From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sun, 13 Jan 2008 15:35:41 +0000 (+0000)
Subject: DEVEL15-cmd-nname-20080113
X-Git-Tag: openafs-devel-1_5_31~91
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=1a3b021863e32e87b3c9c53097df3809afbe8d20;p=packages%2Fo%2Fopenafs.git

DEVEL15-cmd-nname-20080113

LICENSE MIT

Nname() is used to concatenate two strings and is frequently used with
the first string being the name of the executable perhaps with a full
path.  The static buffer specified is too small for a full path and
there was no protection against writing beyond the end of it.


(cherry picked from commit d5811091995b78d65e891b134aa0ad6955bbc30c)
---

diff --git a/src/cmd/cmd.c b/src/cmd/cmd.c
index b0e504b10..2699272c5 100644
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@@ -40,13 +40,14 @@ static char initcmd_opcode[] = "initcmd";	/*Name of initcmd opcode */
 static char *
 NName(char *a1, char *a2)
 {
-    static char tbuffer[80];
+    static char tbuffer[300];
     if (strlen(a1) == 0) {
-	return "";
+        return "";
     } else {
-	strcpy(tbuffer, a1);
-	strcat(tbuffer, a2);
-	return tbuffer;
+        strncpy(tbuffer, a1, sizeof(tbuffer));
+        strncat(tbuffer, a2, sizeof(tbuffer));
+        tbuffer[sizeof(tbuffer)-1]='\0';
+        return tbuffer;
     }
 }