From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:55:18 +0000 (+0000)
Subject: auth: Catch long cells in backwards compat code
X-Git-Tag: upstream/1.8.0_pre1^2~1322
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=8c664a8c0f25e472bd3ba30f31fbbf707fa4e873;p=packages%2Fo%2Fopenafs.git

auth: Catch long cells in backwards compat code

ktc_SetTokenEx can fall back to calling the SetToken pioctl when
the kernel module doesn't support the newer call. When we do this,
we have to transform the token structure into the older format.

Catch tokens whose cells are too long to be represented in the
older format, and bail with KTC_INVAL, rather than overflowing the
array.

Caught by coverity (#985770)

Change-Id: Ibaa1cc92c494cc6f4e56ebe7b16109d4558db131
Reviewed-on: http://gerrit.openafs.org/9449
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
---

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index 4df513dc6..9500ec835 100644
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -356,7 +356,11 @@ ktc_SetTokenEx(struct ktc_setTokenData *token) {
 
 	memset(&server, 0, sizeof(server));
 	strcpy(server.name, "afs");
-	strcpy(server.cell, token->cell);
+	if (strlcpy(server.cell, token->cell, sizeof(server.cell))
+		>= sizeof(server.cell)) {
+	    free(rxkadToken);
+	    return KTC_INVAL;
+	}
 	code = ktc_SetToken(&server, rxkadToken, &client, flags);
 	free(rxkadToken);
 	return code;