Potential for buffer overruns.

Christopher R. Hertel (crh@NTS.Umn.EDU)
Wed, 8 Apr 1998 14:06:55 -0500 (CDT)

From:	"Christopher R. Hertel" <crh@NTS.Umn.EDU>
Message-Id: <199804081906.OAA21786@unet.unet.umn.edu>
Subject: Potential for buffer overruns.
To:	samba-technical@samba.anu.edu.au (samba-tech)
Date:	Wed, 8 Apr 1998 14:06:55 -0500 (CDT)

Team, etc.,

I've noticed a potential problem source and I'd like to highlight it.
I've been working in mangle.c and have noted that several functions return
a string value by overwriting the contents of an input parameter. For
example, the check_mangled_stack() function is passed an filename in 8.3
format with the expectation that, should the name be found in the cache,
the long name will be returned in the same string space.

I can already hear several typed voices saying "It's alright, Chris, we
always pass pointers to pstrings.", which is probably true. I don't
really consider it safe pracitice, though. Someone, somewhere down the
road, could easily make the mistake of passing in a pointer to a too-short
string space. There is nothing inherent in these functions to protect
against such a thing.

I'm not going to change any of this right away. I'd like to be sure my
other changes work first. I just wanted to point this out and get some
opinions flowing.

Chris -)-----

-- 
Christopher R. Hertel -)-----                   University of Minnesota
crh@nts.umn.edu              Networking and Telecommunications Services