kauth: Fix overflow when writing ticket file

author Simon Wilkinson <sxw@your-file-system.com>

Tue, 26 Feb 2013 22:40:04 +0000 (22:40 +0000)

committer Stephan Wiesand <stephan.wiesand@desy.de>

Tue, 3 Jun 2014 16:20:26 +0000 (12:20 -0400)
author Simon Wilkinson <sxw@your-file-system.com>
Tue, 26 Feb 2013 22:40:04 +0000 (22:40 +0000)
committer Stephan Wiesand <stephan.wiesand@desy.de>
Tue, 3 Jun 2014 16:20:26 +0000 (12:20 -0400)
diff --git a/src/kauth/krb_tf.c b/src/kauth/krb_tf.c

index 9fdaaf8aef1f5eb5841ced53503749b2fd27ab77..f0a57874b66a45007dd5049648c812d58a414d4f 100644 (file)
--- a/src/kauth/krb_tf.c
+++ b/src/kauth/krb_tf.c
@@ -61,6 +61,7 @@
  #include <rx/xdr.h>
  #include <errno.h>
  #include <afs/auth.h>
+#include <afs/afsutil.h>
  #include "kauth.h"
  #include "kautils.h"
  #include "kauth_internal.h"
@@ -68,7 +69,6 @@
  afs_int32
  krb_write_ticket_file(char *realm)
  {
-    char ticket_file[AFSDIR_PATH_MAX];
      int fd;
      int count;
      afs_int32 code;
@@ -91,10 +91,15 @@ krb_write_ticket_file(char *realm)
       * back upon /tmp/tkt(uid}.
       */
      if ((tf_name = (char *)getenv("KRBTKFILE")))
-       (void)sprintf(ticket_file, "%s", tf_name);
-    else
-       (void)sprintf(ticket_file, "%s/tkt%d", gettmpdir(), getuid());
-    fd = open(ticket_file, O_WRONLY + O_CREAT + O_TRUNC, 0700);
+       fd = open(tf_name, O_WRONLY | O_CREAT | O_TRUNC, 0700);
+    else {
+       afs_asprintf(&tf_name, "%s/tkt%d", gettmpdir(), getuid());
+       if (tf_name == NULL)
+           return ENOMEM;
+       fd = open(tf_name, O_WRONLY | O_CREAT | O_TRUNC, 0700);
+       free(tf_name);
+    }
+
      if (fd <= 0)
         return errno;
author	Simon Wilkinson <sxw@your-file-system.com>
	Tue, 26 Feb 2013 22:40:04 +0000 (22:40 +0000)
committer	Stephan Wiesand <stephan.wiesand@desy.de>
	Tue, 3 Jun 2014 16:20:26 +0000 (12:20 -0400)