[PATCH] fix bug in lpq parsing
Martin Pool
mbp at samba.org
Fri Apr 19 00:34:04 GMT 2002
This patch merges some missing code from 1.2.4.4 on APPLIANCE_HEAD
into head, fixing a bug in the parser for lpq output.
Basically we're trying to concatenate several fields into a single
string, but the calculation of the amount of space remaining is wrong.
This causes a crash when there are a lot of fields in the output,
because a negative value can be passed as the length parameter to
safe_strcat.
This was originally HP Nautilus CR #430.
Please let me know if it's OK.
Index: lpq_parse.c
===================================================================
RCS file: /data/cvs/samba/source/printing/lpq_parse.c,v
retrieving revision 1.11
diff -u -u -r1.11 lpq_parse.c
--- lpq_parse.c 2002/03/15 08:14:06 1.11
+++ lpq_parse.c 2002/04/19 07:28:02
@@ -149,21 +149,17 @@
StrnCpy(buf->fs_file,tok[FILETOK],sizeof(buf->fs_file)-1);
if ((FILETOK + 1) != TOTALTOK) {
- int bufsize;
int i;
- bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
-
for (i = (FILETOK + 1); i < TOTALTOK; i++) {
- safe_strcat(buf->fs_file," ",bufsize);
- safe_strcat(buf->fs_file,tok[i],bufsize - 1);
- bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
- if (bufsize <= 0) {
- break;
- }
+ /* FIXME: Using fstrcat rather than other means is a bit
+ * inefficient; this might be a problem for enormous queues with
+ * many fields. */
+ fstrcat(buf->fs_file, " ");
+ fstrcat(buf->fs_file, tok[i]);
}
/* Ensure null termination. */
- buf->fs_file[sizeof(buf->fs_file)-1] = '\0';
+ fstrterminate(buf->fs_file);
}
#ifdef PRIOTOK
@@ -282,21 +278,17 @@
StrnCpy(buf->fs_file,tokarr[LPRNG_FILETOK],sizeof(buf->fs_file)-1);
if ((LPRNG_FILETOK + 1) != LPRNG_TOTALTOK) {
- int bufsize;
int i;
- bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
-
for (i = (LPRNG_FILETOK + 1); i < LPRNG_TOTALTOK; i++) {
- safe_strcat(buf->fs_file," ",bufsize);
- safe_strcat(buf->fs_file,tokarr[i],bufsize - 1);
- bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
- if (bufsize <= 0) {
- break;
- }
+ /* FIXME: Using fstrcat rather than other means is a bit
+ * inefficient; this might be a problem for enormous queues with
+ * many fields. */
+ fstrcat(buf->fs_file, " ");
+ fstrcat(buf->fs_file, tokarr[i]);
}
/* Ensure null termination. */
- buf->fs_file[sizeof(buf->fs_file)-1] = '\0';
+ fstrterminate(buf->fs_file);
}
return(True);
--
Martin
More information about the samba-technical
mailing list