Bug 2028 - Flood of string overflow messages while downloading printer driver
Flood of string overflow messages while downloading printer driver
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Printing
3.0.8
Other Windows 2000
: P3 critical
: none
Assigned To: Gerald (Jerry) Carter
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-11 18:23 UTC by David
Modified: 2005-08-24 10:17 UTC (History)
0 users

See Also:


Attachments
use slprintf() instead of safe_strcpy() to avoid annoying log messages (466 bytes, patch)
2004-11-12 10:05 UTC, Gerald (Jerry) Carter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description David 2004-11-11 18:23:27 UTC
The problem came from get_a_printer_2(...) and *construct_nt_devicemode(...) 
functions in ../printing/nt_printing.c.  Specifically, the size of "char 
adevice" which is based on MAXDEVICENAME (size= 32) is too small.  My 
understanding of the code is that the "adevice" variable is used to temporary 
storing printername which is of "fstring" type.  Since "fstring" type is 
typically of size 256 and proven to possibably contain more then 32 characters 
based on the printer, flood of level 0 log message can easily produced from 
safe_strcpy. 

Increase MAXDEVICENAME size perhaps?


Log
----
[2004/11/11 11:26:26, 0] lib/util_str.c:safe_strcpy_fn(598)
  ERROR: string overflow by 1 (32 - 31) in safe_strcpy [\\hpxxxxx\HP Color 
LaserJet 4500 PCL 6]

[Hundreds more just like this one]
Comment 1 Gerald (Jerry) Carter 2004-11-11 20:32:51 UTC
MAXDEVICENAME is fixed size from MS's API.  I'll fix this
tomorrow.  Been meaning to anyway.

And jra gets mailed about all these anyways not no need for the CC.
Comment 2 Gerald (Jerry) Carter 2004-11-12 10:05:33 UTC
Created attachment 768 [details]
use slprintf() instead of safe_strcpy() to avoid annoying log messages
Comment 3 Gerald (Jerry) Carter 2004-11-12 10:06:08 UTC
about to check fix in for 3.0.9.
Comment 4 Gerald (Jerry) Carter 2005-08-24 10:17:16 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.