venus: Make clang happy with strlcpy use

clang now expects that strlcpy will always be used to prevent overflow
of the destination string, and gives a warning if the size parameter is
based solely on the length of the source string.

Modify the BreakUpPath function so that it takes the size of the
destination string as an argument, and uses this to limit the amount of
data pasted into it.

Reviewed-on: http://gerrit.openafs.org/7086
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 4e68282e26b0c4569d25d076d54274f0da47a691)

Change-Id: I31003fa06fc331a6313ca17840dcb46f61299921
Reviewed-on: http://gerrit.openafs.org/11845
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/venus/afsio.c b/src/venus/afsio.c
index de4f7f944015c8ec1f81d2a9c6d7b166310a62a9..23338c4ac5ae14d72dffbee2e3c9e63f11d81326 100644 (file)
--- a/src/venus/afsio.c
+++ b/src/venus/afsio.c
@@ -115,7 +115,7 @@ static int CmdProlog(struct cmd_syndesc *, char **, char **,
 static int ScanFid(char *, struct AFSFid *);
 static afs_int32 GetVenusFidByFid(char *, char *, int, struct afscp_venusfid **);
 static afs_int32 GetVenusFidByPath(char *, char *, struct afscp_venusfid **);
-static int BreakUpPath(char *, char *, char *);
+static int BreakUpPath(char *, char *, char *, size_t);
 
 static char pnp[AFSPATHMAX];   /* filename of this program when called */
 static int verbose = 0;                /* Set if -verbose option given */
@@ -292,7 +292,7 @@ main(int argc, char **argv)
     char baseName[AFSNAMEMAX];
 
     /* try to get only the base name of this executable for use in logs */
-    if (BreakUpPath(argv[0], NULL, baseName) > 0)
+    if (BreakUpPath(argv[0], NULL, baseName, AFSNAMEMAX) > 0)
        strlcpy(pnp, baseName, AFSNAMEMAX);
     else
        strlcpy(pnp, argv[0], AFSPATHMAX);
@@ -549,7 +549,7 @@ GetVenusFidByFid(char *fidString, char *cellName, int onlyRW,
  *       2 if both dirName and baseName were filled in
  */
 static int
-BreakUpPath(char *fullPath, char *dirName, char *baseName)
+BreakUpPath(char *fullPath, char *dirName, char *baseName, size_t baseNameSize)
 {
     char *lastSlash;
     size_t dirNameLen = 0;
@@ -576,18 +576,18 @@ BreakUpPath(char *fullPath, char *dirName, char *baseName)
        /* then lastSlash points to the last path separator in fullPath */
        if (useDirName) {
            dirNameLen = strlen(fullPath) - strlen(lastSlash);
-           strlcpy(dirName, fullPath, dirNameLen + 1);
+           strlcpy(dirName, fullPath, min(dirNameLen + 1, baseNameSize));
            code++;
        }
        if (useBaseName) {
            lastSlash++;
-           strlcpy(baseName, lastSlash, strlen(lastSlash) + 1);
+           strlcpy(baseName, lastSlash, min(strlen(lastSlash) + 1, baseNameSize));
            code++;
        }
     } else {
        /* there are no path separators in fullPath -- it's just a baseName */
        if (useBaseName) {
-           strlcpy(baseName, fullPath, strlen(fullPath) + 1);
+           strlcpy(baseName, fullPath, min(strlen(fullPath) + 1, baseNameSize));
            code++;
        }
     }
@@ -907,7 +907,7 @@ writeFile(struct cmd_syndesc *as, void *unused)
            }
        }
        if (!append && !overWrite) { /* must create a new file in this case */
-           if ( BreakUpPath(fname, dirName, baseName) != 2 ) {
+           if ( BreakUpPath(fname, dirName, baseName, AFSNAMEMAX) != 2 ) {
                code = EINVAL;
                afs_com_err(pnp, code, "(must provide full AFS path)");
                afscp_FreeFid(newvfp);