merge from head

(This used to be commit fd3216dbcbaec7d64dd24fe2af6c4156935c47e9)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 2a9ee0a868e70606e89c41f2484489d233c75489..60e0e3837fc3d946a040b8ca3fe219495bd43389 100644 (file)
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -479,11 +479,15 @@ char *safe_strcat(char *dest, const char *src, size_t maxlength)
        
        src_len = strlen(src);
        dest_len = strlen(dest);
-       
+
        if (src_len + dest_len > maxlength) {
                DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
                         (int)(src_len + dest_len - maxlength), src));
-               src_len = maxlength - dest_len;
+               if (maxlength > dest_len) {
+                       memcpy(&dest[dest_len], src, maxlength - dest_len);
+               }
+               dest[maxlength] = 0;
+               return NULL;
        }
        
        memcpy(&dest[dest_len], src, src_len);

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index bcfd366741a6ba2f89505a317e0da7731804b120..7d3527402e88c2aef65ed3d8ad9ded37127a28b7 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -31,7 +31,8 @@ extern BOOL case_preserve;
 extern BOOL short_case_preserve;
 extern BOOL use_mangled_map;
 
-static BOOL scan_directory(const char *path, pstring name,connection_struct *conn,BOOL docache);
+static BOOL scan_directory(const char *path, char *name,size_t maxlength,
+                          connection_struct *conn,BOOL docache);
 
 /****************************************************************************
  Check if two filenames are equal.
@@ -266,7 +267,11 @@ BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_componen
                         * Try to find this part of the path in the directory.
                         */
 
-                       if (ms_has_wild(start) || !scan_directory(dirpath, start, conn, end?True:False)) {
+                       if (ms_has_wild(start) || 
+                           !scan_directory(dirpath, start, 
+                                           sizeof(pstring) - 1 - (start - name), 
+                                           conn, 
+                                           end?True:False)) {
                                if (end) {
                                        /*
                                         * An intermediate part of the name can't be found.
@@ -315,8 +320,10 @@ BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_componen
                         */
                        if (end) {
                                end = start + strlen(start);
-                               pstrcat(start,"/");
-                               pstrcat(start,rest);
+                               if (!safe_strcat(start, "/", sizeof(pstring) - 1 - (start - name)) ||
+                                   !safe_strcat(start, rest, sizeof(pstring) - 1 - (start - name))) {
+                                       return False;
+                               }
                                *end = '\0';
                        } else {
                                /*
@@ -428,7 +435,8 @@ BOOL check_name(pstring name,connection_struct *conn)
  If the name looks like a mangled name then try via the mangling functions
 ****************************************************************************/
 
-static BOOL scan_directory(const char *path, pstring name,connection_struct *conn,BOOL docache)
+static BOOL scan_directory(const char *path, char *name, size_t maxlength, 
+                          connection_struct *conn,BOOL docache)
 {
        void *cur_dir;
        char *dname;
@@ -441,7 +449,7 @@ static BOOL scan_directory(const char *path, pstring name,connection_struct *con
                path = ".";
 
        if (docache && (dname = DirCacheCheck(path,name,SNUM(conn)))) {
-               pstrcpy(name, dname);   
+               safe_strcpy(name, dname, maxlength);    
                return(True);
        }      
 
@@ -481,7 +489,7 @@ static BOOL scan_directory(const char *path, pstring name,connection_struct *con
                        /* we've found the file, change it's name and return */
                        if (docache)
                                DirCacheAdd(path,name,dname,SNUM(conn));
-                       pstrcpy(name, dname);
+                       safe_strcpy(name, dname, maxlength);
                        CloseDir(cur_dir);
                        return(True);
                }