adapt pam_winbin.c to deal with later iniparser versions
Jeremy Allison
jra at samba.org
Mon Feb 10 11:41:27 MST 2014
On Wed, Feb 05, 2014 at 06:39:19PM +0100, Andreas Schneider wrote:
> On Wednesday 05 February 2014 14:00:07 Noel Power wrote:
> > Hi Andreas,
> >
> > On 05/02/14 13:26, Andreas Schneider wrote:
> > > On Wednesday 05 February 2014 12:38:51 Noel Power wrote:
> > [...]
> >
> > > iniparser 3.1 requires a patch or it will crash smbd with crafted ini
> > > files:
> > >
> > > https://github.com/ndevilla/iniparser/commit/7b55dd38bd2ba304b434d031056fa
> > > 421fbad3f0e
> > >
> > >
> > > This needs to be included too :)
> >
> > indeed, good idea, how about
> > http://cgit.freedesktop.org/~noelp/noelp-samba/log/?h=bump_iniparser_version
> > thanks,
>
> Reviewed-by: Andreas Schneider <asn at samba.org>
>
> We need a second reviewer ...
Ok, now I've looked over the iniparser update, things
like this:
+/*-------------------------------------------------------------------------*/
+/**
+ @brief Remove blanks at the beginning and the end of a string.
+ @param s String to parse.
+ @return ptr to statically allocated string.
+
+ This function returns a pointer to a statically allocated string,
+ which is identical to the input string, except that all blank
+ characters at the end and the beg. of the string have been removed.
+ Do not free or modify the returned string! Since the returned string
+ is statically allocated, it will be modified at each function call
+ (not re-entrant).
+ */
+/*--------------------------------------------------------------------------*/
+static char * strstrip(const char * s)
+{
+ static char l[ASCIILINESZ+1];
+ char * last ;
+
+ if (s==NULL) return NULL ;
+
+ while (isspace((int)*s) && *s) s++;
+ memset(l, 0, ASCIILINESZ+1);
+ strcpy(l, s);
+ last = l + strlen(l);
+ while (last > l) {
+ if (!isspace((int)*(last-1)))
+ break ;
+ last -- ;
+ }
+ *last = (char)0;
+ return (char*)l ;
+}
scare the *crap* out of me :-(.
It's the unconstrained strcpy into a static
buffer l from passed in value s that does it :-).
At the very least this should be strncpy.
There's a *reason* we have:
#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___;
in Samba :-).
They aren't in the source code that's in the
current master tree.
I have to NAK this unless we can also add something
that fixes up these uses. Sorry :-(.
Jeremy.
More information about the samba-technical
mailing list