From 788a6b67a088e2565c3b47ecb6e594a7b15f2757 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Sat, 2 Mar 2013 12:04:46 +0000 Subject: [PATCH] aklog: Fix overflows in auth_to_path In the auth_to_path routine, don't use strcpy and strcat when working with the fixed length pathtocheck buffer. Instead, use strlcpy and strlcat to ensure that all string operations fit within the buffer limits. Caught by coverity (#985762) Change-Id: I66ae11e1f49c66574d457fd79e97dd647ac98a73 Reviewed-on: http://gerrit.openafs.org/9444 Reviewed-by: Derrick Brashear Tested-by: BuildBot Reviewed-by: Jeffrey Altman --- src/aklog/aklog.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c index 22df70d27..038eece70 100644 --- a/src/aklog/aklog.c +++ b/src/aklog/aklog.c @@ -1317,7 +1317,7 @@ auth_to_path(krb5_context context, const char *config, char *path) /* Initialize */ if (path[0] == DIR) - strcpy(pathtocheck, path); + strlcpy(pathtocheck, path, sizeof(pathtocheck)); else { if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL) { fprintf(stderr, "Unable to find current working directory:\n"); @@ -1326,15 +1326,15 @@ auth_to_path(krb5_context context, const char *config, char *path) exit(AKLOG_BADPATH); } else { - strcat(pathtocheck, DIRSTRING); - strcat(pathtocheck, path); + strlcat(pathtocheck, DIRSTRING, sizeof(pathtocheck)); + strlcat(pathtocheck, path, sizeof(pathtocheck)); } } next_path(pathtocheck); /* Go on to the next level down the path */ while ((nextpath = next_path(NULL))) { - strcpy(pathtocheck, nextpath); + strlcpy(pathtocheck, nextpath, sizeof(pathtocheck)); afs_dprintf("Checking directory %s\n", pathtocheck); /* * If this is an afs mountpoint, determine what cell from -- 2.39.5