From 5e35d30b68d071e50e71073f23b17c93715a7bc0 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Fri, 17 Jan 2020 19:28:13 +0100
Subject: [PATCH] s3/auth: use talloc_alpha_strcpy() in create_local_token()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/auth/auth_util.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 3e0fcea2410..a12a631da4f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -478,7 +478,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 	struct dom_sid tmp_sid;
 	struct auth_session_info *session_info;
 	struct unixid *ids;
-	fstring tmp;
 
 	/* Ensure we can't possible take a code path leading to a
 	 * null defref. */
@@ -494,9 +493,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 		}
 
 		/* This is a potentially untrusted username for use in %U */
-		alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
 		session_info->unix_info->sanitized_username =
-				talloc_strdup(session_info->unix_info, tmp);
+			talloc_alpha_strcpy(session_info->unix_info,
+					    smb_username,
+					    SAFE_NETBIOS_CHARS "$");
 		if (session_info->unix_info->sanitized_username == NULL) {
 			TALLOC_FREE(session_info);
 			return NT_STATUS_NO_MEMORY;
@@ -535,9 +535,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 	}
 
 	/* This is a potentially untrusted username for use in %U */
-	alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
 	session_info->unix_info->sanitized_username =
-				talloc_strdup(session_info->unix_info, tmp);
+		talloc_alpha_strcpy(session_info->unix_info,
+				    smb_username,
+				    SAFE_NETBIOS_CHARS "$");
+	if (session_info->unix_info->sanitized_username == NULL) {
+		TALLOC_FREE(session_info);
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	if (session_key) {
 		data_blob_free(&session_info->session_key);
-- 
2.47.2