smb: replace use of strcpy() with snprintf()

Closes #15196
2025-03-07 15:27:17 +08:00 · 2024-10-08 13:25:42 +02:00 · 2024-10-08 13:25:42 +02:00 · 3dfc256b94
commit 3dfc256b94
parent 45b7aa6b70
1 changed files with 16 additions and 24 deletions
--- a/lib/smb.c
+++ b/lib/smb.c
@ -44,7 +44,8 @@
 #include "escape.h"
 #include "curl_endian.h"

-/* The last #include files should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
 #include "curl_memory.h"
 #include "memdebug.h"

@ -316,20 +317,6 @@ const struct Curl_handler Curl_handler_smbs = {
 #define CLIENTNAME        "curl"
 #define SERVICENAME       "?????"

-/* Append a string to an SMB message */
-#define MSGCAT(str)                             \
-  do {                                          \
-    strcpy(p, (str));                           \
-    p += strlen(str);                           \
-  } while(0)
-
-/* Append a null-terminated string to an SMB message */
-#define MSGCATNULL(str)                         \
-  do {                                          \
-    strcpy(p, (str));                           \
-    p += strlen(str) + 1;                       \
-  } while(0)
-
 /* SMB is mostly little endian */
 #if (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \
  defined(__OS400__)
@ -667,10 +654,13 @@ static CURLcode smb_send_setup(struct Curl_easy *data)
  p += sizeof(lm);
  memcpy(p, nt, sizeof(nt));
  p += sizeof(nt);
-  MSGCATNULL(smbc->user);
-  MSGCATNULL(smbc->domain);
-  MSGCATNULL(OS);
-  MSGCATNULL(CLIENTNAME);
+  p += msnprintf(p, byte_count - sizeof(nt) - sizeof(lm),
+                 "%s%c"  /* user */
+                 "%s%c"  /* domain */
+                 "%s%c"  /* OS */
+                 "%s", /* client name */
+                 smbc->user, 0, smbc->domain, 0, OS, 0, CLIENTNAME);
+  p++; /* count the final null termination */
  DEBUGASSERT(byte_count == (size_t)(p - msg.bytes));
  msg.byte_count = smb_swap16((unsigned short)byte_count);

@ -694,11 +684,13 @@ static CURLcode smb_send_tree_connect(struct Curl_easy *data)
  msg.word_count = SMB_WC_TREE_CONNECT_ANDX;
  msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
  msg.pw_len = 0;
-  MSGCAT("\\\\");
-  MSGCAT(conn->host.name);
-  MSGCAT("\\");
-  MSGCATNULL(smbc->share);
-  MSGCATNULL(SERVICENAME); /* Match any type of service */
+
+  p += msnprintf(p, byte_count,
+                 "\\\\%s\\"  /* hostname */
+                 "%s%c"      /* share */
+                 "%s",       /* service */
+                 conn->host.name, smbc->share, 0, SERVICENAME);
+  p++; /* count the final null termination */
  DEBUGASSERT(byte_count == (size_t)(p - msg.bytes));
  msg.byte_count = smb_swap16((unsigned short)byte_count);