From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 09:26:05 +0000 (+0000)
Subject: auth: Don't overflow cell string
X-Git-Tag: upstream/1.8.0_pre1^2~1356
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=362728d2d6d53011603dc39f691707db20866434;p=packages%2Fo%2Fopenafs.git

auth: Don't overflow cell string

If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.

Caught by coverity (#985768, #985769)

Change-Id: I2583b017e7a366f4271f356216bdd60f3a7b7911
Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index fc2563674..4df513dc6 100644
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -701,7 +701,7 @@ GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
 
 		if (aclient || aviceid) {
 		    if (aclient) {
-			strcpy(aclient->cell, cellp);
+			strlcpy(aclient->cell, cellp, sizeof(aclient->cell));
 			aclient->instance[0] = 0;
 		    }
 
@@ -969,7 +969,7 @@ ktc_ListTokens(int aprevIndex,
     tp += temp;			/* skip clear token itself */
     tp += sizeof(afs_int32);	/* skip primary flag */
     /* tp now points to the cell name */
-    strcpy(aserver->cell, tp);
+    strlcpy(aserver->cell, tp, sizeof(aserver->cell));
     aserver->instance[0] = 0;
     strcpy(aserver->name, "afs");
 #endif /* NO_AFS_CLIENT */