]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cb1c5dd)
kauth: Don't overflow stack when building username
authorSimon Wilkinson <sxw@your-file-system.com>
Sat, 2 Mar 2013 09:35:01 +0000 (09:35 +0000)
committerStephan Wiesand <stephan.wiesand@desy.de>
Tue, 3 Jun 2014 16:50:27 +0000 (12:50 -0400)
knfs constructs the userName by combining the clientName.name
and clientName.instance arrays, along with a dot separator. Make
sure that the userName array is big enough to hold these, and
use strlcpy and strlcat just to make sure.

Caught by coverity (#985829)

Reviewed-on: http://gerrit.openafs.org/9351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit cc194827a841f057654f1dbe4dcb3f6de98c1c60)

Change-Id: Iec62a0e0fb830e8bfc76896733269d0511c5a8d9
Reviewed-on: http://gerrit.openafs.org/11055
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
src/kauth/knfs.c patch | blob | history

diff --git a/src/kauth/knfs.c b/src/kauth/knfs.c
index 08b0ef9315b0f73bc7e9c0cdcecfa9de9217431e..245d8524af5608b01e69674c8d58f33fb4ad6405 100644 (file)
--- a/src/kauth/knfs.c
+++ b/src/kauth/knfs.c
@@ -106,7 +106,7 @@ GetTokens(afs_int32 ahost, afs_int32 auid)
     int maxLen;                        /* biggest ticket we can copy */
     int tktLen;                        /* server ticket length */
     time_t tokenExpireTime;
-    char UserName[16];
+    char UserName[MAXKTCNAMELEN + MAXKTCNAMELEN];
     struct ktc_token token;
     struct ktc_principal clientName;
     time_t current_time;
@@ -193,10 +193,10 @@ GetTokens(afs_int32 ahost, afs_int32 auid)
                strlcpy(clientName.cell, tp, sizeof(clientName.cell));
 
                tokenExpireTime = token.endTime;
-               strcpy(UserName, clientName.name);
+               strlcpy(UserName, clientName.name, sizeof(UserName));
                if (clientName.instance[0] != 0) {
-                   strcat(UserName, ".");
-                   strcat(UserName, clientName.instance);
+                   strlcat(UserName, ".", sizeof(UserName));
+                   strlcat(UserName, clientName.instance, sizeof(UserName));
                }
                if (UserName[0] == 0)
                    printf("Tokens");