From 19bcc0ab08ad6b1080688ce06b2e9300610bbc33 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Sat, 2 Mar 2013 12:38:49 +0000 Subject: [PATCH] audit: Fix overflow in file backend If the filename passed to open_file was larger than MAXPATHLEN-5, then we'd overflow the oldName buffer when creating the backup filename. Fix the overflow by using a malloc'd buffer instead. Caught by coverity (#985767) Reviewed-on: http://gerrit.openafs.org/9448 Tested-by: BuildBot Reviewed-by: Derrick Brashear (cherry picked from commit b0b3def56c15161df28059e270f0360c31241217) Change-Id: I3993de8e4372c30d35e6e675042511f85ba9d014 Reviewed-on: http://gerrit.openafs.org/11062 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Stephan Wiesand --- src/audit/audit-file.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/audit/audit-file.c b/src/audit/audit-file.c index b786c8dec..f151c0509 100644 --- a/src/audit/audit-file.c +++ b/src/audit/audit-file.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -48,7 +49,7 @@ static int open_file(const char *fileName) { int tempfd, flags; - char oldName[MAXPATHLEN]; + char *oldName; #ifndef AFS_NT40_ENV struct stat statbuf; @@ -59,10 +60,14 @@ open_file(const char *fileName) } else #endif { - strcpy(oldName, fileName); - strcat(oldName, ".old"); + afs_asprintf(&oldName, "%s.old", fileName); + if (oldName == NULL) { + printf("Warning: Unable to create backup filename. Auditing ignored\n"); + return 1; + } renamefile(fileName, oldName); flags = O_WRONLY | O_TRUNC | O_CREAT; + free(oldName); } tempfd = open(fileName, flags, 0666); if (tempfd > -1) { -- 2.39.5