From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 10:54:16 +0000 (+0000)
Subject: kauth: Use strl* functions in ka_log
X-Git-Tag: upstream/1.8.0_pre1^2~1347
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=b535059d48ac592760e2e5b87414d9010143c993;p=packages%2Fo%2Fopenafs.git

kauth: Use strl* functions in ka_log

Switch to using the strlcat and strlcpy functions in ka_log, to
avoid potential buffer overflows.

Caught by coverity (#985824)

Change-Id: Icb537567f8ae67ecb42332cda4413274edeaa681
Reviewed-on: http://gerrit.openafs.org/9397
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/kauth/kalog.c b/src/kauth/kalog.c
index 00330ea23..8f0cd1611 100644
--- a/src/kauth/kalog.c
+++ b/src/kauth/kalog.c
@@ -132,52 +132,52 @@ ka_log(char *principal, char *instance, char *sprincipal, char *sinstance,
     logbuf[0] = '\0';		/* Empty string */
 
     if (*principal)
-	strcpy(logbuf, principal);
+	strlcpy(logbuf, principal, sizeof(logbuf));
     if (realm) {
-	strcat(logbuf, "@");
-	strcat(logbuf, realm);
+	strlcat(logbuf, "@", sizeof(logbuf));
+	strlcat(logbuf, realm, sizeof(logbuf));
     }
     if (*instance) {
-	strcat(logbuf, ".");
-	strcat(logbuf, instance);
+	strlcat(logbuf, ".", sizeof(logbuf));
+	strlcat(logbuf, instance, sizeof(logbuf));
     }
 
     /* unlike the name/instance, the services can come down as NULL */
     if (sprincipal && *sprincipal) {
-	strcat(logbuf, ",");
-	strcat(logbuf, sprincipal);
+	strlcat(logbuf, ",", sizeof(logbuf));
+	strlcat(logbuf, sprincipal, sizeof(logbuf));
 	if (sinstance && *sinstance) {
-	    strcat(logbuf, ".");
-	    strcat(logbuf, sinstance);
+	    strlcat(logbuf, ".", sizeof(logbuf));
+	    strlcat(logbuf, sinstance, sizeof(logbuf));
 	}
     }
     switch (type) {
     case LOG_CRUSER:
-	strcat(logbuf, ":cruser");
+	strlcat(logbuf, ":cruser", sizeof(logbuf));
 	break;
     case LOG_CHPASSWD:
-	strcat(logbuf, ":chp");
+	strlcat(logbuf, ":chp", sizeof(logbuf));
 	break;
     case LOG_AUTHENTICATE:
-	strcat(logbuf, ":auth");
+	strlcat(logbuf, ":auth", sizeof(logbuf));
 	break;
     case LOG_AUTHFAILED:
-	strcat(logbuf, ":authnot");
+	strlcat(logbuf, ":authnot", sizeof(logbuf));
 	break;
     case LOG_SETFIELDS:
-	strcat(logbuf, ":setf");
+	strlcat(logbuf, ":setf", sizeof(logbuf));
 	break;
     case LOG_DELUSER:
-	strcat(logbuf, ":delu");
+	strlcat(logbuf, ":delu", sizeof(logbuf));
 	break;
     case LOG_UNLOCK:
-	strcat(logbuf, ":unlok");
+	strlcat(logbuf, ":unlok", sizeof(logbuf));
 	break;
     case LOG_GETTICKET:
-	strcat(logbuf, ":gtck");
+	strlcat(logbuf, ":gtck", sizeof(logbuf));
 	break;
     case LOG_TGTREQUEST:
-        strcat(logbuf, ":tgtreq");
+        strlcat(logbuf, ":tgtreq", sizeof(logbuf));
         break;
     default:
 	break;