afsmonitor: Fix theoretical overflow of handler string

Don't do an unbounded copy into the thresh structure's handler
string, in case the caller has passed us a string which is too
long.

Instead, switch to strlcpy for all string copies.

Caught by coverity (#985761)

Reviewed-on: http://gerrit.openafs.org/9443
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 95cd5b1d950ecb820179e4279b8570d8ad6780f5)

Change-Id: Id8d7f3b97ac3ccbf65862d61b2f9e9d39baeb162
Reviewed-on: http://gerrit.openafs.org/11057
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/afsmonitor/afsmonitor.c b/src/afsmonitor/afsmonitor.c
index 7c9d54b6e88b3499d2568019459642ab7046621a..8a20f5db75d761c21ca1af5ad70981ed2695f154 100644 (file)
--- a/src/afsmonitor/afsmonitor.c
+++ b/src/afsmonitor/afsmonitor.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <errno.h>
 #include <afs/cmd.h>
+#include <afs/afsutil.h>
 #include <signal.h>
 #undef IN
 #include <sys/types.h>
@@ -1001,10 +1002,12 @@ store_threshold(int a_type,             /* 1 = fs , 2 = cm */
            for (j = 0; j < tmp_host->numThresh; j++) {
                if ((threshP->itemName[0] == '\0')
                    || (strcasecmp(threshP->itemName, a_varName) == 0)) {
-                   strncpy(threshP->itemName, a_varName,
-                           THRESH_VAR_NAME_LEN);
-                   strncpy(threshP->threshVal, a_value, THRESH_VAR_LEN);
-                   strcpy(threshP->handler, a_handler);
+                   strlcpy(threshP->itemName, a_varName,
+                           sizeof(threshP->itemName));
+                   strlcpy(threshP->threshVal, a_value,
+                           sizeof(threshP->threshVal));
+                   strlcpy(threshP->handler, a_handler,
+                           sizeof(threshP->handler));
                    threshP->index = index;
                    done = 1;
                    break;
@@ -1056,9 +1059,9 @@ store_threshold(int a_type,               /* 1 = fs , 2 = cm */
     for (i = 0; i < tmp_host->numThresh; i++) {
        if ((threshP->itemName[0] == '\0')
            || (strcasecmp(threshP->itemName, a_varName) == 0)) {
-           strncpy(threshP->itemName, a_varName, THRESH_VAR_NAME_LEN);
-           strncpy(threshP->threshVal, a_value, THRESH_VAR_LEN);
-           strcpy(threshP->handler, a_handler);
+           strlcpy(threshP->itemName, a_varName, sizeof(threshP->itemName));
+           strlcpy(threshP->threshVal, a_value, sizeof(threshP->threshVal));
+           strlcpy(threshP->handler, a_handler, sizeof(threshP->handler));
            threshP->index = index;
            done = 1;
            break;