From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sun, 13 Jan 2008 15:33:53 +0000 (+0000)
Subject: STABLE14-cmd-nname-20080113
X-Git-Tag: openafs-stable-1_4_7pre1~74
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=b51851f712901df5a98b52cc2522b4815517b551;p=packages%2Fo%2Fopenafs.git

STABLE14-cmd-nname-20080113

LICENSE MIT

Nname() is used to concatenate two strings and is frequently used with
the first string being the name of the executable perhaps with a full
path.  The static buffer specified is too small for a full path and
there was no protection against writing beyond the end of it.


(cherry picked from commit d5811091995b78d65e891b134aa0ad6955bbc30c)
---

diff --git a/src/cmd/cmd.c b/src/cmd/cmd.c
index a56daaef5..fab9e1366 100644
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@@ -40,13 +40,14 @@ static char initcmd_opcode[] = "initcmd";	/*Name of initcmd opcode */
 static char *
 NName(char *a1, char *a2)
 {
-    static char tbuffer[80];
+    static char tbuffer[300];
     if (strlen(a1) == 0) {
-	return "";
+        return "";
     } else {
-	strcpy(tbuffer, a1);
-	strcat(tbuffer, a2);
-	return tbuffer;
+        strncpy(tbuffer, a1, sizeof(tbuffer));
+        strncat(tbuffer, a2, sizeof(tbuffer));
+        tbuffer[sizeof(tbuffer)-1]='\0';
+        return tbuffer;
     }
 }