The Samba-Bugzilla – Attachment 4293 Details for
Bug 6478
smbclient interpolates % character in remote file name; CVE-2009-1886
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 3.2
0001-Fix-bug-6478.patch (text/plain), 5.10 KB, created by
Volker Lendecke
on 2009-06-16 05:26:41 UTC
(
hide
)
Description:
Patch for 3.2
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2009-06-16 05:26:41 UTC
Size:
5.10 KB
patch
obsolete
>From 9ae0b136599d121488a09d216b30d56280d7bc7e Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 16 Jun 2009 12:23:31 +0200 >Subject: [PATCH] Fix bug 6478 > >This is the part of checkin cfee2025 that is relevant to this bug. >--- > source/client/client.c | 40 ++++++++++++++++++++-------------------- > 1 files changed, 20 insertions(+), 20 deletions(-) > >diff --git a/source/client/client.c b/source/client/client.c >index 9e11737..824dc32 100644 >--- a/source/client/client.c >+++ b/source/client/client.c >@@ -364,7 +364,7 @@ static int do_cd(const char *new_dir) > > /* Ensure cur_dir ends in a DIRSEP */ > if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) { >- new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR); >+ new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR); > if (!new_cd) { > goto out; > } >@@ -871,7 +871,7 @@ static int cmd_dir(void) > if (*buf == CLI_DIRSEP_CHAR) { > mask = talloc_strdup(ctx, buf); > } else { >- mask = talloc_asprintf_append(mask, buf); >+ mask = talloc_asprintf_append(mask, "%s", buf); > } > } else { > mask = talloc_asprintf_append(mask, "*"); >@@ -912,7 +912,7 @@ static int cmd_du(void) > return 1; > } > if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) { >- mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR); >+ mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR); > if (!mask) { > return 1; > } >@@ -923,7 +923,7 @@ static int cmd_du(void) > if (*buf == CLI_DIRSEP_CHAR) { > mask = talloc_strdup(ctx, buf); > } else { >- mask = talloc_asprintf_append(mask, buf); >+ mask = talloc_asprintf_append(mask, "%s", buf); > } > } else { > mask = talloc_strdup(ctx, "*"); >@@ -1107,7 +1107,7 @@ static int cmd_get(void) > d_printf("get <filename> [localname]\n"); > return 1; > } >- rname = talloc_asprintf_append(rname, fname); >+ rname = talloc_asprintf_append(rname, "%s", fname); > if (!rname) { > return 1; > } >@@ -1266,7 +1266,7 @@ static int cmd_more(void) > unlink(lname); > return 1; > } >- rname = talloc_asprintf_append(rname, fname); >+ rname = talloc_asprintf_append(rname, "%s", fname); > if (!rname) { > return 1; > } >@@ -1318,7 +1318,7 @@ static int cmd_mget(void) > mget_mask = talloc_strdup(ctx, buf); > } else { > mget_mask = talloc_asprintf_append(mget_mask, >- buf); >+ "%s", buf); > } > if (!mget_mask) { > return 1; >@@ -1419,7 +1419,7 @@ static int cmd_mkdir(void) > } > return 1; > } >- mask = talloc_asprintf_append(mask, buf); >+ mask = talloc_asprintf_append(mask, "%s", buf); > if (!mask) { > return 1; > } >@@ -1448,14 +1448,14 @@ static int cmd_mkdir(void) > trim_char(ddir,'.','\0'); > p = strtok_r(ddir, "/\\", &saveptr); > while (p) { >- ddir2 = talloc_asprintf_append(ddir2, p); >+ ddir2 = talloc_asprintf_append(ddir2, "%s", p); > if (!ddir2) { > return 1; > } > if (!cli_chkpath(targetcli, ddir2)) { > do_mkdir(ddir2); > } >- ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR); >+ ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR); > if (!ddir2) { > return 1; > } >@@ -1487,7 +1487,7 @@ static int cmd_altname(void) > d_printf("altname <file>\n"); > return 1; > } >- name = talloc_asprintf_append(name, buf); >+ name = talloc_asprintf_append(name, "%s", buf); > if (!name) { > return 1; > } >@@ -1571,7 +1571,7 @@ static int cmd_allinfo(void) > d_printf("allinfo <file>\n"); > return 1; > } >- name = talloc_asprintf_append(name, buf); >+ name = talloc_asprintf_append(name, "%s", buf); > if (!name) { > return 1; > } >@@ -1738,9 +1738,9 @@ static int cmd_put(void) > } > > if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) { >- rname = talloc_asprintf_append(rname, buf); >+ rname = talloc_asprintf_append(rname, "%s", buf); > } else { >- rname = talloc_asprintf_append(rname, lname); >+ rname = talloc_asprintf_append(rname, "%s", lname); > } > if (!rname) { > return 1; >@@ -2137,7 +2137,7 @@ static int cmd_del(void) > d_printf("del <filename>\n"); > return 1; > } >- mask = talloc_asprintf_append(mask, buf); >+ mask = talloc_asprintf_append(mask, "%s", buf); > if (!mask) { > return 1; > } >@@ -3529,7 +3529,7 @@ static int cmd_reget(void) > d_printf("reget <filename>\n"); > return 1; > } >- remote_name = talloc_asprintf_append(remote_name, fname); >+ remote_name = talloc_asprintf_append(remote_name, "%s", fname); > if (!remote_name) { > return 1; > } >@@ -3576,10 +3576,10 @@ static int cmd_reput(void) > > if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) { > remote_name = talloc_asprintf_append(remote_name, >- buf); >+ "%s", buf); > } else { > remote_name = talloc_asprintf_append(remote_name, >- local_name); >+ "%s", local_name); > } > if (!remote_name) { > return 1; >@@ -4112,13 +4112,13 @@ static void completion_remote_filter(const char *mnt, > TALLOC_FREE(ctx); > return; > } >- tmp = talloc_asprintf_append(tmp, f->name); >+ tmp = talloc_asprintf_append(tmp, "%s", f->name); > if (!tmp) { > TALLOC_FREE(ctx); > return; > } > if (f->mode & aDIR) { >- tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR); >+ tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR); > } > if (!tmp) { > TALLOC_FREE(ctx); >-- >1.6.2.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6478
: 4293