From 5ad98f49dfb52b9f20375a9163ec17dd184523b3 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Sat, 2 Mar 2013 09:35:01 +0000 Subject: [PATCH] kauth: Don't overflow stack when building username knfs constructs the userName by combining the clientName.name and clientName.instance arrays, along with a dot separator. Make sure that the userName array is big enough to hold these, and use strlcpy and strlcat just to make sure. Caught by coverity (#985829) Reviewed-on: http://gerrit.openafs.org/9351 Tested-by: BuildBot Reviewed-by: Jeffrey Altman (cherry picked from commit cc194827a841f057654f1dbe4dcb3f6de98c1c60) Change-Id: Iec62a0e0fb830e8bfc76896733269d0511c5a8d9 Reviewed-on: http://gerrit.openafs.org/11055 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Stephan Wiesand --- src/kauth/knfs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/kauth/knfs.c b/src/kauth/knfs.c index 08b0ef931..245d8524a 100644 --- a/src/kauth/knfs.c +++ b/src/kauth/knfs.c @@ -106,7 +106,7 @@ GetTokens(afs_int32 ahost, afs_int32 auid) int maxLen; /* biggest ticket we can copy */ int tktLen; /* server ticket length */ time_t tokenExpireTime; - char UserName[16]; + char UserName[MAXKTCNAMELEN + MAXKTCNAMELEN]; struct ktc_token token; struct ktc_principal clientName; time_t current_time; @@ -193,10 +193,10 @@ GetTokens(afs_int32 ahost, afs_int32 auid) strlcpy(clientName.cell, tp, sizeof(clientName.cell)); tokenExpireTime = token.endTime; - strcpy(UserName, clientName.name); + strlcpy(UserName, clientName.name, sizeof(UserName)); if (clientName.instance[0] != 0) { - strcat(UserName, "."); - strcat(UserName, clientName.instance); + strlcat(UserName, ".", sizeof(UserName)); + strlcat(UserName, clientName.instance, sizeof(UserName)); } if (UserName[0] == 0) printf("Tokens"); -- 2.39.5