTRIES_OFFSET,0);
     SSVAL(buf,SMF_FILENAME_LEN_OFFSET,strlen(fs_p->name) + 1);
-    strcpy(buf + SMF_HEADER_LENGTH, fs_p->name);
+    pstrcpy(buf + SMF_HEADER_LENGTH, fs_p->name);
   }
 
   num_entries = IVAL(buf,SMF_NUM_ENTRIES_OFFSET);
@@ -1001,10 +1003,10 @@ static int slow_share_forall(void (*fn)(share_mode_entry *, char *))
 
                if (sscanf(s,"share.%u.%u",&dev,&inode)!=2) continue;
        
-               strcpy(lname,lp_lockdir());
+               pstrcpy(lname,lp_lockdir());
                trim_string(lname,NULL,"/");
-               strcat(lname,"/");
-               strcat(lname,s);
+               pstrcat(lname,"/");
+               pstrcat(lname,s);
        
                fd = open(lname,read_only?O_RDONLY:O_RDWR,0);
                if (fd < 0) {
@@ -1022,7 +1024,7 @@ static int slow_share_forall(void (*fn)(share_mode_entry *, char *))
                        close(fd);
                        continue;
                } 
-               strcpy( fname, &buf[10]);
+               pstrcpy( fname, &buf[10]);
                close(fd);
       
                base = buf + SMF_HEADER_LENGTH + 

diff --git a/source3/locking/shmem.c b/source3/locking/shmem.c
index 9f24076171b9f3d7dc2bd9cc28abf2ca17792cde..21aaa9e24f548297235e233ee91f1ad29ed1af61 100644 (file)
--- a/source3/locking/shmem.c
+++ b/source3/locking/shmem.c
@@ -758,7 +758,7 @@ struct shmem_ops *smb_shm_open(int ronly)
        }
        trim_string(file_name,"","/");
        if (!*file_name) return(False);
-       strcat(file_name, "/SHARE_MEM_FILE");
+       pstrcat(file_name, "/SHARE_MEM_FILE");
    
    DEBUG(5,("smb_shm_open : using shmem file %s to be of size %d\n",file_name,size));
 
@@ -799,8 +799,8 @@ struct shmem_ops *smb_shm_open(int ronly)
       */
 
    /* construct processreg file name */
-   strcpy(smb_shm_processreg_name, file_name);
-   strcat(smb_shm_processreg_name, ".processes");
+   pstrcpy(smb_shm_processreg_name, file_name);
+   pstrcat(smb_shm_processreg_name, ".processes");
 
    if (!read_only && 
        !smb_shm_register_process(smb_shm_processreg_name, getpid(), &other_processes))

diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index f9519bea18ec46c81799bf1e50a00e4458095dfd..39f5087497af84e606aca237e653d6f99f542270 100644 (file)
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -133,7 +133,7 @@ static BOOL dump_core(void)
   pstrcpy( dname, debugf );
   if ((p=strrchr(dname,'/')))
     *p=0;
-  strcat( dname, "/corefiles" );
+  pstrcat( dname, "/corefiles" );
   mkdir( dname, 0700 );
   sys_chown( dname, getuid(), getgid() );
   chmod( dname, 0700 );
@@ -209,7 +209,7 @@ BOOL reload_services(BOOL test)
   BOOL ret;
   extern fstring remote_machine;
 
-  strcpy( remote_machine, "nmb" );
+  fstrcpy( remote_machine, "nmb" );
 
   if ( lp_loaded() )
   {
@@ -560,14 +560,14 @@ int main(int argc,char *argv[])
 
   TimeInit();
 
-  strcpy( debugf, NMBLOGFILE );
+  pstrcpy( debugf, NMBLOGFILE );
 
   setup_logging( argv[0], False );
 
   charset_initialise();
 
 #ifdef LMHOSTSFILE
-  strcpy( host_file, LMHOSTSFILE );
+  pstrcpy( host_file, LMHOSTSFILE );
 #endif
 
   /* this is for people who can't start the program correctly */

diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c
index c602789fb84e811737d7ccbbf61d368f879a15cc..ffa3b38cba6c79c62174b518361eacc7e7cdc22d 100644 (file)
--- a/source3/nmbd/nmbd_become_lmb.c
+++ b/source3/nmbd/nmbd_become_lmb.c
@@ -276,7 +276,7 @@ in workgroup %s on subnet %s\n",
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  strcpy(userdata->data, work->work_group);
+  pstrcpy(userdata->data, work->work_group);
 
   /* Deregister any browser names we may have. */
   make_nmb_name(&nmbname, MSBROWSE, 0x1, scope);
@@ -528,7 +528,7 @@ in workgroup %s on subnet %s\n",
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  strcpy(userdata->data, work->work_group);
+  pstrcpy(userdata->data, work->work_group);
 
   /* Register the special browser group name. */
   register_name(subrec, MSBROWSE, 0x01, samba_nb_type|NB_GROUP,

diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
index c78fdfc51457f4a41f216b004aaf568450d13b45..c1f6aa5a6c4b86a6756ee85b7f81730ef5ddbc9a 100644 (file)
--- a/source3/nmbd/nmbd_browsesync.c
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -420,7 +420,7 @@ workgroup %s\n", q_name->name ));
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  strcpy(userdata->data, work->work_group);
+  pstrcpy(userdata->data, work->work_group);
 
   node_status( subrec, &nmbname, answer_ip, 
                domain_master_node_status_success,

diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c
index e1c56f591f43f2590bb650008d1c42cfec8feb2e..02b511a3633fba1f078cbc961b8c20a824a70b36 100644 (file)
--- a/source3/nmbd/nmbd_incomingrequests.c
+++ b/source3/nmbd/nmbd_incomingrequests.c
@@ -362,7 +362,7 @@ subnet %s - name not found.\n", namestr(&nmb->question.question_name),
       {
         /* Start with the name. */
         bzero(buf,18);
-        sprintf(buf,"%-15.15s",namerec->name.name);
+        slprintf(buf, 17, "%-15.15s",namerec->name.name);
         strupper(buf);
         
         /* Put the name type and netbios flags in the buffer. */

diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c
index b37cac10dc186d53c47ef40e74ff4ed8719f8692..07d026e051ed089057dc2022765eea1cb71a5981 100644 (file)
--- a/source3/nmbd/nmbd_namelistdb.c
+++ b/source3/nmbd/nmbd_namelistdb.c
@@ -553,14 +553,14 @@ static void dump_subnet_namelist( struct subnet_record *subrec, FILE *fp)
 
 void dump_all_namelists(void)
 {
-  fstring fname;
+  pstring fname;
   FILE *fp; 
   struct subnet_record *subrec;
 
   pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/"); 
-  strcat(fname,"namelist.debug");
+  pstrcat(fname,"/"); 
+  pstrcat(fname,"namelist.debug");
 
   fp = fopen(fname,"w");
      

diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index 54f4f3a2cbced075352e052aaf8ad0c01d1f095a..b62f0aff628406de1b7c4e10a179005dc5a40f41 100644 (file)
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -335,9 +335,9 @@ static BOOL initiate_multihomed_name_register_packet( struct packet_struct *pack
                                     uint16 nb_flags, struct in_addr *register_ip)
 {
   struct nmb_packet *nmb = &packet->packet.nmb;
-  char second_ip_buf[25];
+  fstring second_ip_buf;
 
-  strcpy(second_ip_buf, inet_ntoa(packet->ip));
+  fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
 
   nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
   nmb->header.arcount = 1;
@@ -1914,7 +1914,7 @@ BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len,
   SSVAL(ptr,smb_vwv15,1);
   SSVAL(ptr,smb_vwv16,2);
   p2 = smb_buf(ptr);
-  strcpy(p2,mailslot);
+  pstrcpy(p2,mailslot);
   p2 = skip_string(p2,1);
 
   memcpy(p2,buf,len);

diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index 50b6052c67362d589fe2588d14f8689bf1ad2a99..631b8ff01ff04cf14cb30e4330ef3dbc47ad6943 100644 (file)
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -68,7 +68,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
     return;
   }
 
-  strcpy(my_name, global_myname);
+  pstrcpy(my_name, global_myname);
   strupper(my_name);
 
   code = SVAL(buf,0);
@@ -89,7 +89,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       token = SVAL(q,3);
 
       reply_code = 0x6;
-      strcpy(reply_name,my_name); 
+      fstrcpy(reply_name,my_name); 
       add_slashes = True;
 
       DEBUG(3,("process_logon_packet: Domain login request from %s at IP %s user=%s token=%x\n",
@@ -98,9 +98,9 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       q = outbuf;
       SSVAL(q, 0, 6); q += 2;
 
-      strcpy(reply_name, "\\\\");
-      strcat(reply_name, my_name);
-      strcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
+      fstrcpy(reply_name, "\\\\");
+      fstrcat(reply_name, my_name);
+      fstrcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
 
       SSVAL(q, 0, token); q += 2;
 
@@ -137,8 +137,8 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       q = outbuf;
       SSVAL(q, 0, QUERYFORPDC_R); q += 2;
 
-      strcpy(reply_name,my_name);
-      strcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
+      fstrcpy(reply_name,my_name);
+      fstrcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
 
       if (strcmp(mailslot, NT_LOGON_MAILSLOT)==0) {
         q = align2(q, buf);
@@ -198,8 +198,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
       pstrcpy(ascuser, unistr(uniuser));
       DEBUG(3,("process_logon_packet: SAMLOGON user %s\n", ascuser));
 
-      strcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
-      strcpy(reply_name+2,my_name); 
+      fstrcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
+      fstrcpy(reply_name+2,my_name); 
 
       smb_pass = getsampwnam(ascuser);
 

diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index 64ca49cdbccaccf2e77b915a6c1cd7ece06792ab..6ff6ad5c5d7fb492dec595a78e84a9eec4f2663b 100644 (file)
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -338,10 +338,10 @@ void write_browse_list(time_t t, BOOL force_write)
     
   pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,SERVER_LIST);
+  pstrcat(fname,"/");
+  pstrcat(fname,SERVER_LIST);
   pstrcpy(fnamenew,fname);
-  strcat(fnamenew,".");
+  pstrcat(fnamenew,".");
  
   fp = fopen(fnamenew,"w");
  

diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
index d089686917a0b9a25e706aa1514a3f3ca471ed13..acab81592614b59953d3d7f7e9e0ca59f487ec7f 100644 (file)
--- a/source3/nmbd/nmbd_winsserver.c
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -116,7 +116,7 @@ Load or create the WINS database.
 
 BOOL initialise_wins(void)
 {
-  fstring fname;
+  pstring fname;
   time_t time_now = time(NULL);
   FILE *fp;
   pstring line;
@@ -131,10 +131,10 @@ BOOL initialise_wins(void)
   start_async_dns();
 #endif
 
-  fstrcpy(fname,lp_lockdir());
+  pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,WINS_LIST);
+  pstrcat(fname,"/");
+  pstrcat(fname,WINS_LIST);
 
   if((fp = fopen(fname,"r")) == NULL)
   {
@@ -1515,7 +1515,7 @@ void initiate_wins_processing(time_t t)
 void wins_write_database(void)
 {
   struct name_record *namerec;
-  fstring fname, fnamenew;
+  pstring fname, fnamenew;
    
   FILE *fp;
    
@@ -1524,10 +1524,10 @@ void wins_write_database(void)
 
   fstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,WINS_LIST);
-  fstrcpy(fnamenew,fname);
-  strcat(fnamenew,".");
+  pstrcat(fname,"/");
+  pstrcat(fname,WINS_LIST);
+  pstrcpy(fnamenew,fname);
+  pstrcat(fnamenew,".");
 
   if((fp = fopen(fnamenew,"w")) == NULL)
   {

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 95c2d09ede14bfd9254a64b92c428aa792c54795..a73b9536c88cab23c4cbf85b5cda4f1a3429cdab 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -720,9 +720,10 @@ static void init_globals(void)
   string_set(&Globals.szRootdir, "/");
   string_set(&Globals.szSmbrun, SMBRUN);
   string_set(&Globals.szSocketAddress, "0.0.0.0");
-  sprintf(s,"Samba %s",VERSION);
+  pstrcpy(s, "Samba ");
+  pstrcat(s, VERSION);
   string_set(&Globals.szServerString,s);
-  sprintf(s,"%d.%d", DEFAULT_MAJOR_VERSION, DEFAULT_MINOR_VERSION);
+  slprintf(s,sizeof(s)-1, "%d.%d", DEFAULT_MAJOR_VERSION, DEFAULT_MINOR_VERSION);
   string_set(&Globals.szAnnounceVersion,s);
 
   string_set(&Globals.szLogonDrive, "");
@@ -1829,11 +1830,11 @@ BOOL lp_do_parameter(int snum, char *pszParmName, char *pszParmValue)
        break;
 
      case P_GSTRING:
-       strcpy((char *)parm_ptr,pszParmValue);
+       pstrcpy((char *)parm_ptr,pszParmValue);
        break;
 
      case P_UGSTRING:
-       strcpy((char *)parm_ptr,pszParmValue);
+       pstrcpy((char *)parm_ptr,pszParmValue);
        strupper((char *)parm_ptr);
        break;
 

diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index 7af8a1b9f103071e4edd071a497dd22ff1b94ed8..0c9847becfe676d80fcacef658e38d0972109ef5 100644 (file)
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -114,7 +114,7 @@ BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **r
           in the filter expression, replace %u with the real name
           so in ldap filter, %u MUST exist :-)
        */      
-       strcpy(filter,lp_ldap_filter());
+       pstrcpy(filter,lp_ldap_filter());
        string_sub(filter,"%u",user);
        
        if ( !ldap_search_one_user(ldap_struct, filter, result) )
@@ -152,7 +152,7 @@ void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute
        
        if ( (valeurs=ldap_get_values(ldap_struct, entry, attribute)) != NULL) 
        {
-               strcpy(value, valeurs[0]);
+               pstrcpy(value, valeurs[0]);
                ldap_value_free(valeurs);
                DEBUG(3,("get_single_attribute: [%s]=[%s]\n", attribute, value));       
        }
@@ -451,7 +451,7 @@ void *startldappwent(BOOL update)
        int scope = LDAP_SCOPE_ONELEVEL;
        int rc;
 
-       char filter[256];
+       pstring filter;
 
        if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */
                return NULL;
@@ -464,17 +464,17 @@ void *startldappwent(BOOL update)
        {
                case 1:
                {
-                       strcpy(filter, "objectclass=sambaAccount");
+                       pstrcpy(filter, "objectclass=sambaAccount");
                        break;
                }
                case 2:
                {
-                       strcpy(filter, "objectclass=sambaMachine");
+                       pstrcpy(filter, "objectclass=sambaMachine");
                        break;
                }
                default:
                {
-                       strcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
+                       pstrcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
                        break;
                }
        }

diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 9c0b276074e3527621f94ea1d79c15f3f3ff8563..aaa4db16ee96a5fe72bc6709ef32be2791c26d4a 100644 (file)
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -534,7 +534,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
 
   int fd;
   int new_entry_length;
-  char *new_entry;
+  unsigned char *new_entry;
   long offpos;
   unsigned char *p;
 
@@ -583,19 +583,19 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
     return False;
   }
 
-  sprintf(new_entry, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
+  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
   p = (unsigned char *)&new_entry[strlen(new_entry)];
 
   if(newpwd->smb_passwd != NULL) {
     for( i = 0; i < 16; i++) {
-      sprintf((char *)&p[i*2], "%02X", newpwd->smb_passwd[i]);
+      slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
     }
   } else {
     i=0;
     if(newpwd->acct_ctrl & ACB_PWNOTREQ)
-      sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+      safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
     else
-      sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+      safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
   }
   
   p += 32;
@@ -604,13 +604,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
 
   if(newpwd->smb_nt_passwd != NULL) {
     for( i = 0; i < 16; i++) {
-      sprintf((char *)&p[i*2], "%02X", newpwd->smb_nt_passwd[i]);
+      slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
     }
   } else {
     if(newpwd->acct_ctrl & ACB_PWNOTREQ)
-      sprintf((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+      safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
     else
-      sprintf((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+      safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
   }
 
   p += 32;
@@ -618,7 +618,8 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
   *p++ = ':';
 
   /* Add the account encoding and the last change time. */
-  sprintf((char *)p, "%s:LCT-%08X:\n", encode_acct_ctrl(newpwd->acct_ctrl),
+  slprintf((char *)p, new_entry_length - 1 - (p - new_entry),  "%s:LCT-%08X:\n",
+                                  encode_acct_ctrl(newpwd->acct_ctrl),
                      (uint32)time(NULL));
 
 #ifdef DEBUG_PASSWORD
@@ -945,13 +946,13 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
   /* Create the 32 byte representation of the new p16 */
   if(pwd->smb_passwd != NULL) {
     for (i = 0; i < 16; i++) {
-      sprintf(&ascii_p16[i*2], "%02X", (uchar) pwd->smb_passwd[i]);
+      slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
     }
   } else {
     if(pwd->acct_ctrl & ACB_PWNOTREQ)
-      sprintf(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+      fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
     else
-      sprintf(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+      fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
   }
 
   /* Add on the NT md4 hash */
@@ -959,13 +960,13 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
   wr_len = 65;
   if (pwd->smb_nt_passwd != NULL) {
     for (i = 0; i < 16; i++) {
-      sprintf(&ascii_p16[(i*2)+33], "%02X", (uchar) pwd->smb_nt_passwd[i]);
+      slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
     }
   } else {
     if(pwd->acct_ctrl & ACB_PWNOTREQ)
-      sprintf(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+      fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
     else
-      sprintf(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+      fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
   }
 
   /* Add on the account info bits and the time of last
@@ -1024,10 +1025,10 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil
     return;
   }
 
-  strcat(mac_file, domain);
-  strcat(mac_file, ".");
-  strcat(mac_file, name);
-  strcat(mac_file, ".mac");
+  pstrcat(mac_file, domain);
+  pstrcat(mac_file, ".");
+  pstrcat(mac_file, name);
+  pstrcat(mac_file, ".mac");
 }
  
 /************************************************************************
@@ -1191,9 +1192,9 @@ BOOL set_trust_account_password( unsigned char *md4_new_pwd)
   } 
 
   for (i = 0; i < 16; i++)
-    sprintf(&linebuf[(i*2)], "%02X", md4_new_pwd[i]);
+    slprintf(&linebuf[(i*2)], sizeof(linebuf) -  (i*2) - 1, "%02X", md4_new_pwd[i]);
 
-  sprintf(&linebuf[32], ":TLC-%08X\n", (unsigned)time(NULL));
+  slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL));
 
   if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
     DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \

diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
index 0b3ad2b13627e11aaf01610ce4a2efe1f77ec8d8..f26f81207d22f4befad43ce1ef5afea8d1748fd3 100644 (file)
--- a/source3/printing/pcap.c
+++ b/source3/printing/pcap.c
@@ -123,7 +123,7 @@ static void ScanQconfig_fn(char *psz,void (*fn)())
                                p = strtok(line,":");
                                if (strcmp(p,"bsh")!=0)
                                  {
-                                   strcpy(name,p);
+                                   pstrcpy(name,p);
                                    iEtat = 1;
                                    continue;
                                  }
@@ -182,7 +182,7 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername)
              free(pName);
              return(False);
        }
-       sprintf(pName,"%s:",pszPrintername);
+       slprintf(pName, iLg + 9, "%s:",pszPrintername);
        iLg = strlen(pName);
        /*DEBUG(3,( " Looking for entry %s\n",pName));*/
        iEtat = 0;
@@ -295,7 +295,7 @@ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname)
          if (strequal(p,pszPrintername))
            {
              /* normalise the case */
-             strcpy(pszPrintername,p);
+             pstrcpy(pszPrintername,p);
              free(line);
              fclose(pfile);
              return(True);           

diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 278c54933d3781b75daaa43246e176a0b3afbb62..1ffe9d00a97a0969e94ef42d957ea23e12bc3a2b 100644 (file)
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -81,8 +81,8 @@ static char *build_print_command(int cnum, char *command, char *syscmd, char *fi
     if (iOffset==0 || syscmd[iOffset-1] != '/') {
       StrnCpy(filename,Connections[cnum].connectpath,sizeof(filename)-1);
       trim_string(filename,"","/");
-      strcat(filename,"/");
-      strcat(filename,filename1);
+      pstrcat(filename,"/");
+      pstrcat(filename,filename1);
     }
     else
       pstrcpy(filename,filename1);
@@ -146,7 +146,7 @@ static char *Months[13] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
 /*******************************************************************
 process time fields
 ********************************************************************/
-static time_t EntryTime(string tok[], int ptr, int count, int minimum)
+static time_t EntryTime(fstring tok[], int ptr, int count, int minimum)
 {
   time_t jobtime,jobtime1;
 
@@ -223,7 +223,7 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
 #define        NTOK    5
 #endif /* OSF1 */
 
-  string tok[NTOK];
+  fstring tok[NTOK];
   int count=0;
 
 #ifdef OSF1
@@ -249,15 +249,15 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
 
   /* if the fname contains a space then use STDIN */
   if (strchr(tok[FILETOK],' '))
-    strcpy(tok[FILETOK],"STDIN");
+    fstrcpy(tok[FILETOK],"STDIN");
 
   /* only take the last part of the filename */
   {
-    string tmp;
+    fstring tmp;
     char *p = strrchr(tok[FILETOK],'/');
     if (p)
       {
-       strcpy(tmp,p+1);
+       fstrcpy(tmp,p+1);
        fstrcpy(tok[FILETOK],tmp);
       }
   }
@@ -282,7 +282,7 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
 LPRng_time modifies the current date by inserting the hour and minute from
 the lpq output.  The lpq time looks like "23:15:07"
 */
-static time_t LPRng_time(string tok[],int pos)
+static time_t LPRng_time(fstring tok[],int pos)
 {
   time_t jobtime;
   struct tm *t;
@@ -381,7 +381,7 @@ LPRng source changes.  This is from version 2.3.0.  Magnus  */
 #define JOBSIZE_POS FILE_POS+FILE_W
 
   
-  string tok[LPRNG_NTOK];
+  fstring tok[LPRNG_NTOK];
   int count=0;
 
 #ifdef OLD_LPRNG
@@ -420,11 +420,11 @@ A long spool-path will just waste significant chars of the file name.
   /* if the fname contains a space then use STDIN */
   /* I do not understand how this would be possible. Magnus. */
   if (strchr(tok[LPRNG_FILETOK],' '))
-    strcpy(tok[LPRNG_FILETOK],"STDIN");
+    fstrcpy(tok[LPRNG_FILETOK],"STDIN");
 
   /* only take the last part of the filename */
   {
-    string tmp;
+    fstring tmp;
     char *p = strrchr(tok[LPRNG_FILETOK],'/');
     if (p)
       {
@@ -473,7 +473,7 @@ lazer   lazer RUNNING   537 6297doc.A          kvintus@IE    0 10  2445   1   1
 ********************************************************************/
 static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
 {
-  string tok[11];
+  fstring tok[11];
   int count=0;
 
   /* handle the case of "(standard input)" as a filename */
@@ -493,11 +493,11 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
           buf->size = atoi(tok[4]) * 1024;
           /* if the fname contains a space then use STDIN */
           if (strchr(tok[2],' '))
-            strcpy(tok[2],"STDIN");
+            fstrcpy(tok[2],"STDIN");
 
           /* only take the last part of the filename */
           {
-            string tmp;
+            fstring tmp;
             char *p = strrchr(tok[2],'/');
             if (p)
               {
@@ -527,11 +527,11 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
       buf->size = atoi(tok[8]) * 1024;
       /* if the fname contains a space then use STDIN */
       if (strchr(tok[4],' '))
-        strcpy(tok[4],"STDIN");
+        fstrcpy(tok[4],"STDIN");
 
       /* only take the last part of the filename */
       {
-        string tmp;
+        fstring tmp;
         char *p = strrchr(tok[4],'/');
         if (p)
           {
@@ -568,7 +568,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
 {
   /* must read two lines to process, therefore keep some values static */
   static BOOL header_line_ok=False, base_prio_reset=False;
-  static string jobuser;
+  static fstring jobuser;
   static int jobid;
   static int jobprio;
   static time_t jobtime;
@@ -579,7 +579,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
  
   int count;
   char TAB = '\011';  
-  string tok[12];
+  fstring tok[12];
 
   /* If a line begins with a horizontal TAB, it is a subline type */
   
@@ -604,7 +604,7 @@ static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
     
     /* if the fname contains a space then use STDIN */
     if (strchr(tok[0],' '))
-      strcpy(tok[0],"STDIN");
+      fstrcpy(tok[0],"STDIN");
     
     buf->size = atoi(tok[1]);
     StrnCpy(buf->file,tok[0],sizeof(buf->file)-1);
@@ -674,7 +674,7 @@ dcslw-897               tridge            4712   Dec 20 10:30:30 being held
 ****************************************************************************/
 static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
 {
-  string tok[9];
+  fstring tok[9];
   int count=0;
   char *p;
 
@@ -694,7 +694,7 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
   /* if the user contains a ! then trim the first part of it */  
   if ((p=strchr(tok[2],'!')))
     {
-      string tmp;
+      fstring tmp;
       fstrcpy(tmp,p+1);
       fstrcpy(tok[2],tmp);
     }
@@ -727,7 +727,7 @@ Printer: txt        (ready)
 ****************************************************************************/
 static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
 {
-  string tok[7];
+  fstring tok[7];
   int count=0;
 
   DEBUG(0,("antes [%s]\n", line));
@@ -756,7 +756,7 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
 
   /* only take the last part of the filename */
   {
-    string tmp;
+    fstring tmp;
     char *p = strrchr(tok[6],'/');
     if (p)
       {
@@ -792,7 +792,7 @@ Local  Printer 'lp2' (fjall):
 ****************************************************************************/
 static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
 {
-  string tok[11];
+  fstring tok[11];
   int count=0;
 
   /* handle the case of "(standard input)" as a filename */
@@ -816,11 +816,11 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
 
   /* if the fname contains a space then use STDIN */
   if (strchr(tok[6],' '))
-    strcpy(tok[6],"STDIN");
+    fstrcpy(tok[6],"STDIN");
 
   /* only take the last part of the filename */
   {
-    string tmp;
+    fstring tmp;
     char *p = strrchr(tok[6],'/');
     if (p)
       {
@@ -862,7 +862,7 @@ Total:      21268 bytes in queue
 ****************************************************************************/
 static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first)
 {
-  string tok[10];
+  fstring tok[10];
   int count=0;
 
   /* mung all the ":"s to spaces*/
@@ -1081,7 +1081,7 @@ int get_printqueue(int snum,int cnum,print_queue_struct **queue,
   }
 
   if (status) {
-    strcpy(status->message,"");
+    fstrcpy(status->message,"");
     status->status = LPSTAT_OK;
   }
       
@@ -1142,7 +1142,7 @@ void del_printqueue(int cnum,int snum,int jobid)
       return;
     }
     
-  sprintf(jobstr,"%d",jobid);
+  slprintf(jobstr,sizeof(jobstr)-1,"%d",jobid);
 
   pstrcpy(syscmd,lprm_command);
   string_sub(syscmd,"%p",printername);
@@ -1180,7 +1180,7 @@ void status_printjob(int cnum,int snum,int jobid,int status)
       return;
     }
     
-  sprintf(jobstr,"%d",jobid);
+  slprintf(jobstr,sizeof(jobstr)-1,"%d",jobid);
 
   pstrcpy(syscmd,lpstatus_command);
   string_sub(syscmd,"%p",printername);

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index c458aa102a450a21002ad4b9151920aaaf80be6f..899c0437e6e80aa3854e5f8043296534e382d544 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -675,13 +675,16 @@ Error was %s\n", pipe_name, cli->desthost, cli_errstr(cli)));
    * Setup the remote server name prefixed by \ and the machine account name.
    */
 
-  sprintf(cli->srv_name_slash, "\\\\%s", cli->desthost);
+  fstrcpy(cli->srv_name_slash, "\\\\");
+  fstrcat(cli->srv_name_slash, cli->desthost);
   strupper(cli->srv_name_slash);
 
-  sprintf(cli->clnt_name_slash, "\\\\%s", global_myname);
+  fstrcpy(cli->clnt_name_slash, "\\\\");
+  fstrcat(cli->clnt_name_slash, global_myname);
   strupper(cli->clnt_name_slash);
 
-  sprintf(cli->mach_acct, "%s$", global_myname);
+  fstrcpy(cli->mach_acct, global_myname);
+  fstrcat(cli->mach_acct, "$");
   strupper(cli->mach_acct);
 
   return True;

diff --git a/source3/rpc_client/ntclienttrust.c b/source3/rpc_client/ntclienttrust.c
index 38cbedae7883bf4b822f411db145f280e8132fec..0486017181747b0c46f0fcc04c89cf59af43036b 100644 (file)
--- a/source3/rpc_client/ntclienttrust.c
+++ b/source3/rpc_client/ntclienttrust.c
@@ -56,7 +56,7 @@ BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
        fstrcpy(mach_pwd, myhostname);
        strlower(mach_pwd);
 
-       sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
+       slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
                                mach_acct, mach_pwd);
 
        start_mach_pwd = (char*)getpass(tmp);
@@ -66,7 +66,7 @@ BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
                fstrcpy(mach_pwd, start_mach_pwd);
        }
 
-       sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
+       slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
                                mach_acct);
 
        change_mach_pwd = (char*)getpass(tmp);

diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 0a49fb7b4da88f621b71a026b667853a409209b5..202c3b6da397e72b2122e38c527d8d87c23a1ca0 100644 (file)
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -416,14 +416,14 @@ void lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, prs_struct *ps, int depth)
        for (i = 0; i < sen->num_entries; i++)
        {       
                fstring temp;
-               sprintf(temp, "ptr_sid[%d]", i);
+               slprintf(temp, sizeof(temp) - 1, "ptr_sid[%d]", i);
                prs_uint32(temp, ps, depth, &(sen->ptr_sid[i])); /* domain SID pointers to be looked up. */
        }
 
        for (i = 0; i < sen->num_entries; i++)
        {
                fstring temp;
-               sprintf(temp, "sid[%d]", i);
+               slprintf(temp, sizeof(temp) - 1, "sid[%d]", i);
                smb_io_dom_sid2(temp, &(sen->sid[i]), ps, depth); /* domain SIDs to be looked up. */
        }
 }
@@ -470,7 +470,7 @@ void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, in
        for (i = 0; i < trn->num_entries; i++)
        {       
                fstring temp;
-               sprintf(temp, "ptr_name[%d] ", i);
+               slprintf(temp, sizeof(temp) - 1, "ptr_name[%d] ", i);
                prs_uint32(temp, ps, depth, &(trn->ptr_name[i])); /* pointer to translated name */
        }
 
@@ -479,7 +479,7 @@ void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, in
                if (trn->ptr_name[i] != 0)
                {
                        fstring temp;
-                       sprintf(temp, "name[%d] ", i);
+                       slprintf(temp, sizeof(temp) - 1, "name[%d] ", i);
                        lsa_io_trans_name(temp, &(trn->name[i2]), ps, depth); /* translated name */
                        i2++;
                }

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 0343dea484a4a446dd0524bad576966c17c56f41..b46bcd9f896beb93b2c1f67b658a238bdffb5d0c 100644 (file)
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -190,7 +190,7 @@ void smb_io_dom_sid(char *desc,  DOM_SID *sid, prs_struct *ps, int depth)
        for (i = 0; i < 6; i++)
        {
                fstring tmp;
-               sprintf(tmp, "id_auth[%d] ", i);
+               slprintf(tmp, sizeof(tmp) - 1, "id_auth[%d] ", i);
                prs_uint8 (tmp, ps, depth, &(sid->id_auth[i]));
        }
 

diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index a72769d9c028488b26f80f0c98cf4cde89c72029..b0138ac97d9532e2737f81f7d41943053bbfcf70 100644 (file)
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -1492,7 +1492,7 @@ void samr_io_q_lookup_ids(char *desc,  SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i
 
        for (i = 0; i < q_u->num_sids2; i++)
        {
-               sprintf(tmp, "ptr[%02d]", i);
+               slprintf(tmp, sizeof(tmp) - 1, "ptr[%02d]", i);
                prs_uint32(tmp, ps, depth, &(q_u->ptr_sid[i]));
        }
 
@@ -1500,7 +1500,7 @@ void samr_io_q_lookup_ids(char *desc,  SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i
        {
                if (q_u->ptr_sid[i] != 0)
                {
-                       sprintf(tmp, "sid[%02d]", i);
+                       slprintf(tmp, sizeof(tmp)-1, "sid[%02d]", i);
                        smb_io_dom_sid2(tmp, &(q_u->sid[i]), ps, depth); 
                }
        }
@@ -1564,7 +1564,7 @@ void samr_io_r_lookup_ids(char *desc,  SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, i
 
                for (i = 0; i < r_u->num_entries2; i++)
                {
-                       sprintf(tmp, "rid[%02d]", i);
+                       slprintf(tmp, sizeof(tmp)-1, "rid[%02d]", i);
                        prs_uint32(tmp, ps, depth, &(r_u->rid[i]));
                }
        }
@@ -1723,7 +1723,7 @@ void samr_io_q_unknown_12(char *desc,  SAMR_Q_UNKNOWN_12 *q_u, prs_struct *ps, i
 
        for (i = 0; i < q_u->num_gids2; i++)
        {
-               sprintf(tmp, "gid[%02d]  ", i);
+               slprintf(tmp, sizeof(tmp) - 1, "gid[%02d]  ", i);
                prs_uint32(tmp, ps, depth, &(q_u->gid[i]));
        }
 
@@ -1797,12 +1797,12 @@ void samr_io_r_unknown_12(char *desc,  SAMR_R_UNKNOWN_12 *r_u, prs_struct *ps, i
        {
                for (i = 0; i < r_u->num_aliases2; i++)
                {
-                       sprintf(tmp, "als_hdr[%02d]  ", i);
+                       slprintf(tmp, sizeof(tmp) - 1, "als_hdr[%02d]  ", i);
                        smb_io_unihdr ("", &(r_u->hdr_als_name[i]), ps, depth); 
                }
                for (i = 0; i < r_u->num_aliases2; i++)
                {
-                       sprintf(tmp, "als_str[%02d]  ", i);
+                       slprintf(tmp, sizeof(tmp) - 1, "als_str[%02d]  ", i);
                        smb_io_unistr2("", &(r_u->uni_als_name[i]), r_u->hdr_als_name[i].buffer, ps, depth); 
                }
        }
@@ -1817,7 +1817,7 @@ void samr_io_r_unknown_12(char *desc,  SAMR_R_UNKNOWN_12 *r_u, prs_struct *ps, i
        {
                for (i = 0; i < r_u->num_als_usrs2; i++)
                {
-                       sprintf(tmp, "als_usrs[%02d]  ", i);
+                       slprintf(tmp, sizeof(tmp) - 1, "als_usrs[%02d]  ", i);
                        prs_uint32(tmp, ps, depth, &(r_u->num_als_usrs[i]));
                }
        }

diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 28c44a57b7e27cd2b74130b1e7debb64dfad8cf7..958f0bf14dfd24fe713a9477111ac0a3cd7289d9 100644 (file)
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -279,7 +279,7 @@ static void api_net_req_chal( int uid,
        fstrcpy(mach_name, mach_acct);
        strlower(mach_name);
 
-       strcat(mach_acct, "$");
+       fstrcat(mach_acct, "$");
 
        if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct))
        {

diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 20cdc30babe365c11a43e42a94ab405874c882eb..6f834e454a24b8ec5b27de57ca54cce111eb0e0d 100644 (file)
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -231,9 +231,9 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
 
        if (status == 0x0)
        {
-               strcpy(user_sid, lp_domain_sid());
-               sprintf(user_rid, "-%x", rid);
-               strcat(user_sid, user_rid);
+               fstrcpy(user_sid, lp_domain_sid());
+               slprintf(user_rid, sizeof(user_rid) - 1, "-%x", rid);
+               fstrcat(user_sid, user_rid);
 
                /* maybe need another 1 or 2 (S-1-5-20-0x220 and S-1-5-20-0x224) */
                /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 210a3f55e22ff60b08c3080562329f66ad7d86d5..e842e3b9f958d3e0ff0e6e9a0b67f731b56eb8e0 100644 (file)
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -297,22 +297,22 @@ void get_domain_user_groups(char *domain_groups, char *user)
        /* can only be a user or a guest.  cannot be guest _and_ admin */
        if (user_in_list(user, lp_domain_guest_users()))
        {
-               sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-               strcat(domain_groups, tmp);
+               slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
+               pstrcat(domain_groups, tmp);
 
                DEBUG(3,("domain guest access %s granted\n", tmp));
        }
        else
        {
-               sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-               strcat(domain_groups, tmp);
+               slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
+               pstrcat(domain_groups, tmp);
 
                DEBUG(3,("domain user access %s granted\n", tmp));
 
                if (user_in_list(user, lp_domain_admin_users()))
                {
-                       sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-                       strcat(domain_groups, tmp);
+                       slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
+                       pstrcat(domain_groups, tmp);
 
                        DEBUG(3,("domain admin access %s granted\n", tmp));
                }

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index e466455aeb8e0c45cc99de73822d03df90cea925..d900b54c1fe08a23d1a1e57fbb9e17710a9ccded 100644 (file)
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -62,7 +62,7 @@ static int findpty(char **slave)
 #if defined(SVR4) || defined(SUNOS5)
   extern char *ptsname();
 #else /* defined(SVR4) || defined(SUNOS5) */
-  static char line[12];
+  static fstring line;
   void *dirp;
   char *dpname;
 #endif /* defined(SVR4) || defined(SUNOS5) */
@@ -75,7 +75,7 @@ static int findpty(char **slave)
     return (master);
   }
 #else /* defined(SVR4) || defined(SUNOS5) */
-  strcpy( line, "/dev/ptyXX" );
+  fstrcpy( line, "/dev/ptyXX" );
 
   dirp = OpenDir(-1, "/dev", True);
   if (!dirp) return(-1);

diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 5cf8b800f2c6ee02c9b1330b4ac8f8d7726a4384..64b3f153cffe81ab11333947f82deb38345b629c 100644 (file)
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -48,9 +48,9 @@ BOOL yield_connection(int cnum,char *name,int max_connections)
        pstrcpy(fname,lp_lockdir());
        trim_string(fname,"","/");
 
-       strcat(fname,"/");
-       strcat(fname,name);
-       strcat(fname,".LCK");
+       pstrcat(fname,"/");
+       pstrcat(fname,name);
+       pstrcat(fname,".LCK");
 
        fd = open(fname,O_RDWR);
        if (fd == -1) {
@@ -133,9 +133,9 @@ BOOL claim_connection(int cnum,char *name,int max_connections,BOOL Clear)
        if (!directory_exist(fname,NULL))
                mkdir(fname,0755);
        
-       strcat(fname,"/");
-       strcat(fname,name);
-       strcat(fname,".LCK");
+       pstrcat(fname,"/");
+       pstrcat(fname,name);
+       pstrcat(fname,".LCK");
        
        if (!file_exist(fname,NULL)) {
                fd = open(fname,O_RDWR|O_CREAT|O_EXCL, 0644);

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index a34406cc65af5705a8faba46a70a43e34f6c3ca5..37fcd057430ea31a1b4cb8341a285f0eb15f4155 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -469,10 +469,10 @@ BOOL get_dir_entry(int cnum,char *mask,int dirtype,char *fname,int *size,int *mo
          *path = 0;
          pstrcpy(path,Connections[cnum].dirpath);
           if(needslash)
-           strcat(path,"/");
+           pstrcat(path,"/");
          pstrcpy(pathreal,path);
-         strcat(path,fname);
-         strcat(pathreal,dname);
+         pstrcat(path,fname);
+         pstrcat(pathreal,dname);
          if (sys_stat(pathreal,&sbuf) != 0) 
            {
              DEBUG(5,("Couldn't stat 1 [%s]\n",path));
@@ -552,7 +552,7 @@ void *OpenDir(int cnum, char *name, BOOL use_veto)
       dirp->mallocsize = s;
       dirp->current = dirp->data;
     }
-    strcpy(dirp->data+used,n);
+    pstrcpy(dirp->data+used,n);
     used += l;
     dirp->numentries++;
   }
@@ -671,9 +671,9 @@ void DirCacheAdd( char *path, char *name, char *dname, int snum )
     return;             /* so just return as if nothing happened. */
 
   /* Set pointers correctly and load values. */
-  entry->path  = strcpy( (char *)&entry[1],       path);
-  entry->name  = strcpy( &(entry->path[pathlen]), name);
-  entry->dname = strcpy( &(entry->name[namelen]), dname);
+  entry->path  = pstrcpy( (char *)&entry[1],       path);
+  entry->name  = pstrcpy( &(entry->path[pathlen]), name);
+  entry->dname = pstrcpy( &(entry->name[namelen]), dname);
   entry->snum  = snum;
 
   /* Add the new entry to the linked list. */

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 8be9c10a13f20263d632268b6d40b279e6d7874a..7b82894c7f5cb52929c0bf193b153764ef28eb1b 100644 (file)
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -491,7 +491,7 @@ static void PackDriverData(struct pack_desc* desc)
   SIVAL(drivdata,0,sizeof drivdata); /* cb */
   SIVAL(drivdata,4,1000);      /* lVersion */
   memset(drivdata+8,0,32);     /* szDeviceName */
-  strcpy(drivdata+8,"NULL");
+  pstrcpy(drivdata+8,"NULL");
   PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */
 }
 
@@ -650,7 +650,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel,
     FILE *f;
     pstring fname;
 
-    strcpy(fname,lp_driverfile());
+    pstrcpy(fname,lp_driverfile());
     f=fopen(fname,"r");
     if (!f) {
       DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno)));
@@ -748,7 +748,7 @@ int get_printerdrivernumber(int snum)
   FILE *f;
   pstring fname;
 
-  strcpy(fname,lp_driverfile());
+  pstrcpy(fname,lp_driverfile());
 
   DEBUG(4,("In get_printerdrivernumber: %s\n",fname));
   f=fopen(fname,"r");
@@ -993,8 +993,8 @@ static int get_server_info(uint32 servertype,
 
   pstrcpy(fname,lp_lockdir());
   trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,SERVER_LIST);
+  pstrcat(fname,"/");
+  pstrcat(fname,SERVER_LIST);
 
   f = fopen(fname,"r");
 
@@ -1036,7 +1036,7 @@ static int get_server_info(uint32 servertype,
     if (!next_token(&ptr,s->comment, NULL)) continue;
     if (!next_token(&ptr,s->domain , NULL)) {
       /* this allows us to cope with an old nmbd */
-      strcpy(s->domain,global_myworkgroup); 
+      pstrcpy(s->domain,global_myworkgroup); 
     }
     
     if (sscanf(stype,"%X",&s->type) != 1) { 
@@ -2115,18 +2115,18 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data,
 
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */
-  strcpy(p2,local_machine);
+  pstrcpy(p2,local_machine);
   strupper(p2);
   p2 = skip_string(p2,1);
   p += 4;
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,sesssetup_user);
+  pstrcpy(p2,sesssetup_user);
   p2 = skip_string(p2,1);
   p += 4;
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */
-  strcpy(p2,global_myworkgroup);
+  pstrcpy(p2,global_myworkgroup);
   strupper(p2);
   p2 = skip_string(p2,1);
   p += 4;
@@ -2136,12 +2136,12 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data,
   p += 2;
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,global_myworkgroup);       /* don't know.  login domain?? */
+  pstrcpy(p2,global_myworkgroup);      /* don't know.  login domain?? */
   p2 = skip_string(p2,1);
   p += 4;
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */
-  strcpy(p2,"");
+  pstrcpy(p2,"");
   p2 = skip_string(p2,1);
   p += 4;
 
@@ -2378,16 +2378,16 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
        if (uLevel >= 10)
        {
                SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */
-               strcpy(p2,"Comment");
+               pstrcpy(p2,"Comment");
                p2 = skip_string(p2,1);
 
                SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */
-               strcpy(p2,"UserComment");
+               pstrcpy(p2,"UserComment");
                p2 = skip_string(p2,1);
 
                /* EEK! the cifsrap.txt doesn't have this in!!!! */
                SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
-               strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName));
+               pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName));
                p2 = skip_string(p2,1);
        }
 
@@ -2397,22 +2397,22 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                SIVAL(p,usri11_auth_flags,AF_OP_PRINT);         /* auth flags */
                SIVALS(p,usri11_password_age,-1);               /* password age */
                SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
-               strcpy(p2, lp_logon_path());
+               pstrcpy(p2, lp_logon_path());
                p2 = skip_string(p2,1);
                SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */
-               strcpy(p2,"");
+               pstrcpy(p2,"");
                p2 = skip_string(p2,1);
                SIVAL(p,usri11_last_logon,0);           /* last logon */
                SIVAL(p,usri11_last_logoff,0);          /* last logoff */
                SSVALS(p,usri11_bad_pw_count,-1);       /* bad pw counts */
                SSVALS(p,usri11_num_logons,-1);         /* num logons */
                SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */
-               strcpy(p2,"\\\\*");
+               pstrcpy(p2,"\\\\*");
                p2 = skip_string(p2,1);
                SSVAL(p,usri11_country_code,0);         /* country code */
 
                SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */
-               strcpy(p2,"");
+               pstrcpy(p2,"");
                p2 = skip_string(p2,1);
 
                SIVALS(p,usri11_max_storage,-1);                /* max storage */
@@ -2433,7 +2433,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                SSVAL(p,42,
                Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
                SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
-               strcpy(p2,lp_logon_path());
+               pstrcpy(p2,lp_logon_path());
                p2 = skip_string(p2,1);
                SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */
                *p2++ = 0;
@@ -2443,11 +2443,11 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                {
                        SIVAL(p,60,0);          /* auth_flags */
                        SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
-                       strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName));
+                       pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName));
                        p2 = skip_string(p2,1);
                        SIVAL(p,68,0);          /* urs_comment */
                        SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */
-                       strcpy(p2,"");
+                       pstrcpy(p2,"");
                        p2 = skip_string(p2,1);
                        SIVAL(p,76,0);          /* workstations */
                        SIVAL(p,80,0);          /* last_logon */
@@ -2461,7 +2461,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                        SSVALS(p,102,-1);       /* bad_pw_count */
                        SSVALS(p,104,-1);       /* num_logons */
                        SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */
-                       strcpy(p2,"\\\\%L");
+                       pstrcpy(p2,"\\\\%L");
                        standard_sub_basic(p2);
                        p2 = skip_string(p2,1);
                        SSVAL(p,110,49);        /* country_code */
@@ -2512,10 +2512,10 @@ static BOOL api_NetUserGetGroups(int cnum,uint16 vuid, char *param,char *data,
   p = *rdata;
 
   /* XXXX we need a real SAM database some day */
-  strcpy(p,"Users"); p += 21; count++;
-  strcpy(p,"Domain Users"); p += 21; count++;
-  strcpy(p,"Guests"); p += 21; count++;
-  strcpy(p,"Domain Guests"); p += 21; count++;
+  pstrcpy(p,"Users"); p += 21; count++;
+  pstrcpy(p,"Domain Users"); p += 21; count++;
+  pstrcpy(p,"Guests"); p += 21; count++;
+  pstrcpy(p,"Domain Guests"); p += 21; count++;
 
   *rdata_len = PTR_DIFF(p,*rdata);
 
@@ -2574,8 +2574,8 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data,
     PACKI(&desc,"D",-1);               /* password must change */
     {
       fstring mypath;
-      strcpy(mypath,"\\\\");
-      strcat(mypath,local_machine);
+      fstrcpy(mypath,"\\\\");
+      fstrcat(mypath,local_machine);
       strupper(mypath);
       PACKS(&desc,"z",mypath); /* computer */
     }
@@ -3129,8 +3129,8 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
        }
 
        /* name has to be \PIPE\xxxxx */
-       strcpy(ack_pipe_name, "\\PIPE\\");
-       strcat(ack_pipe_name, p->pipe_srv_name);
+       fstrcpy(ack_pipe_name, "\\PIPE\\");
+       fstrcat(ack_pipe_name, p->pipe_srv_name);
 
        DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
 

diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c
index eb267faab3a3a0ee97449ec852dc8ebf2f75a103..e822894600fcbbafa1166b56bc93ad0f7e236fe9 100644 (file)
--- a/source3/smbd/mangle.c
+++ b/source3/smbd/mangle.c
@@ -648,9 +648,9 @@ BOOL check_mangled_cache( char *s )
 
   DEBUG( 3, ("Found %s on mangled stack ", s) );
 
-  (void)strcpy( s, found_name );
+  (void)pstrcpy( s, found_name );
   if( ext_start )
-    (void)strcat( s, ext_start );
+    (void)pstrcat( s, ext_start );
 
   DEBUG( 3, ("as %s\n", s) );
 
@@ -830,7 +830,7 @@ static void do_fwd_mangled_map(char *s, char *MangledMap)
  *
  * ************************************************************************** **
  */
-void mangle_name_83( char *s )
+void mangle_name_83( char *s, int s_len )
   {
   int csum = str_checksum(s);
   char *p;
@@ -863,7 +863,7 @@ void mangle_name_83( char *s )
   if( p )
     {
     if( p == s )
-      strcpy( extension, "___" );
+      safe_strcpy( extension, "___", 3 );
     else
       {
       *p++ = 0;
@@ -933,13 +933,13 @@ void mangle_name_83( char *s )
 
   csum = csum % (36*36);
 
-  (void)sprintf( s, "%s%c%c%c",
+  (void)slprintf( s, s_len - 1, "%s%c%c%c",
                  base, magic_char, base36( csum/36 ), base36( csum ) );
 
   if( *extension )
     {
-    (void)strcat( s, "." );
-    (void)strcat( s, extension );
+    (void)pstrcat( s, "." );
+    (void)pstrcat( s, extension );
     }
 
   DEBUG( 5, ( "%s\n", s ) );
@@ -996,7 +996,7 @@ BOOL name_map_mangle( char *OutName, BOOL need83, int snum )
 
     /* mangle it into 8.3 */
     tmp = strdup( OutName );
-    mangle_name_83( OutName );
+    mangle_name_83( OutName, strlen(tmp) );
     if( tmp )
       {
       cache_mangled_name( OutName, tmp );  

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 327bfba37142c4df1e9f05543346183b0c9c5550..3040775e03d24903e2ae2ddf341756bcb3936f6b 100644 (file)
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -349,8 +349,8 @@ void add_session_user(char *user)
        DEBUG(1,("Too many session users??\n"));
       else
        {
-         strcat(session_users," ");
-         strcat(session_users,suser);
+         pstrcat(session_users," ");
+         pstrcat(session_users,suser);
        }
     }
 }
@@ -364,7 +364,7 @@ static struct spwd *getspnam(char *username) /* fake shadow password routine */
 {
        FILE *f;
        char line[1024];
-       static char pw[20];
+       static fstring pw;
        static struct spwd static_spwd;
 
        static_spwd.sp_pwdp=0;
@@ -380,7 +380,7 @@ static struct spwd *getspnam(char *username) /* fake shadow password routine */
                                *q=0;
                                if (q-p+1>20)
                                        break;
-                               strcpy(pw, p);
+                               fstrcpy(pw, p);
                                static_spwd.sp_pwdp=pw;
                        }
                        break;
@@ -415,7 +415,7 @@ static char *osf1_bigcrypt(char *password,char *salt1)
   for (i=0; i<parts;i++)
     {
       p1 = crypt(p2,salt);
-      strcat(result,p1+2);
+      strncat(result,p1+2,AUTH_MAX_PASSWD_LENGTH-strlen(p1+2)-1);
       StrnCpy(salt,&result[2+i*AUTH_CIPHERTEXT_SEG_CHARS],2);
       p2 += AUTH_CLEARTEXT_SEG_CHARS;
     }
@@ -809,9 +809,9 @@ static BOOL krb4_auth(char *this_user,char *password)
   char tkfile[MAXPATHLEN];
   
   if (krb_get_lrealm(realm, 1) != KSUCCESS)
-    (void) strncpy(realm, KRB_REALM, sizeof (realm));
+    (void) safe_strcpy(realm, KRB_REALM, sizeof (realm) - 1);
   
-  (void) sprintf(tkfile, "/tmp/samba_tkt_%d", getpid());
+  (void) slprintf(tkfile, sizeof(tkfile) - 1, "/tmp/samba_tkt_%d", getpid());
   
   krb_set_tkt_string(tkfile);
   if (krb_verify_user(this_user, "", realm,
@@ -1217,8 +1217,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
     mypasswd = getprpwnam (user);
     if ( mypasswd )
       { 
-       strcpy(pass->pw_name,mypasswd->ufld.fd_name);
-       strcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt);
+       fstrcpy(pass->pw_name,mypasswd->ufld.fd_name);
+       fstrcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt);
       }
     else
       {
@@ -1233,20 +1233,20 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
     AUTHORIZATION *ap = getauthuid( pass->pw_uid );
     if (ap)
       {
-       strcpy( pass->pw_passwd, ap->a_password );
+       fstrcpy( pass->pw_passwd, ap->a_password );
        endauthent();
       }
   }
 #endif
 
   /* extract relevant info */
-  strcpy(this_user,pass->pw_name);  
-  strcpy(this_salt,pass->pw_passwd);
+  fstrcpy(this_user,pass->pw_name);  
+  fstrcpy(this_salt,pass->pw_passwd);
 #ifdef HPUX
   /* The crypt on HPUX won't work with more than 2 salt characters. */
   this_salt[2] = 0;
 #endif /* HPUX */
-  strcpy(this_crypted,pass->pw_passwd);
+  fstrcpy(this_crypted,pass->pw_passwd);
  
   if (!*this_crypted) {
     if (!lp_null_passwords()) {
@@ -1295,7 +1295,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
       update_protected_database(user,False);
 
       /* restore it */
-      strcpy(password,pass2);
+      fstrcpy(password,pass2);
 
       return(False);
     }
@@ -1314,7 +1314,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
   update_protected_database(user,False);
   
   /* restore it */
-  strcpy(password,pass2);
+  fstrcpy(password,pass2);
   
   return(False);
 }
@@ -1384,7 +1384,7 @@ static char *validate_group(char *group,char *password,int pwlen,int snum)
        while (member && *member)
          {
            static fstring name;
-           strcpy(name,*member);
+           fstrcpy(name,*member);
            if (user_ok(name,snum) &&
                password_ok(name,password,pwlen,NULL))
              return(&name[0]);
@@ -1400,7 +1400,7 @@ static char *validate_group(char *group,char *password,int pwlen,int snum)
            if (*(pwd->pw_passwd) && pwd->pw_gid == gptr->gr_gid) {
              /* This Entry have PASSWORD and same GID then check pwd */
              if (password_ok(NULL, password, pwlen, pwd)) {
-               strcpy(tm, pwd->pw_name);
+               fstrcpy(tm, pwd->pw_name);
                endpwent ();
                return tm;
              }
@@ -1460,7 +1460,7 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
       if (!ok && (vuser != 0) && vuser->guest) {         
        if (user_ok(vuser->name,snum) &&
            password_ok(vuser->name, password, pwlen, NULL)) {
-         strcpy(user, vuser->name);
+         fstrcpy(user, vuser->name);
          vuser->guest = False;
          DEBUG(3,("ACCEPTED: given password with registered user %s\n", user));
          ok = True;
@@ -1480,12 +1480,12 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
               auser = strtok(NULL,LIST_SEP))
            {
              fstring user2;
-             strcpy(user2,auser);
+             fstrcpy(user2,auser);
              if (!user_ok(user2,snum)) continue;
                  
              if (password_ok(user2,password, pwlen, NULL)) {
                ok = True;
-               strcpy(user,user2);
+               fstrcpy(user,user2);
                DEBUG(3,("ACCEPTED: session list username and given password ok\n"));
              }
            }
@@ -1496,7 +1496,7 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
       if (!ok && !lp_revalidate(snum) &&
          (vuser != 0) && !vuser->guest &&
          user_ok(vuser->name,snum)) {
-       strcpy(user,vuser->name);
+       fstrcpy(user,vuser->name);
        *guest = False;
        DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n"));
        ok = True;
@@ -1526,19 +1526,19 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
                if (auser)
                  {
                    ok = True;
-                   strcpy(user,auser);
+                   fstrcpy(user,auser);
                    DEBUG(3,("ACCEPTED: group username and given password ok\n"));
                  }
              }
            else
              {
                fstring user2;
-               strcpy(user2,auser);
+               fstrcpy(user2,auser);
                if (user_ok(user2,snum) && 
                    password_ok(user2,password,pwlen,NULL))
                  {
                    ok = True;
-                   strcpy(user,user2);
+                   fstrcpy(user,user2);
                    DEBUG(3,("ACCEPTED: user list username and given password ok\n"));
                  }
              }
@@ -1553,7 +1553,7 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
       StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
       if (Get_Pwnam(guestname,True))
        {
-         strcpy(user,guestname);
+         fstrcpy(user,guestname);
          ok = True;
          DEBUG(3,("ACCEPTED: guest account and guest ok\n"));
        }

diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index df85f79b9b0eae2e217c9009b42f7133b56a11e2..ee08e48e653b3a4974d5d03ee874e643e8eb10dd 100644 (file)
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -138,7 +138,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
   struct stat sbuf;
   dev_t devno ;
   static dev_t devno_cached = 0 ;
-  static char name[MNTMAXSTR] ;
+  static pstring name;
   struct q_request request ;
   struct qf_header header ;
   static int quota_default = 0 ;
@@ -172,7 +172,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
       
     }
     
-    strcpy(name,mnt->mnt_dir) ;
+    pstrcpy(name,mnt->mnt_dir) ;
     endmntent(fd) ;
     
     if ( ! found )
@@ -249,10 +249,10 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
   struct quotctl command;
   int file;
   struct mnttab mnt;
-  static char name[MNT_LINE_MAX] ;
+  static pstring name;
 #else
   struct mntent *mnt;
-  static char name[MNTMAXSTR] ;
+  static pstring name;
 #endif
   FILE *fd;
   struct stat sbuf;
@@ -283,8 +283,8 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
       }
     }
     
-    strcpy(name,mnt.mnt_mountp) ;
-    strcat(name,"/quotas") ;
+    pstrcpy(name,mnt.mnt_mountp) ;
+    pstrcat(name,"/quotas") ;
     fclose(fd) ;
 #else
     if ((fd = setmntent(MOUNTED, "r")) == NULL)
@@ -302,7 +302,7 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
       }
     }
     
-    strcpy(name,mnt->mnt_fsname) ;
+    pstrcpy(name,mnt->mnt_fsname) ;
     endmntent(fd) ;
 #endif
     

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index c927e09425f53f1d44dc8dac78fbd2adca769c70..21a20b0712c1eee5de9bab7a940e92af3f1c97ca 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -308,7 +308,7 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   if (Protocol < PROTOCOL_NT1)
   {
     set_message(outbuf,2,strlen(devicename)+1,True);
-    strcpy(smb_buf(outbuf),devicename);
+    pstrcpy(smb_buf(outbuf),devicename);
   }
   else
   {
@@ -318,8 +318,8 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     set_message(outbuf,3,3,True);
 
     p = smb_buf(outbuf);
-    strcpy(p,devicename); p = skip_string(p,1); /* device name */
-    strcpy(p,fsname); p = skip_string(p,1); /* filesystem type e.g NTFS */
+    pstrcpy(p,devicename); p = skip_string(p,1); /* device name */
+    pstrcpy(p,fsname); p = skip_string(p,1); /* filesystem type e.g NTFS */
 
     set_message(outbuf,3,PTR_DIFF(p,smb_buf(outbuf)),False);
 
@@ -578,7 +578,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   /* If no username is sent use the guest account */
   if (!*user)
     {
-      strcpy(user,lp_guestaccount(-1));
+      pstrcpy(user,lp_guestaccount(-1));
       /* If no user and no password then set guest flag. */
       if( *smb_apasswd == 0)
         guest = True;
@@ -593,7 +593,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
    */
 
   if((lp_security() != SEC_SHARE) || *user)
-    strcpy(sesssetup_user,user);
+    pstrcpy(sesssetup_user,user);
 
   reload_services(True);
 
@@ -641,7 +641,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 #endif
          }
          if (*smb_apasswd || !Get_Pwnam(user,True))
-           strcpy(user,lp_guestaccount(-1));
+           pstrcpy(user,lp_guestaccount(-1));
          DEBUG(3,("Registered username %s for guest access\n",user));
          guest = True;
        }
@@ -649,7 +649,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 
   if (!Get_Pwnam(user,True)) {
     DEBUG(3,("No such user %s - using guest account\n",user));
-    strcpy(user,lp_guestaccount(-1));
+    pstrcpy(user,lp_guestaccount(-1));
     guest = True;
   }
 
@@ -670,9 +670,9 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     char *p;
     set_message(outbuf,3,3,True);
     p = smb_buf(outbuf);
-    strcpy(p,"Unix"); p = skip_string(p,1);
-    strcpy(p,"Samba "); strcat(p,VERSION); p = skip_string(p,1);
-    strcpy(p,global_myworkgroup); p = skip_string(p,1);
+    pstrcpy(p,"Unix"); p = skip_string(p,1);
+    pstrcpy(p,"Samba "); pstrcat(p,VERSION); p = skip_string(p,1);
+    pstrcpy(p,global_myworkgroup); p = skip_string(p,1);
     set_message(outbuf,3,PTR_DIFF(p,smb_buf(outbuf)),False);
     /* perhaps grab OS version here?? */
   }
@@ -984,7 +984,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
       p = strrchr(dir2,'/');
       if (p == NULL) 
       {
-        strcpy(mask,dir2);
+        pstrcpy(mask,dir2);
         *dir2 = 0;
       }
       else
@@ -1000,7 +1000,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
         *p = 0;
 
       if (strlen(directory) == 0)
-        strcpy(directory,"./");
+        pstrcpy(directory,"./");
       bzero(status,21);
       CVAL(status,0) = dirtype;
     }
@@ -1027,8 +1027,8 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
        fstrcpy(ext,p+1);
        *p = 0;
        trim_string(mask,NULL," ");
-       strcat(mask,".");
-       strcat(mask,ext);
+       pstrcat(mask,".");
+       pstrcat(mask,ext);
       }
   }
 
@@ -1049,7 +1049,7 @@ int reply_search(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
       fstrcpy(tmp,&mask[8]);
       mask[8] = '.';
       mask[9] = 0;
-      strcat(mask,tmp);
+      pstrcat(mask,tmp);
     }
 
   DEBUG(5,("mask=%s directory=%s\n",mask,directory));
@@ -1566,7 +1566,7 @@ int reply_ctemp(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
   cnum = SVAL(inbuf,smb_tid);
   createmode = SVAL(inbuf,smb_vwv0);
   pstrcpy(fname,smb_buf(inbuf)+1);
-  strcat(fname,"/TMXXXXXX");
+  pstrcat(fname,"/TMXXXXXX");
   unix_convert(fname,cnum,0,&bad_path);
   
   unixmode = unix_mode(cnum,createmode);
@@ -1586,7 +1586,7 @@ int reply_ctemp(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
     return(UNIXERROR(ERRDOS,ERRnoaccess));
   }
 
-  strcpy(fname2,(char *)mktemp(fname));
+  pstrcpy(fname2,(char *)mktemp(fname));
 
   /* Open file in dos compatibility share mode. */
   /* We should fail if file exists. */
@@ -1609,7 +1609,7 @@ int reply_ctemp(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
   outsize = set_message(outbuf,1,2 + strlen(fname2),True);
   SSVAL(outbuf,smb_vwv0,fnum);
   CVAL(smb_buf(outbuf),0) = 4;
-  strcpy(smb_buf(outbuf) + 1,fname2);
+  pstrcpy(smb_buf(outbuf) + 1,fname2);
 
   if (oplock_request && lp_fake_oplocks(SNUM(cnum))) {
     CVAL(outbuf,smb_flg) |= CORE_OPLOCK_GRANTED;
@@ -1678,12 +1678,12 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 
   p = strrchr(name,'/');
   if (!p) {
-    strcpy(directory,"./");
-    strcpy(mask,name);
+    pstrcpy(directory,"./");
+    pstrcpy(mask,name);
   } else {
     *p = 0;
-    strcpy(directory,name);
-    strcpy(mask,p+1);
+    pstrcpy(directory,name);
+    pstrcpy(mask,p+1);
   }
 
   if (is_mangled(mask))
@@ -1692,8 +1692,8 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
   has_wild = strchr(mask,'*') || strchr(mask,'?');
 
   if (!has_wild) {
-    strcat(directory,"/");
-    strcat(directory,mask);
+    pstrcat(directory,"/");
+    pstrcat(directory,mask);
     if (can_delete(directory,cnum,dirtype) && !sys_unlink(directory)) count++;
     if (!count) exists = file_exist(directory,NULL);    
   } else {
@@ -1713,7 +1713,7 @@ int reply_unlink(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
        error = ERRbadfile;
 
        if (strequal(mask,"????????.???"))
-         strcpy(mask,"*");
+         pstrcpy(mask,"*");
 
        while ((dname = ReadDirName(dirptr)))
          {
@@ -2636,7 +2636,7 @@ int reply_printopen(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
   if (fnum < 0)
     return(ERROR(ERRSRV,ERRnofids));
 
-  strcpy(fname2,(char *)mktemp(fname));
+  pstrcpy(fname2,(char *)mktemp(fname));
 
   if (!check_name(fname2,cnum)) {
          Files[fnum].reserved = False;
@@ -2877,9 +2877,9 @@ static BOOL recursive_rmdir(char *directory)
       ret = True;
       break;
     }
-    strcpy(fullname, directory);
-    strcat(fullname, "/");
-    strcat(fullname, dname);
+    pstrcpy(fullname, directory);
+    pstrcat(fullname, "/");
+    pstrcat(fullname, dname);
 
     if(sys_lstat(fullname, &st) != 0)
     {
@@ -2971,8 +2971,8 @@ int reply_rmdir(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
                           break;
                         }
                       pstrcpy(fullname, directory);
-                      strcat(fullname, "/");
-                      strcat(fullname, dname);
+                      pstrcat(fullname, "/");
+                      pstrcat(fullname, dname);
                       
                       if(sys_lstat(fullname, &st) != 0)
                         break;
@@ -3078,10 +3078,10 @@ static BOOL resolve_wildcards(char *name1,char *name2)
     if (*p) p++;
   }
 
-  strcpy(name2,root2);
+  pstrcpy(name2,root2);
   if (ext2[0]) {
-    strcat(name2,".");
-    strcat(name2,ext2);
+    pstrcat(name2,".");
+    pstrcat(name2,ext2);
   }
 
   return(True);
@@ -3144,12 +3144,12 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 
   p = strrchr(name,'/');
   if (!p) {
-    strcpy(directory,".");
-    strcpy(mask,name);
+    pstrcpy(directory,".");
+    pstrcpy(mask,name);
   } else {
     *p = 0;
-    strcpy(directory,name);
-    strcpy(mask,p+1);
+    pstrcpy(directory,name);
+    pstrcpy(mask,p+1);
     *p = '/'; /* Replace needed for exceptional test below. */
   }
 
@@ -3162,16 +3162,16 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
     BOOL is_short_name = is_8_3(name, True);
 
     /* Add a terminating '/' to the directory name. */
-    strcat(directory,"/");
-    strcat(directory,mask);
+    pstrcat(directory,"/");
+    pstrcat(directory,mask);
 
     /* Ensure newname contains a '/' also */
     if(strrchr(newname,'/') == 0) {
       pstring tmpstr;
 
-      strcpy(tmpstr, "./");
-      strcat(tmpstr, newname);
-      strcpy(newname, tmpstr);
+      pstrcpy(tmpstr, "./");
+      pstrcat(tmpstr, newname);
+      pstrcpy(newname, tmpstr);
     }
   
     DEBUG(3,("reply_mv : case_sensitive = %d, case_preserve = %d, short case preserve = %d, directory = %s, newname = %s, newname_last_component = %s, is_8_3 = %d\n", 
@@ -3197,7 +3197,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
        * character above.
        */
       p = strrchr(newname,'/');
-      strcpy(newname_modified_last_component,p+1);
+      pstrcpy(newname_modified_last_component,p+1);
 
       if(strcsequal(newname_modified_last_component, 
                    newname_last_component) == False) {
@@ -3205,7 +3205,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
         * Replace the modified last component with
         * the original.
         */
-        strcpy(p+1, newname_last_component);
+        pstrcpy(p+1, newname_last_component);
       }
     }
 
@@ -3235,7 +3235,7 @@ int reply_mv(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
        error = ERRbadfile;
 
        if (strequal(mask,"????????.???"))
-         strcpy(mask,"*");
+         pstrcpy(mask,"*");
 
        while ((dname = ReadDirName(dirptr)))
          {
@@ -3309,8 +3309,8 @@ static BOOL copy_file(char *src,char *dest1,int cnum,int ofun,
       p++;
     else
       p = src;
-    strcat(dest,"/");
-    strcat(dest,p);
+    pstrcat(dest,"/");
+    pstrcat(dest,p);
   }
 
   if (!file_exist(src,&st)) return(False);
@@ -3415,12 +3415,12 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 
   p = strrchr(name,'/');
   if (!p) {
-    strcpy(directory,"./");
-    strcpy(mask,name);
+    pstrcpy(directory,"./");
+    pstrcpy(mask,name);
   } else {
     *p = 0;
-    strcpy(directory,name);
-    strcpy(mask,p+1);
+    pstrcpy(directory,name);
+    pstrcpy(mask,p+1);
   }
 
   if (is_mangled(mask))
@@ -3429,8 +3429,8 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
   has_wild = strchr(mask,'*') || strchr(mask,'?');
 
   if (!has_wild) {
-    strcat(directory,"/");
-    strcat(directory,mask);
+    pstrcat(directory,"/");
+    pstrcat(directory,mask);
     if (resolve_wildcards(directory,newname) && 
        copy_file(directory,newname,cnum,ofun,
                  count,target_is_directory)) count++;
@@ -3448,7 +3448,7 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
        error = ERRbadfile;
 
        if (strequal(mask,"????????.???"))
-         strcpy(mask,"*");
+         pstrcpy(mask,"*");
 
        while ((dname = ReadDirName(dirptr)))
          {
@@ -3459,7 +3459,7 @@ int reply_copy(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 
            error = ERRnoaccess;
            slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
-           strcpy(destname,newname);
+           pstrcpy(destname,newname);
            if (resolve_wildcards(fname,destname) && 
                copy_file(directory,newname,cnum,ofun,
                          count,target_is_directory)) count++;

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 7788b142e09314e89fb3e839e6e00d58b825fbf9..540f9f799f641ba8c7b9ad99de95e9b76bf3b678 100644 (file)
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -427,8 +427,8 @@ static BOOL mangled_equal(char *name1, char *name2)
   if (is_8_3(name2, True))
     return(False);
 
-  strcpy(tmpname,name2);
-  mangle_name_83(tmpname);
+  pstrcpy(tmpname,name2);
+  mangle_name_83(tmpname,sizeof(tmpname));
 
   return(strequal(name1,tmpname));
 }
@@ -453,7 +453,7 @@ static BOOL scan_directory(char *path, char *name,int cnum,BOOL docache)
     path = ".";
 
   if (docache && (dname = DirCacheCheck(path,name,SNUM(cnum)))) {
-    strcpy(name, dname);       
+    pstrcpy(name, dname);      
     return(True);
   }      
 
@@ -489,7 +489,7 @@ static BOOL scan_directory(char *path, char *name,int cnum,BOOL docache)
        {
          /* we've found the file, change it's name and return */
          if (docache) DirCacheAdd(path,name,dname,SNUM(cnum));
-         strcpy(name, dname);
+         pstrcpy(name, dname);
          CloseDir(cur_dir);
          return(True);
        }
@@ -547,9 +547,9 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
   if(saved_last_component) {
     end = strrchr(name, '/');
     if(end)
-      strcpy(saved_last_component, end + 1);
+      pstrcpy(saved_last_component, end + 1);
     else
-      strcpy(saved_last_component, name);
+      pstrcpy(saved_last_component, name);
   }
 
   if (!case_sensitive && 
@@ -567,7 +567,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
          /* sanitise the name */
          for (s=name2 ; *s ; s++)
            if (!issafe(*s)) *s = '_';
-         strcpy(name,(char *)mktemp(name2));     
+         pstrcpy(name,(char *)mktemp(name2));    
        }      
       return(True);
     }
@@ -604,7 +604,7 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
       if (end)         *end = 0;
 
       if(saved_last_component != 0)
-        strcpy(saved_last_component, end ? end + 1 : start);
+        pstrcpy(saved_last_component, end ? end + 1 : start);
 
       /* check if the name exists up to this point */
       if (sys_stat(name, &st) == 0) 
@@ -669,14 +669,14 @@ BOOL unix_convert(char *name,int cnum,pstring saved_last_component, BOOL *bad_pa
          /* restore the rest of the string */
          if (end) 
            {
-             strcpy(start+strlen(start)+1,rest);
+             pstrcpy(start+strlen(start)+1,rest);
              end = start + strlen(start);
            }
        }
 
       /* add to the dirpath that we have resolved so far */
-      if (*dirpath) strcat(dirpath,"/");
-      strcat(dirpath,start);
+      if (*dirpath) pstrcat(dirpath,"/");
+      pstrcat(dirpath,start);
 
       /* restore the / that we wiped out earlier */
       if (end) *end = '/';
@@ -990,7 +990,7 @@ static int fd_attempt_open(char *fname, int flags, int mode)
   if((fd == -1) && (errno == ENOENT) &&
      (strchr(fname,'.')==NULL))
     {
-      strcat(fname,".");
+      pstrcat(fname,".");
       fd = sys_open(fname,flags,mode);
     }
 
@@ -3370,7 +3370,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
       {
         if (validated_username(vuid))
         {
-          strcpy(user,validated_username(vuid));
+          pstrcpy(user,validated_username(vuid));
           return(make_connection(user,user,password,pwlen,dev,vuid));
         }
       }
@@ -3381,7 +3381,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
          */
         if(*sesssetup_user)
         {
-          strcpy(user,sesssetup_user);
+          pstrcpy(user,sesssetup_user);
           return(make_connection(user,user,password,pwlen,dev,vuid));
         }
       }
@@ -3393,14 +3393,14 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
 
   /* you can only connect to the IPC$ service as an ipc device */
   if (strequal(service,"IPC$"))
-    strcpy(dev,"IPC");
+    pstrcpy(dev,"IPC");
 
   if (*dev == '?' || !*dev)
     {
       if (lp_print_ok(snum))
-       strcpy(dev,"LPT1:");
+       pstrcpy(dev,"LPT1:");
       else
-       strcpy(dev,"A:");
+       pstrcpy(dev,"A:");
     }
 
   /* if the request is as a printer and you can't print then refuse */
@@ -3964,7 +3964,7 @@ int reply_nt1(char *outbuf)
   data_len = crypt_len + strlen(global_myworkgroup) + 1;
 
   set_message(outbuf,17,data_len,True);
-  strcpy(smb_buf(outbuf)+crypt_len, global_myworkgroup);
+  pstrcpy(smb_buf(outbuf)+crypt_len, global_myworkgroup);
 
   CVAL(outbuf,smb_vwv1) = secword;
   SSVALS(outbuf,smb_vwv16+1,crypt_len);
@@ -4221,7 +4221,7 @@ void close_cnum(int cnum, uint16 vuid)
   if (*lp_postexec(SNUM(cnum)) && become_user(&Connections[cnum], cnum,vuid))
     {
       pstring cmd;
-      strcpy(cmd,lp_postexec(SNUM(cnum)));
+      pstrcpy(cmd,lp_postexec(SNUM(cnum)));
       standard_sub(cnum,cmd);
       smbrun(cmd,NULL,False);
       unbecome_user();
@@ -4232,7 +4232,7 @@ void close_cnum(int cnum, uint16 vuid)
   if (*lp_rootpostexec(SNUM(cnum)))
     {
       pstring cmd;
-      strcpy(cmd,lp_rootpostexec(SNUM(cnum)));
+      pstrcpy(cmd,lp_rootpostexec(SNUM(cnum)));
       standard_sub(cnum,cmd);
       smbrun(cmd,NULL,False);
     }
@@ -4270,7 +4270,7 @@ static BOOL dump_core(void)
   pstring dname;
   pstrcpy(dname,debugf);
   if ((p=strrchr(dname,'/'))) *p=0;
-  strcat(dname,"/corefiles");
+  pstrcat(dname,"/corefiles");
   mkdir(dname,0700);
   sys_chown(dname,getuid(),getgid());
   chmod(dname,0700);
@@ -5060,9 +5060,9 @@ static void usage(char *pname)
 
   TimeInit();
 
-  strcpy(debugf,SMBLOGFILE);  
+  pstrcpy(debugf,SMBLOGFILE);  
 
-  strcpy(remote_machine, "smb");
+  pstrcpy(remote_machine, "smb");
 
   setup_logging(argv[0],False);
 
@@ -5101,10 +5101,10 @@ static void usage(char *pname)
     switch (opt)
       {
       case 'O':
-       strcpy(user_socket_options,optarg);
+       pstrcpy(user_socket_options,optarg);
        break;
       case 'i':
-       strcpy(scope,optarg);
+       pstrcpy(scope,optarg);
        break;
       case 'P':
        {
@@ -5113,10 +5113,10 @@ static void usage(char *pname)
        }
        break;  
       case 's':
-       strcpy(servicesf,optarg);
+       pstrcpy(servicesf,optarg);
        break;
       case 'l':
-       strcpy(debugf,optarg);
+       pstrcpy(debugf,optarg);
        break;
       case 'a':
        {
@@ -5185,7 +5185,7 @@ static void usage(char *pname)
 
   codepage_initialise(lp_client_code_page());
 
-  strcpy(global_myworkgroup, lp_workgroup());
+  pstrcpy(global_myworkgroup, lp_workgroup());
 
 #ifndef NO_SIGNAL_TEST
   signal(SIGHUP,SIGNAL_CAST sig_hup);

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index fb45efcc0b2054bd6e06bab20c4a2f348c684aa9..db44dc984dd13ba05a361e20d6a5242a5b617b4d 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -325,7 +325,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
   if(p != NULL)
     {
       if(p[1] == '\0')
-       strcpy(mask,"*.*");
+       pstrcpy(mask,"*.*");
       else
        pstrcpy(mask, p+1);
     }
@@ -368,8 +368,8 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
 
          pstrcpy(pathreal,Connections[cnum].dirpath);
           if(needslash)
-           strcat(pathreal,"/");
-         strcat(pathreal,dname);
+           pstrcat(pathreal,"/");
+         pstrcat(pathreal,dname);
          if (sys_stat(pathreal,&sbuf) != 0) 
            {
              DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",pathreal,strerror(errno)));
@@ -417,7 +417,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SIVAL(p,l1_cbFileAlloc,ROUNDUP(size,1024));
       SSVAL(p,l1_attrFile,mode);
       SCVAL(p,l1_cchName,strlen(fname));
-      strcpy(p + l1_achName, fname);
+      pstrcpy(p + l1_achName, fname);
       nameptr = p + l1_achName;
       p += l1_achName + strlen(fname) + 1;
       break;
@@ -436,7 +436,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SSVAL(p,l2_attrFile,mode);
       SIVAL(p,l2_cbList,0); /* No extended attributes */
       SCVAL(p,l2_cchName,strlen(fname));
-      strcpy(p + l2_achName, fname);
+      pstrcpy(p + l2_achName, fname);
       nameptr = p + l2_achName;
       p += l2_achName + strlen(fname) + 1;
       break;
@@ -451,7 +451,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SSVAL(p,24,mode);
       SIVAL(p,26,4);
       CVAL(p,30) = strlen(fname);
-      strcpy(p+31, fname);
+      pstrcpy(p+31, fname);
       nameptr = p+31;
       p += 31 + strlen(fname) + 1;
       break;
@@ -469,7 +469,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SIVAL(p,20,ROUNDUP(size,1024));
       SSVAL(p,24,mode);
       CVAL(p,32) = strlen(fname);
-      strcpy(p + 33, fname);
+      pstrcpy(p + 33, fname);
       nameptr = p+33;
       p += 33 + strlen(fname) + 1;
       break;
@@ -490,7 +490,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SIVAL(p,0,strlen(fname)); p += 4;
       SIVAL(p,0,0); p += 4;
       if (!was_8_3) {
-       strcpy(p+2,fname);
+       pstrcpy(p+2,fname);
        if (!name_map_mangle(p+2,True,SNUM(cnum)))
          (p+2)[12] = 0;
       } else
@@ -499,7 +499,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SSVAL(p,0,strlen(p+2));
       p += 2 + 24;
       /* nameptr = p;  */
-      strcpy(p,fname); p += strlen(p);
+      pstrcpy(p,fname); p += strlen(p);
       p = pdata + len;
       break;
 
@@ -516,7 +516,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SIVAL(p,0,size); p += 8;
       SIVAL(p,0,nt_extmode); p += 4;
       SIVAL(p,0,strlen(fname)); p += 4;
-      strcpy(p,fname);
+      pstrcpy(p,fname);
       p = pdata + len;
       break;
       
@@ -535,7 +535,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SIVAL(p,0,nt_extmode); p += 4;
       SIVAL(p,0,strlen(fname)); p += 4;
       SIVAL(p,0,0); p += 4;
-      strcpy(p,fname);
+      pstrcpy(p,fname);
       p = pdata + len;
       break;
 
@@ -545,7 +545,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
       SIVAL(p,0,len); p += 4;
       SIVAL(p,0,reskey); p += 4;
       SIVAL(p,0,strlen(fname)); p += 4;
-      strcpy(p,fname);
+      pstrcpy(p,fname);
       p = pdata + len;
       break;
 
@@ -651,10 +651,10 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
 
   p = strrchr(directory,'/');
   if(p == NULL) {
-    strcpy(mask,directory);
-    strcpy(directory,"./");
+    pstrcpy(mask,directory);
+    pstrcpy(directory,"./");
   } else {
-    strcpy(mask,p+1);
+    pstrcpy(mask,p+1);
     *p = 0;
   }
 
@@ -686,7 +686,7 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
   }
   
   /* a special case for 16 bit apps */
-  if (strequal(mask,"????????.???")) strcpy(mask,"*");
+  if (strequal(mask,"????????.???")) pstrcpy(mask,"*");
 
   /* handle broken clients that send us old 8.3 format */
   string_sub(mask,"????????","*");
@@ -863,8 +863,8 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
     DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num));
     return (ERROR(ERRDOS,ERRnofiles));
   }
-  strcpy(mask, p);
-  strcpy(directory,Connections[cnum].dirpath);
+  pstrcpy(mask, p);
+  pstrcpy(directory,Connections[cnum].dirpath);
 
   /* Get the attr mask from the dptr */
   dirtype = dptr_attr(dptr_num);
@@ -1060,7 +1060,7 @@ static int call_trans2qfsinfo(char *inbuf, char *outbuf, int length, int bufsize
     case SMB_QUERY_FS_LABEL_INFO:
       data_len = 4 + strlen(vname);
       SIVAL(pdata,0,strlen(vname));
-      strcpy(pdata+4,vname);      
+      pstrcpy(pdata+4,vname);      
       break;
     case SMB_QUERY_FS_VOLUME_INFO:      
       data_len = 18 + 2*strlen(vname);

diff --git a/source3/smbd/vt_mode.c b/source3/smbd/vt_mode.c
index dcb6ce831d352bb82e1f42e106bfcd4265547343..19f825946430602142267e9f31269b26ff4ffb5b 100644 (file)
--- a/source3/smbd/vt_mode.c
+++ b/source3/smbd/vt_mode.c
@@ -50,7 +50,7 @@ extern int    DEBUGLEVEL;
 extern char    *InBuffer, *OutBuffer;
 extern int     done_become_user;
 
-char   master_name [64], slave_name [64];
+fstring        master_name, slave_name;
 int            master, slave, i, o, e;
 
 int            ms_type = MS_NONE,
@@ -202,8 +202,8 @@ int VT_Start(void)
 #endif
 
        if(ms_poll == MS_VTY || ms_poll == 0) {
-               strcpy(master_name, MASTER_TMPL);
-               strcpy(slave_name, SLAVE_TMPL);
+               fstrcpy(master_name, MASTER_TMPL);
+               fstrcpy(slave_name, SLAVE_TMPL);
 
                for(X = LETTER1; *X && master < 0; X++)
                        for(Y = LETTER2; *Y && master < 0; Y++) {
@@ -242,9 +242,9 @@ int VT_Start(void)
                int     i;
 
                for(i = MIN_I; i <= MAX_I && master < 0; i++) {
-                       sprintf(master_name, MASTER_TMPL, i);
+                       slprintf(master_name, sizeof(fstring) - 1, MASTER_TMPL, i);
                        if((master = open(master_name, O_RDWR)) >= 0) {
-                               sprintf(slave_name, SLAVE_TMPL, i);
+                               slprintf(slave_name, sizeof(fstring) - 1, SLAVE_TMPL, i);
                                if((slave = open(slave_name, O_RDWR)) < 0)
                                        close(master);
                        }

diff --git a/source3/utils/make_printerdef.c b/source3/utils/make_printerdef.c
index 0c3cb633af4ba60f0e8b64beef918eedd412da40..474512717582223684086308b90dcd7b6c47c08f 100644 (file)
--- a/source3/utils/make_printerdef.c
+++ b/source3/utils/make_printerdef.c
@@ -28,9 +28,9 @@
 
 char *files_to_copy;
 char *driverfile, *datafile, *helpfile, *languagemonitor, *datatype;
-char buffer[50][255];
-char sbuffer[50][255];
-char sub_dir[50][2][255];
+char buffer[50][sizeof(pstring)];
+char sbuffer[50][sizeof(pstring)];
+char sub_dir[50][2][sizeof(pstring)];
 
 void usage(char *name)
 {
@@ -42,31 +42,31 @@ char *myfgets(char *s, int n, FILE *stream)
   char *LString1;
   char *LString2;
   char *temp;
-  char String[255];
-  char NewString[255];
+  pstring String;
+  pstring NewString;
   int i;
 
   fgets(s,n,stream);
   while ((LString1 = strchr(s,'%')) != NULL) {
     if (!(LString2 = strchr(LString1+1,'%'))) break;
     *LString2 = '\0';
-    strcpy(String,LString1+1);
+    pstrcpy(String,LString1+1);
     i = 0;
     while(*sbuffer[i]!='\0') {
       if (strncmp(sbuffer[i],String,strlen(String))==0)
       {
-       strcpy(String,sbuffer[i]);
+       pstrcpy(String,sbuffer[i]);
        if ((temp = strchr(String,'=')) != NULL) ++temp;
-       strcpy(String,temp);
+       pstrcpy(String,temp);
        break;
       }
       i++;     
     }
     *LString1 = '\0';
-    strcpy(NewString,s);
-    strcat(NewString,String);
-    strcat(NewString,LString2+1);
-    strcpy(s, NewString);
+    pstrcpy(NewString,s);
+    pstrcat(NewString,String);
+    pstrcat(NewString,LString2+1);
+    pstrcpy(s, NewString);
   }
   return(s);
 }
@@ -82,15 +82,15 @@ char *scan(char *chaine,char **entry)
   char *temp;
   int i=0;
  
-  *entry=(char *)malloc(255*sizeof(char));
-  value=(char *)malloc(255*sizeof(char));
-  strcpy(*entry,chaine);
+  *entry=(char *)malloc(sizeof(pstring));
+  value=(char *)malloc(sizeof(pstring));
+  pstrcpy(*entry,chaine);
   temp=chaine;
   while( temp[i]!='=' && temp[i]!='\0') {
        i++;
   }
   (*entry)[i]='\0'; 
-  strcpy(value,temp+i+1);      
+  pstrcpy(value,temp+i+1);      
   return (value);
 }
 
@@ -107,12 +107,12 @@ void build_subdir(void)
 #endif      
 
     if (strcmp(data,"11")==0) {
-      strcpy(sub_dir[i][0],entry);
-      strcpy(sub_dir[i][1],"");
+      pstrcpy(sub_dir[i][0],entry);
+      pstrcpy(sub_dir[i][1],"");
     }
     if (strcmp(data,"23")==0) {
-      strcpy(sub_dir[i][0],entry);
-      strcpy(sub_dir[i][1],"color\\");
+      pstrcpy(sub_dir[i][0],entry);
+      pstrcpy(sub_dir[i][1],"color\\");
     }
 #ifdef DEBUGIT
     fprintf(stderr,"\tsubdir %s:%s\n",sub_dir[i][0],sub_dir[i][1]);
@@ -131,12 +131,12 @@ void lookup_strings(FILE *fichier)
   int found=0,pointeur=0,i=0;
   char *temp,*temp2;
   
-  temp=(char *)malloc(255*sizeof(char));
-  temp2=(char *)malloc(255*sizeof(char));
+  temp=(char *)malloc(sizeof(pstring));
+  temp2=(char *)malloc(sizeof(pstring));
   
   *sbuffer[0]='\0';
   
-  strcpy(temp2,"[Strings]");
+  pstrcpy(temp2,"[Strings]");
   
   rewind(fichier);
 #ifdef DEBUGIT
@@ -158,7 +158,7 @@ void lookup_strings(FILE *fichier)
                *sbuffer[pointeur]='\0';
        }
        else {
-               strcpy(sbuffer[pointeur],temp);
+               pstrcpy(sbuffer[pointeur],temp);
                i=strlen(sbuffer[pointeur])-1;
                while (sbuffer[pointeur][i]=='\r' || sbuffer[pointeur][i]=='\n')
                        sbuffer[pointeur][i--]='\0';
@@ -181,14 +181,14 @@ void lookup_entry(FILE *fichier,char *chaine)
   int found=0,pointeur=0,i=0;
   char *temp,*temp2;
   
-  temp=(char *)malloc(255*sizeof(char));
-  temp2=(char *)malloc(255*sizeof(char));
+  temp=(char *)malloc(sizeof(pstring));
+  temp2=(char *)malloc(sizeof(pstring));
   
   *buffer[0]='\0';
   
-  strcpy(temp2,"[");
-  strcat(temp2,chaine);
-  strcat(temp2,"]");
+  pstrcpy(temp2,"[");
+  pstrcat(temp2,chaine);
+  pstrcat(temp2,"]");
   
   rewind(fichier);
 #ifdef DEBUGIT
@@ -210,7 +210,7 @@ void lookup_entry(FILE *fichier,char *chaine)
                *buffer[pointeur]='\0';
        }
        else {
-               strcpy(buffer[pointeur],temp);
+               pstrcpy(buffer[pointeur],temp);
                i=strlen(buffer[pointeur])-1;
                while (buffer[pointeur][i]=='\r' || buffer[pointeur][i]=='\n')
                        buffer[pointeur][i--]='\0';
@@ -232,9 +232,9 @@ char *find_desc(FILE *fichier,char *text)
 
   int found=0;
 
-  chaine=(char *)malloc(255*sizeof(char));
-  long_desc=(char *)malloc(40*sizeof(char));
-  short_desc=(char *)malloc(40*sizeof(char));
+  chaine=(char *)malloc(sizeof(pstring));
+  long_desc=(char *)malloc(sizeof(pstring));
+  short_desc=(char *)malloc(sizeof(pstring));
   if (!chaine || !long_desc || !short_desc) {
     fprintf(stderr,"Unable to malloc memory\n");
     exit(1);
@@ -267,7 +267,7 @@ char *find_desc(FILE *fichier,char *text)
   free(chaine);
   if (!found || !crap) return(NULL);
   while(*crap==' ') crap++;
-  strcpy(short_desc,crap);
+  pstrcpy(short_desc,crap);
   return(short_desc);
 }
 
@@ -276,7 +276,7 @@ void scan_copyfiles(FILE *fichier, char *chaine)
   char *part;
   char *mpart;
   int i;
-  char direc[255];
+  pstring direc;
 #ifdef DEBUGIT
   fprintf(stderr,"In scan_copyfiles Lookup up of %s\n",chaine);
 #endif 
@@ -290,19 +290,19 @@ void scan_copyfiles(FILE *fichier, char *chaine)
     */
     if (*part=='@') {
       if (strlen(files_to_copy) != 0)
-        strcat(files_to_copy,",");
-      strcat(files_to_copy,&part[1]);
+        pstrcat(files_to_copy,",");
+      pstrcat(files_to_copy,&part[1]);
       fprintf(stderr,"%s\n",&part[1]);
     } else {
       lookup_entry(fichier,part);
       i=0;
-      strcpy(direc,"");
+      pstrcpy(direc,"");
       while (*sub_dir[i][0]!='\0') {
 #ifdef DEBUGIT
        fprintf(stderr,"\tsubdir %s:%s\n",sub_dir[i][0],sub_dir[i][1]);
 #endif      
        if (strcmp(sub_dir[i][0],part)==0)
-               strcpy(direc,sub_dir[i][1]);
+               pstrcpy(direc,sub_dir[i][1]);
        i++;
       }        
       i=0;
@@ -331,7 +331,7 @@ void scan_copyfiles(FILE *fichier, char *chaine)
          part = strchr(buffer[i],',');
          if (part) {
            if ((mpart = strrchr(part+1,','))!=NULL) {
-               strcpy(buffer[i],mpart+1);
+               pstrcpy(buffer[i],mpart+1);
            } else
                *part = '\0';
             while (--part > buffer[i])
@@ -340,9 +340,9 @@ void scan_copyfiles(FILE *fichier, char *chaine)
          }
        }
         if (strlen(files_to_copy) != 0)
-          strcat(files_to_copy,",");
-       strcat(files_to_copy,direc);
-       strcat(files_to_copy,buffer[i]);
+          pstrcat(files_to_copy,",");
+       pstrcat(files_to_copy,direc);
+       pstrcat(files_to_copy,buffer[i]);
        fprintf(stderr,"%s%s\n",direc,buffer[i]);
        i++;
       } 
@@ -364,8 +364,8 @@ void scan_short_desc(FILE *fichier, char *short_desc)
   helpfile=0;
   languagemonitor=0;
   datatype="RAW";
-  chaine=(char *)malloc(255*sizeof(char));
-  temp=(char *)malloc(255*sizeof(char));
+  chaine=(char *)malloc(sizeof(pstring));
+  temp=(char *)malloc(sizeof(pstring));
   
   driverfile=short_desc;
   datafile=short_desc;
@@ -422,7 +422,7 @@ void scan_short_desc(FILE *fichier, char *short_desc)
   if (languagemonitor) {
        temp = strtok(languagemonitor,",");
        if (*temp == '"') ++temp;
-       strcpy(languagemonitor,temp);
+       pstrcpy(languagemonitor,temp);
        if ((temp = strchr(languagemonitor,'"'))!=NULL) *temp = '\0';
   }
 

diff --git a/source3/utils/make_smbcodepage.c b/source3/utils/make_smbcodepage.c
index 409d199640657a626c134ce563526b6d8d566aa0..ce45a7bc602142836fe64f1a8c100279f1f374d9 100644 (file)
--- a/source3/utils/make_smbcodepage.c
+++ b/source3/utils/make_smbcodepage.c
@@ -64,7 +64,7 @@ void read_line( char **buf, char *line_buf, int size)
 
 int clean_data( char **buf, uint32 *size)
 {
-  char linebuf[512];
+  pstring linebuf;
   char *p = *buf;
   int num_lines = 0;
   char *newbuf = (char *)malloc( *size + 1);
@@ -94,7 +94,7 @@ int clean_data( char **buf, uint32 *size)
     if(*cp == '\0')
       continue;
 
-    strcpy(newbuf_p, cp);
+    pstrcpy(newbuf_p, cp);
     num_lines++;
     newbuf_p += (strlen(newbuf_p) + 1);
   }

diff --git a/source3/utils/nmblookup.c b/source3/utils/nmblookup.c
index 4c9132ee75b09657ddd5e420e3fe28f18b027eba..59d5771c5d2797e8fb8e9db77b930ea3fc7d4065 100644 (file)
--- a/source3/utils/nmblookup.c
+++ b/source3/utils/nmblookup.c
@@ -196,7 +196,7 @@ int main(int argc,char *argv[])
 
       if(lookup_by_ip)
       {
-        strcpy(lookup,"*");
+        fstrcpy(lookup,"*");
         ip = *interpret_addr2(argv[i]);
         printf("Looking up status of %s\n",inet_ntoa(ip));
         name_status(ServerFD,lookup,lookup_type,True,ip,NULL,NULL,NULL);
@@ -206,7 +206,7 @@ int main(int argc,char *argv[])
 
       if (find_master) {
        if (*lookup == '-') {
-         strcpy(lookup,"\01\02__MSBROWSE__\02");
+         fstrcpy(lookup,"\01\02__MSBROWSE__\02");
          lookup_type = 1;
        } else {
          lookup_type = 0x1d;

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 5060d80d3d5036f458be5ed8806962994761af95..3737d820421ef6697447ca721fb230dcb7de03e6 100644 (file)
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -345,7 +345,7 @@ int main(int argc, char **argv)
       if(is_root) {
         disable_user = True;
         got_new_pass = True;
-        strcpy(new_passwd, "XXXXXX");
+        fstrcpy(new_passwd, "XXXXXX");
       } else
         usage(prog_name, is_root);
       break;
@@ -356,7 +356,7 @@ int main(int argc, char **argv)
       if(is_root) {
         set_no_password = True;
         got_new_pass = True;
-        strcpy(new_passwd, "NO PASSWORD");
+        fstrcpy(new_passwd, "NO PASSWORD");
       } else
         usage(prog_name, is_root);
     case 'r':

diff --git a/source3/utils/status.c b/source3/utils/status.c
index 40bafbe0c275c9ba367e48d2456085f1f66f09b1..d4753d589d13c1d28ac106007e7548ad29760a0a 100644 (file)
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -139,7 +139,7 @@ static void print_share_mode(share_mode_entry *e, char *fname)
       processes_only = 1;
       break;
     case 's':
-      strcpy(servicesf, optarg);
+      pstrcpy(servicesf, optarg);
       break;
     case 'u':                                       /* added by OH */
       Ucrit_addUsername(optarg);                    /* added by OH */
@@ -162,10 +162,10 @@ static void print_share_mode(share_mode_entry *e, char *fname)
     printf("lockdir = %s\n", *lp_lockdir() ? lp_lockdir() : "NULL");
   }
 
-  strcpy(fname,lp_lockdir());
+  pstrcpy(fname,lp_lockdir());
   standard_sub_basic(fname);
   trim_string(fname,"","/");
-  strcat(fname,"/STATUS..LCK");
+  pstrcat(fname,"/STATUS..LCK");
 
   f = fopen(fname,"r");
   if (!f) {
@@ -281,7 +281,7 @@ static void print_share_mode(share_mode_entry *e, char *fname)
 /* added by OH */
 void Ucrit_addUsername(pstring username)
 {
-  strcpy(Ucrit_username, username);
+  pstrcpy(Ucrit_username, username);
   if(strlen(Ucrit_username) > 0)
     Ucrit_IsActive = 1;
 }

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 83d4d7fbb5eacaa1f70293920c901cc4fa4791f7..f37c7376fdfa707f5f78e6a026e909016a0b321d 100644 (file)
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -52,9 +52,9 @@ extern pstring myhostname;
   charset_initialise();
 
   if (argc < 2)
-    strcpy(configfile,CONFIGFILE);
+    pstrcpy(configfile,CONFIGFILE);
   else
-    strcpy(configfile,argv[1]);
+    pstrcpy(configfile,argv[1]);
 
   dbf = stdout;
   DEBUGLEVEL = 2;

diff --git a/source3/utils/torture.c b/source3/utils/torture.c
index ede801afe962b87952d844ecc2d85f654affd83b..1abfee05412931c76a85b45521a0c9b5402a0268 100644 (file)
--- a/source3/utils/torture.c
+++ b/source3/utils/torture.c
@@ -134,7 +134,7 @@ static BOOL rw_torture(struct cli_state *c, int numops)
                if (i % 10 == 0) {
                        printf("%d\r", i); fflush(stdout);
                }
-               sprintf(fname,"\\torture.%u", n);
+               slprintf(fname, sizeof(fstring) - 1, "\\torture.%u", n);
 
                if (!wait_lock(c, fnum2, n*sizeof(int), sizeof(int))) {
                        return False;
@@ -860,7 +860,7 @@ static void create_procs(int nprocs, int numops)
        get_myname(myname,NULL);
 
        if (*username == 0 && getenv("LOGNAME")) {
-         strcpy(username,getenv("LOGNAME"));
+         pstrcpy(username,getenv("LOGNAME"));
        }
 
        argc--;
@@ -888,11 +888,11 @@ static void create_procs(int nprocs, int numops)
                        fstrcpy(myname, optarg);
                        break;
                case 'U':
-                       strcpy(username,optarg);
+                       pstrcpy(username,optarg);
                        p = strchr(username,'%');
                        if (p) {
                                *p = 0;
-                               strcpy(password, p+1);
+                               pstrcpy(password, p+1);
                                gotpass = 1;
                        }
                        break;
@@ -906,7 +906,7 @@ static void create_procs(int nprocs, int numops)
        while (!gotpass) {
                p = getpass("Password:");
                if (p) {
-                       strcpy(password, p);
+                       pstrcpy(password, p);
                        gotpass = 1;
                }
        }

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index a1aa4d753dc96e79b0a36ada7d6dba54d167dbf6..5958b0a41954b763a3a89d8d3d580da37dda8362 100644 (file)
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -296,17 +296,17 @@ char *quotedup(char *s)
        for (i=0;i<len;i++) {
                switch (s[i]) {
                case '<':
-                       strcpy(d, "&lt;");
+                       safe_strcpy(d, "&lt;", len + n*6 - (d - ret));
                        d += 4;
                        break;
 
                case '>':
-                       strcpy(d, "&gt;");
+                       safe_strcpy(d, "&gt;", len + n*6 - (d - ret));
                        d += 4;
                        break;
 
                case '&':
-                       strcpy(d, "&amp;");
+                       safe_strcpy(d, "&amp;", len + n*6 - (d - ret));
                        d += 5;
                        break;
 
@@ -347,7 +347,7 @@ char *urlquote(char *s)
 
        for (i=0;i<len;i++) {
                if (strchr(qlist,s[i])) {
-                       sprintf(d, "%%%02X", (int)s[i]);
+                       slprintf(d, len + n*2 - (d - ret), "%%%02X", (int)s[i]);
                        d += 3;
                } else {
                        *d++ = s[i];
@@ -387,7 +387,7 @@ char *quotequotes(char *s)
        for (i=0;i<len;i++) {
                switch (s[i]) {
                case '"':
-                       strcpy(d, "&quot;");
+                       safe_strcpy(d, "&quot;", len + n*6 - (d - ret));
                        d += 6;
                        break;
 

diff --git a/source3/web/startstop.c b/source3/web/startstop.c
index 7ac66f2180095845e49d9ff69371dc1a00ed4089..63e5afead21bcc6d6ffe4e089db26a2da2cc1a32 100644 (file)
--- a/source3/web/startstop.c
+++ b/source3/web/startstop.c
@@ -37,7 +37,7 @@ void start_smbd(void)
                return;
        }
 
-       sprintf(binfile,"%s/smbd", SBINDIR);
+       slprintf(binfile, sizeof(pstring) - 1, "%s/smbd", SBINDIR);
 
        become_daemon();
 
@@ -58,7 +58,7 @@ void start_nmbd(void)
                return;
        }
 
-       sprintf(binfile,"%s/nmbd", SBINDIR);
+       slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", SBINDIR);
        
        become_daemon();
 

diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c
index 9bcc99a6af1a91581d99a4688304b3a1013eeed7..184f7e1f73c1d0ba158b78f89ad18718cc0d9ead 100644 (file)
--- a/source3/web/statuspage.c
+++ b/source3/web/statuspage.c
@@ -121,7 +121,7 @@ void status_page(void)
        pstrcpy(fname,lp_lockdir());
        standard_sub_basic(fname);
        trim_string(fname,"","/");
-       strcat(fname,"/STATUS..LCK");
+       pstrcat(fname,"/STATUS..LCK");
 
 
        f = fopen(fname,"r");
@@ -131,7 +131,7 @@ void status_page(void)
                        if (crec.magic == 0x280267 && crec.cnum == -1 &&
                            process_exists(crec.pid)) {
                                char buf[30];
-                               sprintf(buf,"kill_%d", crec.pid);
+                               slprintf(buf,sizeof(buf)-1,"kill_%d", crec.pid);
                                if (cgi_variable(buf)) {
                                        kill_pid(crec.pid);
                                }