From 53773034aa5c33009ddaa7d42a89c3d17cf85668 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 8 Mar 2013 13:02:26 +0000
Subject: [PATCH] bos: Don't overflow buffer with key data

When parsing key data from the command line, don't overflow the
buffer used to hold it - instead just give an error if the data
is too long.

Caught by coverity (#985775)

Reviewed-on: http://gerrit.openafs.org/9550
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 4e9c6eb9d5192888d79a07042c9cb6029def9726)

Change-Id: Ic1892ba4cd5e69c48003073a758a47a08b84a890
Reviewed-on: http://gerrit.openafs.org/10861
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/bozo/bos.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/bozo/bos.c b/src/bozo/bos.c
index 5a4368c39..7b02d15cf 100644
--- a/src/bozo/bos.c
+++ b/src/bozo/bos.c
@@ -808,9 +808,12 @@ AddKey(struct cmd_syndesc *as, void *arock)
     tconn = GetConn(as, 1);
     memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
 
-    if (as->parms[1].items)
-	strcpy(buf, as->parms[1].items->data);
-    else {
+    if (as->parms[1].items) {
+	if (strlcpy(buf, as->parms[1].items->data, sizeof(buf)) >= sizeof(buf)) {
+	    fprintf(stderr, "Key data too long for buffer\n");
+	    exit(1);
+	}
+    } else {
 	/* prompt for key */
 	code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0);
 	if (code || strlen(buf) == 0) {
-- 
2.39.5