From: Simon Wilkinson Date: Fri, 8 Mar 2013 13:01:28 +0000 (+0000) Subject: bos: Don't overflow cellname buffer X-Git-Tag: upstream/1.8.0_pre1^2~1307 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=45993e3ad55358c3e94105e2e3aa13df43f5fdd3;p=packages%2Fo%2Fopenafs.git bos: Don't overflow cellname buffer Don't overflow the fixed sized cellname buffer when copying the information in from the command line - instead, just use a dynamically allocated buffer. Caught by coverity (#985775) Change-Id: If87b1ba9bcb990d3145a89627e212144cd78f5a0 Reviewed-on: http://gerrit.openafs.org/9549 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Derrick Brashear --- diff --git a/src/bozo/bos.c b/src/bozo/bos.c index 34c4fd335..5e951a9f6 100644 --- a/src/bozo/bos.c +++ b/src/bozo/bos.c @@ -788,8 +788,6 @@ AddKey(struct cmd_syndesc *as, void *arock) afs_int32 code; struct ktc_encryptionKey tkey; afs_int32 temp; - char *tcell; - char cellBuffer[256]; char buf[BUFSIZ], ver[BUFSIZ]; tconn = GetConn(as, 1); @@ -824,22 +822,29 @@ AddKey(struct cmd_syndesc *as, void *arock) */ strcpy((char *)&tkey, buf); } else { /* kerberos key */ + char *tcell; if (as->parms[ADDPARMOFFSET].items) { - strcpy(cellBuffer, as->parms[ADDPARMOFFSET].items->data); + tcell = strdup(as->parms[ADDPARMOFFSET].items->data); + if (tcell == NULL) { + fprintf(stderr, "bos: Unable to allocate memory for cellname\n"); + exit(1); + } /* string to key needs upper-case cell names */ /* I don't believe this is true. The string to key function * actually expands the cell name, then LOWER-CASES it. Perhaps it * didn't use to??? */ - ucstring(cellBuffer, cellBuffer, strlen(cellBuffer)); - tcell = cellBuffer; + ucstring(tcell, tcell, strlen(tcell)); } else tcell = NULL; /* no cell specified, use current */ /* ka_StringToKey(as->parms[1].items->data, tcell, &tkey); */ ka_StringToKey(buf, tcell, &tkey); + + if (tcell) + free(tcell); } code = BOZO_AddKey(tconn, temp, ktc_to_bozoptr(&tkey)); if (code) {