cmd: Avoid unsafe use of strncat

The NName function was using strncat(a, b, sizeof(a)), which doesn't
work as you would expect if 'a' already contains data, giving a potential
buffer overflow.

This was fixed on master in commit 9a007a9df43645b63a8b642029b4931928f9268b
by using strlcat from libroken, but we do not use libroken on the 1.6
branch. Instead, modify the strncat invocation to use a safer maximum
length to copy.

This is a 1.6-specific change.

Change-Id: Ifa41e603a1c98682550afadd063def4b9706d9e2
Reviewed-on: http://gerrit.openafs.org/10731
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/cmd/cmd.c b/src/cmd/cmd.c
index 179dd322de00472f17d427fdc2fb0f1bf2beb36e..8ddd9e0eef17d60dbdf20cb293189f14a8d7dd71 100644 (file)
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@@ -43,8 +43,7 @@ NName(char *a1, char *a2)
         return "";
     } else {
         strncpy(tbuffer, a1, sizeof(tbuffer));
-        strncat(tbuffer, a2, sizeof(tbuffer));
-        tbuffer[sizeof(tbuffer)-1]='\0';
+        strncat(tbuffer, a2, sizeof(tbuffer) - strlen(tbuffer) - 1);
         return tbuffer;
     }
 }