From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 09:35:01 +0000 (+0000)
Subject: kauth: Don't overflow stack when building username
X-Git-Tag: upstream/1.8.0_pre1^2~1338
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=cc194827a841f057654f1dbe4dcb3f6de98c1c60;p=packages%2Fo%2Fopenafs.git

kauth: Don't overflow stack when building username

knfs constructs the userName by combining the clientName.name
and clientName.instance arrays, along with a dot separator. Make
sure that the userName array is big enough to hold these, and
use strlcpy and strlcat just to make sure.

Caught by coverity (#985829)

Change-Id: I75431212c8464861a26546c9e47d13acbff08967
Reviewed-on: http://gerrit.openafs.org/9351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/kauth/knfs.c b/src/kauth/knfs.c
index 81a03d64b..628982954 100644
--- a/src/kauth/knfs.c
+++ b/src/kauth/knfs.c
@@ -99,7 +99,7 @@ GetTokens(afs_int32 ahost, afs_int32 auid)
     int maxLen;			/* biggest ticket we can copy */
     int tktLen;			/* server ticket length */
     time_t tokenExpireTime;
-    char UserName[16];
+    char UserName[MAXKTCNAMELEN + MAXKTCNAMELEN];
     struct ktc_token token;
     struct ktc_principal clientName;
     time_t current_time;
@@ -186,10 +186,10 @@ GetTokens(afs_int32 ahost, afs_int32 auid)
 		strlcpy(clientName.cell, tp, sizeof(clientName.cell));
 
 		tokenExpireTime = token.endTime;
-		strcpy(UserName, clientName.name);
+		strlcpy(UserName, clientName.name, sizeof(UserName));
 		if (clientName.instance[0] != 0) {
-		    strcat(UserName, ".");
-		    strcat(UserName, clientName.instance);
+		    strlcat(UserName, ".", sizeof(UserName));
+		    strlcat(UserName, clientName.instance, sizeof(UserName));
 		}
 		if (UserName[0] == 0)
 		    printf("Tokens");