]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2fac535)
auth: Don't overflow cell string
authorSimon Wilkinson <sxw@your-file-system.com>
Sat, 2 Mar 2013 09:26:05 +0000 (09:26 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Thu, 7 Mar 2013 15:51:40 +0000 (07:51 -0800)
If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.

Caught by coverity (#985768, #985769)

Change-Id: I2583b017e7a366f4271f356216bdd60f3a7b7911
Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
src/auth/ktc.c patch | blob | history

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index fc25636741566bc60b34d282178bf675e9be8fdc..4df513dc646da118d8080b54c81eba4e9fde870d 100644 (file)
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -701,7 +701,7 @@ GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
 
                if (aclient || aviceid) {
                    if (aclient) {
-                       strcpy(aclient->cell, cellp);
+                       strlcpy(aclient->cell, cellp, sizeof(aclient->cell));
                        aclient->instance[0] = 0;
                    }
 
@@ -969,7 +969,7 @@ ktc_ListTokens(int aprevIndex,
     tp += temp;                        /* skip clear token itself */
     tp += sizeof(afs_int32);   /* skip primary flag */
     /* tp now points to the cell name */
-    strcpy(aserver->cell, tp);
+    strlcpy(aserver->cell, tp, sizeof(aserver->cell));
     aserver->instance[0] = 0;
     strcpy(aserver->name, "afs");
 #endif /* NO_AFS_CLIENT */