rmtsys: Don't overflow pathname buffer

When we're constructing a homedirectory path to look for the
.AFSSERVER file in, we copy the HOME environment variable into a
static buffer, with a risk of overflowing that buffer.

Instead of using a static buffer, just allocate one with asprintf.

Caught by coverity (#985910)

Change-Id: I2daa5613609f2c09712b12a7ce7e59b1c0028ef2
Reviewed-on: http://gerrit.openafs.org/9392
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/sys/rmtsysc.c b/src/sys/rmtsysc.c
index 29c899627e2b75043d296af3de19d72c4046ee86..2b16e22274497eec1ab18a8c01fd76d2c55afe1b 100644 (file)
--- a/src/sys/rmtsysc.c
+++ b/src/sys/rmtsysc.c
@@ -68,10 +68,14 @@ GetAfsServerAddr(char *syscall)
            fgets(server_name, 128, fp);
            fclose(fp);
        } else {
-           char pathname[256];
+           char *pathname;
 
-           sprintf(pathname, "%s/%s", home_dir, ".AFSSERVER");
+           asprintf(&pathname, "%s/%s", home_dir, ".AFSSERVER");
+           if (pathname == NULL)
+               return 0;
            fp = fopen(pathname, "r");
+           free(pathname);
+
            if (fp == 0) {
                /* Our last chance is the "/.AFSSERVER" file */
                fp = fopen("/.AFSSERVER", "r");