src_len = strlen(src);
dest_len = strlen(dest);
-
+
if (src_len + dest_len > maxlength) {
DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
(int)(src_len + dest_len - maxlength), src));
- src_len = maxlength - dest_len;
+ if (maxlength > dest_len) {
+ memcpy(&dest[dest_len], src, maxlength - dest_len);
+ }
+ dest[maxlength] = 0;
+ return NULL;
}
memcpy(&dest[dest_len], src, src_len);
extern BOOL short_case_preserve;
extern BOOL use_mangled_map;
-static BOOL scan_directory(const char *path, pstring name,connection_struct *conn,BOOL docache);
+static BOOL scan_directory(const char *path, char *name,size_t maxlength,
+ connection_struct *conn,BOOL docache);
/****************************************************************************
Check if two filenames are equal.
* Try to find this part of the path in the directory.
*/
- if (ms_has_wild(start) || !scan_directory(dirpath, start, conn, end?True:False)) {
+ if (ms_has_wild(start) ||
+ !scan_directory(dirpath, start,
+ sizeof(pstring) - 1 - (start - name),
+ conn,
+ end?True:False)) {
if (end) {
/*
* An intermediate part of the name can't be found.
*/
if (end) {
end = start + strlen(start);
- pstrcat(start,"/");
- pstrcat(start,rest);
+ if (!safe_strcat(start, "/", sizeof(pstring) - 1 - (start - name)) ||
+ !safe_strcat(start, rest, sizeof(pstring) - 1 - (start - name))) {
+ return False;
+ }
*end = '\0';
} else {
/*
If the name looks like a mangled name then try via the mangling functions
****************************************************************************/
-static BOOL scan_directory(const char *path, pstring name,connection_struct *conn,BOOL docache)
+static BOOL scan_directory(const char *path, char *name, size_t maxlength,
+ connection_struct *conn,BOOL docache)
{
void *cur_dir;
char *dname;
path = ".";
if (docache && (dname = DirCacheCheck(path,name,SNUM(conn)))) {
- pstrcpy(name, dname);
+ safe_strcpy(name, dname, maxlength);
return(True);
}
/* we've found the file, change it's name and return */
if (docache)
DirCacheAdd(path,name,dname,SNUM(conn));
- pstrcpy(name, dname);
+ safe_strcpy(name, dname, maxlength);
CloseDir(cur_dir);
return(True);
}