]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3a1a4c4)
bos: Don't overflow cellname buffer
authorSimon Wilkinson <sxw@your-file-system.com>
Fri, 8 Mar 2013 13:01:28 +0000 (13:01 +0000)
committerStephan Wiesand <stephan.wiesand@desy.de>
Wed, 12 Mar 2014 13:03:24 +0000 (06:03 -0700)
Don't overflow the fixed sized cellname buffer when copying the
information in from the command line - instead, just use a
dynamically allocated buffer.

Caught by coverity (#985775)

Reviewed-on: http://gerrit.openafs.org/9549
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 45993e3ad55358c3e94105e2e3aa13df43f5fdd3)

Change-Id: Idb2b165c9b08f72cb57ca879ff6d61f9d556a631
Reviewed-on: http://gerrit.openafs.org/10860
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
src/bozo/bos.c patch | blob | history

diff --git a/src/bozo/bos.c b/src/bozo/bos.c
index 45624b8be7ba95a8525df46b234e02b7f452e41e..5a4368c39cdcfc50187f5f525dc1e122a5a6e611 100644 (file)
--- a/src/bozo/bos.c
+++ b/src/bozo/bos.c
@@ -803,8 +803,6 @@ AddKey(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct ktc_encryptionKey tkey;
     afs_int32 temp;
-    char *tcell;
-    char cellBuffer[256];
     char buf[BUFSIZ], ver[BUFSIZ];
 
     tconn = GetConn(as, 1);
@@ -839,22 +837,29 @@ AddKey(struct cmd_syndesc *as, void *arock)
 */
        strcpy((char *)&tkey, buf);
     } else {                   /* kerberos key */
+       char *tcell;
        if (as->parms[ADDPARMOFFSET].items) {
-           strcpy(cellBuffer, as->parms[ADDPARMOFFSET].items->data);
+           tcell = strdup(as->parms[ADDPARMOFFSET].items->data);
+           if (tcell == NULL) {
+               fprintf(stderr, "bos: Unable to allocate memory for cellname\n");
+               exit(1);
+           }
 
            /* string to key needs upper-case cell names */
 
            /* I don't believe this is true.  The string to key function
             * actually expands the cell name, then LOWER-CASES it.  Perhaps it
             * didn't use to??? */
-           ucstring(cellBuffer, cellBuffer, strlen(cellBuffer));
-           tcell = cellBuffer;
+           ucstring(tcell, tcell, strlen(tcell));
        } else
            tcell = NULL;       /* no cell specified, use current */
 /*
        ka_StringToKey(as->parms[1].items->data, tcell, &tkey);
 */
        ka_StringToKey(buf, tcell, &tkey);
+
+       if (tcell)
+           free(tcell);
     }
     code = BOZO_AddKey(tconn, temp, ktc_to_bozoptr(&tkey));
     if (code) {