CVS update: samba/source/smbd
Andrew Tridgell
tridge at samba.org
Sat Oct 20 09:41:02 EST 2001
Jim,
> Add RAP net share add support
Thanks. I think you should probably add a check to see that
lp_add_share_cmd() is non-null (and non-empty). I also think we should
restrict running this operation to non-guest at the very
least.
There is a bug in your early "return True". I presume you just left in
a line you were using for debugging?
You also might like to use asprintf() instead of slprintf(). I know a
lot of existing code in Samba uses slprintf(), but in general new code
should use asprintf() so we can better handle long strings.
Finally, a malicious client could send invalid values for offset in
IVAL(data, 26) etc. You should make offset unsigned and check that it
is less than the packet data size. I know we don't do that everywhere
we should in Samba, but we might as well get it right in new code.
Cheers, Tridge
More information about the samba-cvs
mailing list