aklog: Protect against overflows from cmdline

The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.

Caught by coverity (#985764, #985904)

Reviewed-on: http://gerrit.openafs.org/9446
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 2902ef93976fd4baa1a1ed07f4940c5979702856)

Change-Id: I1c8b72aa087902e45cef758844193949471170c5
Reviewed-on: http://gerrit.openafs.org/11060
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index 283b22067e80094373f1bbeadc965c45ab500137..056713a2384a820a7e81d2825027003d0f3e434e 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1556,7 +1556,7 @@ main(int argc, char *argv[])
                  (strcmp(argv[i], "-c") == 0)) && !pmode)
            if (++i < argc) {
                cmode++;
-               strcpy(cell, argv[i]);
+               strlcpy(cell, argv[i], sizeof(cell));
            }
            else
                usage();
@@ -1576,7 +1576,7 @@ main(int argc, char *argv[])
                  (strcmp(argv[i], "-p") == 0)) && !cmode)
            if (++i < argc) {
                pmode++;
-               strcpy(path, argv[i]);
+               strlcpy(path, argv[i], sizeof(path));
            }
            else
                usage();
@@ -1587,11 +1587,11 @@ main(int argc, char *argv[])
            if (strchr(argv[i], DIR) || (strcmp(argv[i], ".") == 0) ||
                (strcmp(argv[i], "..") == 0)) {
                pmode++;
-               strcpy(path, argv[i]);
+               strlcpy(path, argv[i], sizeof(path));
            }
            else {
                cmode++;
-               strcpy(cell, argv[i]);
+               strlcpy(cell, argv[i], sizeof(path));
            }
        }
        else
@@ -1601,7 +1601,7 @@ main(int argc, char *argv[])
            if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0)) {
                i+=2;
                if (i < argc)
-                   strcpy(realm, argv[i]);
+                   strlcpy(realm, argv[i], sizeof(realm));
                else
                    usage();
            }
@@ -1681,8 +1681,8 @@ main(int argc, char *argv[])
            FILE *f;
            char fcell[100], xlog_path[512];
 
-           strcpy(xlog_path, pwd->pw_dir);
-           strcat(xlog_path, "/.xlog");
+           strlcpy(xlog_path, pwd->pw_dir, sizeof(xlog_path));
+           strlcat(xlog_path, "/.xlog", sizeof(xlog_path));
 
            if ((stat(xlog_path, &sbuf) == 0) &&
                ((f = fopen(xlog_path, "r")) != NULL)) {