Bug 2028 - Flood of string overflow messages while downloading printer driver
Summary: Flood of string overflow messages while downloading printer driver
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Printing (show other bugs)
Version: 3.0.8
Hardware: Other Windows 2000
: P3 critical
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-11 18:23 UTC by David
Modified: 2005-08-24 10:17 UTC (History)
0 users

See Also:


Attachments
use slprintf() instead of safe_strcpy() to avoid annoying log messages (466 bytes, patch)
2004-11-12 10:05 UTC, Gerald (Jerry) Carter (dead mail address)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description David 2004-11-11 18:23:27 UTC
The problem came from get_a_printer_2(...) and *construct_nt_devicemode(...) 
functions in ../printing/nt_printing.c.  Specifically, the size of "char 
adevice" which is based on MAXDEVICENAME (size= 32) is too small.  My 
understanding of the code is that the "adevice" variable is used to temporary 
storing printername which is of "fstring" type.  Since "fstring" type is 
typically of size 256 and proven to possibably contain more then 32 characters 
based on the printer, flood of level 0 log message can easily produced from 
safe_strcpy. 

Increase MAXDEVICENAME size perhaps?


Log
----
[2004/11/11 11:26:26, 0] lib/util_str.c:safe_strcpy_fn(598)
  ERROR: string overflow by 1 (32 - 31) in safe_strcpy [\\hpxxxxx\HP Color 
LaserJet 4500 PCL 6]

[Hundreds more just like this one]
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-11-11 20:32:51 UTC
MAXDEVICENAME is fixed size from MS's API.  I'll fix this
tomorrow.  Been meaning to anyway.

And jra gets mailed about all these anyways not no need for the CC.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-11-12 10:05:33 UTC
Created attachment 768 [details]
use slprintf() instead of safe_strcpy() to avoid annoying log messages
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-11-12 10:06:08 UTC
about to check fix in for 3.0.9.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:17:16 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.