samba-2.0.0.beta4 : code optimisation in source/client/client.c
Pascal A. Dupuis
dupuis at lei.ucl.ac.be
Wed Dec 16 08:59:57 GMT 1998
Hello,
I've already reported it, but it is still present in beta4 :
src/client/clinet.c : around line 1968, getenv() is called three times,
with the same argument. The glibc manual says the memory zone returned by
getenv() may be clobbered on non-glibc systems by other calls to getenv(), but
there are no such calls in-between. I suggest to modify this code, in
order to avoid calling unneededly getenv :
line 1924 new variable : char *p, *user;
line 1968 : modify as:
if ((user=getenv("USER")) {
pstrcpy(username, user);
/* modification to support userid%passwd syntax in the USER var
25.Aug.97, jdblair at uab.edu */
if ((p=strchr(username,'%'))) {
*p = 0;
pstrcpy(password,p+1);
got_pass = True;
memset(strchr(user,'%')+1,'X',strlen(password\));
}
/* modification to support PASSWD environmental var
25.Aug.97, jdblair at uab.edu */
if ((user=getenv("PASSWD"))) {
pstrcpy(password,user);
got_pass = True;
}
if ((user=getenv("PASSWD_FD")) {
get_password_file(user);
got_pass = True;
} else if ((user=getenv("PASSWD_FILE")) {
get_password_file(user);
got_pass = True;
}
if (*username == 0 && (user=getenv("LOGNAME"))) {
pstrcpy(username,user);
strupper(username);
}
Also, I don't understand at all the goal of the memset at line 1978. In
the original version, it was :
memset(strchr(getenv("USER"),'%')+1,'X',strlen(password\));
thus :
-get a fresh copy of the environment string "USER" (they are still two
lying around)
-search for the % delimiter
-replace the password part by XXX
You thus hide one copy in memory, what about the two others ?
Could you please tell me the purpose, or if I am wrong in my assumptions ?
Pascal A. Dupuis
--
linux : un noyau
windows : des pépins
More information about the samba-technical
mailing list