From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 09:26:05 +0000 (+0000)
Subject: auth: Don't overflow cell string
X-Git-Tag: upstream/1.6.10_pre1^2~153
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=286f9e47d97c55bd8724a65350cf162478eea87c;p=packages%2Fo%2Fopenafs.git

auth: Don't overflow cell string

If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.

Caught by coverity (#985768, #985769)

Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 362728d2d6d53011603dc39f691707db20866434)

Change-Id: I839c330a232525ddccc7957ead785c7ed9beec88
Reviewed-on: http://gerrit.openafs.org/11036
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index 832ddd67a..ee89982cd 100644
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -542,7 +542,7 @@ ktc_GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
 		atoken->ticketLen = tktLen;
 
 		if (aclient) {
-		    strcpy(aclient->cell, cellp);
+		    strlcpy(aclient->cell, cellp, sizeof(aclient->cell));
 		    aclient->instance[0] = 0;
 
 		    if ((atoken->kvno == 999) ||	/* old style bcrypt ticket */
@@ -726,7 +726,7 @@ ktc_ListTokens(int aprevIndex,
     tp += temp;			/* skip clear token itself */
     tp += sizeof(afs_int32);	/* skip primary flag */
     /* tp now points to the cell name */
-    strcpy(aserver->cell, tp);
+    strlcpy(aserver->cell, tp, sizeof(aserver->cell));
     aserver->instance[0] = 0;
     strcpy(aserver->name, "afs");
 #endif /* NO_AFS_CLIENT */