fixed a couple of illegal uses of scanf() in the nmbd wins code. They

caused a core dump under IRIX when compiled with -64.
In general you cannot assume things about variable sizes. In
particular sizeof(time_t) may not equal sizeof(long) and
sizeof(uint16) may not equal sizeof(short).
There are probably other bugs like this. We'll need to check all
format statements for use of %ld, %hx etc. In general these should not
be used unless you have an explicit cast to the appropriate type.

diff --git a/source/lib/util.c b/source/lib/util.c
index 5c81a14c6637406d5961aae2b1d7e72aea2223e1..403ebb73eb857f373854fe730cfb1b6e4adc3797 100644 (file)
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -3754,7 +3754,7 @@ void standard_sub_basic(char *str)
        struct passwd *pass;
        char *username = sam_logon_in_ssb ? samlogon_user : sesssetup_user;
 
-       for (s = str ; (p = strchr(s,'%')) != NULL ; s = p )
+       for (s = str ; s && *s && (p = strchr(s,'%')); s = p )
        {
                switch (*(p+1))
                {

diff --git a/source/nmbd/nmbd_winsserver.c b/source/nmbd/nmbd_winsserver.c
index bd8febd65d4b11cc41a8e2c9099bfba5a19cb8d9..7bb3081e103c76eebf750122f2220f855c512916 100644 (file)
--- a/source/nmbd/nmbd_winsserver.c
+++ b/source/nmbd/nmbd_winsserver.c
@@ -150,8 +150,8 @@ BOOL initialise_wins(void)
     pstring name;
     struct in_addr *ip_list;
     int type = 0;
-    uint16 nb_flags;
-    time_t ttl;
+    int nb_flags;
+    int ttl;
     enum name_source source;
     char *ptr;
     char *p;
@@ -262,8 +262,8 @@ BOOL initialise_wins(void)
     }
       
     /* Decode the netbios flags (hex) and the time-to-live (in seconds). */
-    sscanf(nb_flags_str,"%hx",&nb_flags);
-    sscanf(ttl_str,"%ld",&ttl);
+    sscanf(nb_flags_str,"%x",&nb_flags);
+    sscanf(ttl_str,"%d",&ttl);
 
     /* add all entries that have 60 seconds or more to live */
     if ((ttl - 60) > time_now || ttl == PERMANENT_TTL)
@@ -273,7 +273,7 @@ BOOL initialise_wins(void)
       if(ttl != PERMANENT_TTL)
         ttl -= time_now;
     
-      DEBUG(4, ("initialise_wins: add name: %s#%02x ttl = %ld first IP %s flags = %2hx\n",
+      DEBUG(4, ("initialise_wins: add name: %s#%02x ttl = %d first IP %s flags = %2x\n",
            name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
 
       namerec = add_name_to_subnet(wins_server_subnet, name, type, nb_flags, 
@@ -282,7 +282,7 @@ BOOL initialise_wins(void)
     }
     else
     {
-      DEBUG(4, ("initialise_wins: not adding name (ttl problem) %s#%02x ttl = %ld first IP %s flags = %2hx\n",
+      DEBUG(4, ("initialise_wins: not adding name (ttl problem) %s#%02x ttl = %ld first IP %s flags = %2x\n",
              name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
     }