From 7eb63cd21ee57312ca71930d59f49177d80f4f2a Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 10:27:47 +0000
Subject: [PATCH] util: Avoid overflow in GetNameByINet

We copy the results of gethostbyaddr into a fixed length buffer
without checking whether they fit. Add a length check, and use
strlcpy to do the copy to make sure we can't overflow.

Caught by coverity (#985912, #985872)

Reviewed-on: http://gerrit.openafs.org/9393
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit fcb7974b838c2b37a8b81b88b11905c6ece398f6)

Change-Id: I2d7f781c159999e721504cd6eec408db93bb703c
Reviewed-on: http://gerrit.openafs.org/11056
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/util/hostparse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/hostparse.c b/src/util/hostparse.c
index ede75ab9f..bbd8296dc 100644
--- a/src/util/hostparse.c
+++ b/src/util/hostparse.c
@@ -114,8 +114,8 @@ hostutil_GetNameByINet(afs_uint32 addr)
 	return NULL;
 #endif
     th = gethostbyaddr((void *)&addr, sizeof(addr), AF_INET);
-    if (th) {
-	strcpy(tbuffer, th->h_name);
+    if (th && strlen(th->h_name) < sizeof(tbuffer)) {
+	strlcpy(tbuffer, th->h_name, sizeof(tbuffer));
     } else {
 	addr = ntohl(addr);
 	sprintf(tbuffer, "%d.%d.%d.%d", (int)((addr >> 24) & 0xff),
-- 
2.39.5