From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:15:22 +0000 (+0000)
Subject: aklog: Protect against overflows from cmdline
X-Git-Tag: upstream/1.8.0_pre1^2~1332
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=2902ef93976fd4baa1a1ed07f4940c5979702856;p=packages%2Fo%2Fopenafs.git

aklog: Protect against overflows from cmdline

The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.

Caught by coverity (#985764, #985904)

Change-Id: Ia8f1816b010eb2b85b537e156de2b7983e4626ba
Reviewed-on: http://gerrit.openafs.org/9446
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index a77616de6..cc777532e 100644
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1532,7 +1532,7 @@ main(int argc, char *argv[])
 		  (strcmp(argv[i], "-c") == 0)) && !pmode)
 	    if (++i < argc) {
 		cmode++;
-		strcpy(cell, argv[i]);
+		strlcpy(cell, argv[i], sizeof(cell));
 	    }
 	    else
 		usage();
@@ -1552,7 +1552,7 @@ main(int argc, char *argv[])
 		  (strcmp(argv[i], "-p") == 0)) && !cmode)
 	    if (++i < argc) {
 		pmode++;
-		strcpy(path, argv[i]);
+		strlcpy(path, argv[i], sizeof(path));
 	    }
 	    else
 		usage();
@@ -1568,11 +1568,11 @@ main(int argc, char *argv[])
 	    if (strchr(argv[i], DIR) || (strcmp(argv[i], ".") == 0) ||
 		(strcmp(argv[i], "..") == 0)) {
 		pmode++;
-		strcpy(path, argv[i]);
+		strlcpy(path, argv[i], sizeof(path));
 	    }
 	    else {
 		cmode++;
-		strcpy(cell, argv[i]);
+		strlcpy(cell, argv[i], sizeof(path));
 	    }
 	}
 	else
@@ -1582,7 +1582,7 @@ main(int argc, char *argv[])
 	    if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0)) {
 		i+=2;
 		if (i < argc)
-		    strcpy(realm, argv[i]);
+		    strlcpy(realm, argv[i], sizeof(realm));
 		else
 		    usage();
 	    }
@@ -1662,8 +1662,8 @@ main(int argc, char *argv[])
 	    FILE *f;
 	    char fcell[100], xlog_path[512];
 
-	    strcpy(xlog_path, pwd->pw_dir);
-	    strcat(xlog_path, "/.xlog");
+	    strlcpy(xlog_path, pwd->pw_dir, sizeof(xlog_path));
+	    strlcat(xlog_path, "/.xlog", sizeof(xlog_path));
 
 	    if ((stat(xlog_path, &sbuf) == 0) &&
 		((f = fopen(xlog_path, "r")) != NULL)) {